How is the fee structured?

Fixed monthly retainer per tier. Solo R 2 950, Firm R 6 950, Group from R 14 950. No 6-minute increments — the price covers the work, not the hours.

How quickly do you close the books?

Management accounts by the 1st of every month. If prior month closes late because of your end (missing receipts, late bank-feed), we tell you on day 3, not day 30.

Can you handle SARS audits?

Yes. SARS audit defence quoted separately, hourly with a cap — we cannot fix the price up front. Everything else stays inside the monthly fee.

Do you sign off audits?

Independent reviews where statute allows — we sign off ourselves. Full external audits needing IRBA registration we refer; we run the prep and working papers.

I am switching from another firm. What happens?

We handle the change-of-accountant letter, pull your trial balance and prior-year financials, and close your first month with us within 30 days of takeover.

Are you tax advisors as well as accountants?

Yes — SAIT-registered. Provisional, annual, VAT, PAYE, plus structuring and planning. We bring in a specialist when a matter needs one.

Veva Consultants

Veva Consultants ("we", "us") is committed to protecting your personal information in accordance with the Protection of Personal Information Act, 2013 (POPIA).

1. What we collect

We collect the personal information you submit through our website forms (name, company, email, phone, the matter you describe), and operational metadata (IP address — hashed at collection — user agent, page paths) needed to run the site safely.

2. Why we process it

To respond to enquiries you send us
To deliver the services you contract us for
To comply with our regulatory obligations (POPIA, FICA, tax)
For legitimate business operations: security, audit, billing

3. Lawful basis

Consent (for the contact form), contract performance (once you instruct us), legal obligation, and legitimate interest where the law allows.

Each contact submission is stored with the version of the consent text you agreed to (v1.0 today). If we change the consent wording, the new version is captured on future submissions so we can always show which wording applied to any historical record.

4. Sharing

We never sell your information. We share it only with the sub-processors listed in our sub-processor list — Cloudflare, Sentry, Resend, Hetzner Cloud, GitLab — strictly to operate the service. We will disclose information if a court compels us to do so.

We use Plausible Analytics (EU region, cookieless, anonymised IP) when you consent to the "analytics" cookie category. You can withdraw consent at any time via the cookie banner.

5. Cross-border transfers (POPIA s. 72)

Personal information you submit through this site leaves South Africa because we operate on a European hosting footprint. The table below shows where each category of data is processed and the safeguard we rely on under POPIA s. 72.

Primary application data & database — Hetzner Cloud, Falkenstein / Nuremberg, Germany (EU). Hosted inside the EU which the SA Information Regulator and the European Commission recognise as offering adequate data protection (POPIA s. 72(1)(a)).
CDN, DNS, WAF — Cloudflare global edge network, EU egress preferred for traffic from SA visitors. Cloudflare is a processor under POPIA s. 21, bound by our processor agreement and GDPR Standard Contractual Clauses (POPIA s. 72(1)(b)).
Application error + performance events — Sentry (Functional Software, Inc., United States). Transferred under the GDPR Standard Contractual Clauses and Sentry's published DPA, with IP anonymisation and cookie / Authorization-header scrubbing before the event leaves your browser (POPIA s. 72(1)(b)).
Transactional email — Resend (United States). Transferred under the GDPR Standard Contractual Clauses and Resend's published DPA (POPIA s. 72(1)(b)).
Analytics — Plausible Analytics (EU, Germany), cookieless, IPs anonymised server-side, only after you grant the "analytics" cookie category (POPIA s. 72(1)(a)).

Where SA residency is required for a workload (for example, where a regulator or contract mandates on-shore storage), we move that workload to a SA-resident environment by arrangement.

You can object to a specific transfer or sub-processor — see your rights as a data subject (POPIA s. 11) on the data-subject rights page, or email info-officer@vevacon.co.za. The full vendor list lives on the sub-processor page.

6. Retention

Contact-form submissions: 24 months unless converted to a client matter, in which case the engagement's retention schedule applies (typically 7 years). Server logs: 30 days. Audit events: 7 years (POPIA / Companies Act overlap).

7. Your rights

Access to the information we hold on you
Correction of information that is wrong or out of date
Deletion, subject to our legal retention obligations
Objection to processing on legitimate-interest grounds
Complaint to the Information Regulator (SA)

To exercise these rights, email info-officer@vevacon.co.za. We reply within 30 days as required by POPIA.

8. Security

TLS 1.2+ everywhere, encrypted off-host backups, scrypt/bcrypt password hashing, principle of least privilege, audit logging on destructive actions. Breach notification within 72 hours to the Information Regulator and to affected data subjects, as POPIA requires.

9. Changes

We revise this policy when the underlying processing changes. Material changes are announced via the contact list and stamped on this page (version + effective date in the header above).

Privacy policy