← Back to The Daily Dispatch

Privacy notice

Last updated: 8 May 2026. The Daily Dispatch is a 10-day learning programme for Standard Bank’s CE Leadership Conference 2026. This notice explains what personal information we collect, why, and how long we keep it.

1. Who we are

The Daily Dispatch is operated by Mann Made on behalf of Standard Bank Group Limited. For data-protection enquiries, write to dispatch@standardbank.co.za.

2. What we collect

  • Microsoft Entra Object ID (oid) and display name. Stored at first sign-in. Used to identify you across the programme and to look up your email address (via Microsoft Graph) when it’s time to send the daily dispatch.
  • Business unit (BU) and role. You select your BU during onboarding. Your role (user, captain, or admin) is assigned by an administrator.
  • Your daily quest replies. The free-text answers you submit each day. Stored alongside the AI evaluator’s score and feedback.
  • Activity feed. A 20-entry log of your most recent actions (quest submissions, mission claims, bonus claims).

3. What we do not store

  • Your email address. It is never written to our database. The daily-email cron resolves your address via Microsoft Graph at the moment it sends, and discards it once the batch is delivered. A database breach alone yields zero email PII.
  • Passwords. Sign-in is by Microsoft Entra ID SSO. We never receive your password.
  • Bank or client data, M&A material, NDA content. The system prompt instructs the AI to refuse such inputs and the platform UI reminds you not to paste them.

4. How we use it

  • To present your daily quest, score, and progress.
  • To send you one prompt email per programme weekday at 07:30 SAST.
  • To allow programme captains to see anonymised reply text and aggregate engagement statistics for their business unit.
  • To allow programme administrators to see an audit-style roster and adjust roles when needed.

We do not sell, share with marketing partners, or use your information for any purpose other than running the programme.

5. Sub-processors

  • Vercel (hosting, TLS termination, function logs). SOC 2 Type 2.
  • MongoDB Atlas (encrypted database for progress and replies).
  • OpenAI (LLM inference for the draft assistant and reply grader). Enterprise / Team key with zero data retention.
  • Resend (transactional email delivery).
  • Microsoft Entra ID + Microsoft Graph (your own tenant; identity provider and email lookup).

6. How long we keep it

  • Session cookies: 8 hours, then re-authentication required.
  • Quest replies, progress, activity: retained during the programme and for the duration of the post-programme review (typically 90 days). Deleted on request.
  • Server logs: 30 days at Vercel.
  • OpenAI: zero retention by default.

7. Your rights under POPIA

You have the right to access, correct, or request deletion of your personal information; to object to processing; and to lodge a complaint with the Information Regulator. To exercise any of these, write to dispatch@standardbank.co.za.

8. Cookies

The application sets one cookie: an HTTP-only, encrypted session cookie issued by Auth.js once you sign in with Microsoft. It is strictly necessary to keep you signed in and is exempt from the consent requirement under POPIA / GDPR. We set no analytics, advertising, or third-party cookies.

9. Changes to this notice

If we materially change what we collect or how we use it, we will update this page and refresh the “Last updated” date above. The change history lives in the application’s git history and is available on request.