Privacy Policy

1. Introduction

local-ly ("we", "us", "our") is committed to protecting your personal information and your right to privacy. This Privacy Policy explains what information we collect, how we use it, and your rights regarding your personal data under the Protection of Personal Information Act (POPIA).

Responsible Party: local-ly
Contact: [email protected] | 084 600 9377

2. Information We Collect

We collect the following types of personal information:

2.1 Account Information

• Email address - For account creation, login, and communication
• Full name - For order processing and personalization
• Cellphone number - For OTP verification and order notifications
• Password - Stored securely using industry-standard encryption

2.2 Order and Transaction Information

• Delivery/pickup addresses - For order fulfillment
• Payment information - Processed securely via Paystack (we do not store card details)
• Order history - Products purchased, amounts, dates, and producers
• OTP verification codes - Temporary codes for registration and order collection

2.3 Location Data

• Geographic coordinates - With your permission, for distance-based product filtering
• Pickup point locations - For displaying nearby pickup options

2.4 Usage Data

• Cookies and similar technologies - For authentication and user experience
• Device information - Browser type, IP address, access times (for security and analytics)
• Platform interactions - Pages viewed, products browsed, search queries

3. How We Use Your Information

We use your personal information for the following purposes (POPIA Section 9-12):

• Order Processing: To fulfill orders, process payments, and coordinate pickups
• Account Management: To create and manage your account, authenticate logins
• Communication: To send OTP codes, order confirmations, pickup reminders, and customer support responses
• Security: To prevent fraud, verify identity, and protect Platform integrity
• Platform Improvement: To analyze usage patterns and improve user experience
• Legal Compliance: To comply with South African laws and regulations

4. Third-Party Sharing

We share your information with the following third parties (POPIA Section 11-12):

4.1 Service Providers

• Paystack: Payment processing (secure payment gateway)
• Postmark: Transactional email delivery (OTPs, order notifications)

4.2 Producers

When you place an order, we share your name, contact details, and order information with the producer to fulfill your order. Producers are responsible for handling your information in accordance with POPIA.

4.3 Legal Requirements

We may disclose information if required by law, court order, or to protect our rights and safety.

We do not sell your personal information to third parties.

5. Your Rights Under POPIA

Under POPIA (Sections 23-25), you have the right to:

• Access: Request a copy of your personal information we hold
• Correction: Request correction of inaccurate or incomplete information
• Deletion: Request deletion of your information (subject to legal retention requirements)
• Objection: Object to processing of your information for specific purposes
• Restriction: Request restriction of processing in certain circumstances
• Portability: Request transfer of your information to another service

To exercise these rights, contact us at [email protected]. We will respond within 30 days.

6. Data Security

We implement appropriate technical and organizational measures to protect your information:

• Passwords are hashed using industry-standard encryption (BCrypt)
• Payment information is processed via PCI-DSS compliant providers (Paystack)
• Data transmission uses HTTPS encryption
• Access controls limit employee access to personal data
• Regular security audits and monitoring

While we take security seriously, no method of transmission or storage is 100% secure. We cannot guarantee absolute security.

7. Data Retention

We retain your information for as long as necessary:

• Active accounts: For the duration of your account plus 7 years (tax/legal requirements)
• Order records: 7 years after order completion (tax and legal compliance)
• OTP verification codes: Deleted after 24 hours or successful verification
• Marketing communications: Until you unsubscribe or withdraw consent

You can request deletion of your account at any time, subject to legal retention requirements.

8. Cookies

We use cookies for:

• Authentication: To keep you logged in during your session
• Security: To prevent cross-site request forgery (CSRF) attacks
• Preferences: To remember your settings and preferences

You can disable cookies in your browser settings, but this may affect Platform functionality.

9. Children's Privacy

The Platform is not intended for children under 18. We do not knowingly collect information from minors. If you are a parent and believe your child has provided information, please contact us for deletion.

10. Changes to Privacy Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via email or Platform notice. Continued use after changes constitutes acceptance.

11. Complaints

If you have concerns about how we handle your personal information, please contact us first. If you are not satisfied, you may lodge a complaint with the Information Regulator:

• Website: inforegulator.org.za
• Email: [email protected]
• Phone: 012 406 4818