Privacy Policy

Account information: When you register, we collect your name, username, email address, location, and password (stored as a hashed value).

Profile information: You may optionally provide a profile picture, biography, and phone number.

Transaction data: When you buy or sell, we collect order details, item descriptions, prices, payment references, and shipping information.

Payment data: We do not store your card details. Payments are processed by Paystack under their own PCI DSS-compliant infrastructure.

Communications: We store messages sent through the Platform’s messaging system and emails you send to our support team.

Usage data: We collect IP addresses, browser type, device identifiers, pages visited, and time spent on the Platform for analytics and security purposes.

We process your personal information for the following lawful purposes under POPIA:

— Contract performance: To create and manage your account, process orders, and facilitate transactions between buyers and sellers.

— Legal obligation: To comply with applicable South African law, including the Electronic Communications and Transactions Act and relevant financial regulations.

— Legitimate interest: To detect and prevent fraud, maintain platform security, improve our services, and communicate service updates.

— Consent: To send you marketing communications and newsletters (only where you have opted in).

We do not sell your personal information to third parties.

We may share information with:

— Paystack — for payment processing. Paystack’s privacy policy governs their handling of your data.

— Supabase — our database and authentication infrastructure provider. Data is stored on servers within the European Union or South Africa.

— Resend — for transactional email delivery.

— Other users: Your username, profile information, and listings are visible to other users of the Platform. Your full name, email address, and phone number are not shared publicly.

— Law enforcement: Where required by law or court order, we may disclose information to relevant authorities.

We retain your personal information for as long as your account remains active or as necessary to provide services to you.

Upon account deletion, we will delete your personal information within 30 days, except where we are required to retain it for legal compliance (e.g. financial records, which we retain for 5 years as required by the Companies Act).

Transaction records (orders, payments) are retained for 5 years from the date of the transaction.

As a data subject under POPIA, you have the following rights:

— Right of access: You may request a copy of the personal information we hold about you.

— Right to correction: You may request that we correct any inaccurate or incomplete information.

— Right to erasure: You may request deletion of your personal information, subject to legal retention obligations.

— Right to object: You may object to the processing of your information for direct marketing purposes at any time.

— Right to complain: If you believe we have handled your personal information unlawfully, you may lodge a complaint with the Information Regulator of South Africa at inforegulator.org.za.

To exercise any of these rights, contact us at info@swagmzansi.co.za.

We implement industry-standard technical and organisational measures to protect your personal information against unauthorised access, loss, or destruction. These include:

— Encrypted data transmission (TLS/HTTPS) on all platform communications;

— Row-level security on our database, ensuring users can only access their own data;

— Hashed and salted password storage;

— Regular security audits of our infrastructure.

Despite these measures, no system is completely secure. In the event of a personal information breach that poses a risk of harm to you, we will notify you and the Information Regulator as required under POPIA.

We use session cookies and local storage to maintain your login state and personalise your experience. These are strictly necessary for the Platform to function and cannot be disabled.

We may use analytics tools to understand how users interact with the Platform. These tools may set their own cookies. You can control cookies through your browser settings.

SwagMzansi is not intended for users under the age of 18. We do not knowingly collect personal information from minors. If we become aware that we have inadvertently collected information from a child, we will delete it promptly.

We may update this Privacy Policy from time to time. When we do, we will post the updated version on this page with a revised “Last updated” date and, where changes are material, notify you by email.