Privacy Policy
Last updated: [REVIEW - date]. This policy explains how [REVIEW - legal entity name] (“we”) collects, uses, and protects your personal information in line with the Protection of Personal Information Act, 2013 (POPIA).
Information we collect
- Account details: your name and email address.
- Billing details: company name, VAT number, phone, and billing address you provide at checkout.
- Service data: the domains and hosting subscriptions on your account, invoices, and payment records (we never store card numbers - those are handled by our payment gateway).
- Technical data: IP address and user agent recorded when you accept our terms, for audit purposes.
Why we collect it
To provide and bill for hosting, to communicate about your account and services, to meet our legal and tax obligations, and to keep the service secure. We rely on the performance of our contract with you and our legitimate interests as the lawful bases for processing.
Who we share it with
We share data only with the providers needed to run the service: our hosting/server infrastructure, our payment gateway, and our email delivery provider. We do not sell your personal information. [REVIEW - list specific sub-processors.]
How long we keep it
We keep account and service data for as long as your account is active. Invoices and related financial records are retained for at least five years to comply with SARS tax requirements, even after you close your account. Other personal information is anonymized when you delete your account.
Your POPIA rights
You have the right to:
- Access the personal information we hold about you.
- Ask us to correct information that is inaccurate.
- Request deletion of your personal information (subject to the tax retention above).
- Object to processing in certain circumstances.
You can exercise the first and third rights yourself from Settings → Privacy & data (export or delete your account), or contact us at [REVIEW - privacy contact email].
Security
We protect your data with encryption in transit, hashed passwords, optional two-factor authentication, and access controls. No system is perfectly secure, but we take reasonable steps to safeguard your information.
Contact
Questions about this policy or your data? Contact our Information Officer at [REVIEW - contact details]. You also have the right to lodge a complaint with the Information Regulator (South Africa).
