Back to Home

Privacy Policy

Last Updated: December 2024

1. Introduction

At Grocery Stokvel, we take your privacy seriously. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you use our platform. By using Grocery Stokvel, you consent to the practices described in this policy.

We comply with the Protection of Personal Information Act (POPIA) and other applicable data protection regulations in South Africa.

2. Information We Collect

2.1 Personal Information

We collect information that you provide directly to us, including:

  • Account Information: Name, email address, phone number, password
  • Profile Information: Profile photo, bio, location preferences
  • Payment Information: Payment card details (processed securely by Paystack)
  • Identity Verification: ID number, address (when required)
  • Communication Data: Messages sent through the platform, support inquiries

2.2 Automatically Collected Information

When you use our platform, we automatically collect:

  • Device Information: IP address, browser type, operating system, device identifiers
  • Usage Information: Pages visited, features used, time spent on platform
  • Location Data: General location (with your permission)
  • Cookies & Tracking: Data collected through cookies and similar technologies

2.3 Information from Third Parties

We may receive information from:

  • Payment processors (Paystack) for transaction verification
  • Social media platforms if you link your account
  • Identity verification services for security purposes

3. How We Use Your Information

We use your information to:

  • Provide, maintain, and improve our services
  • Process your contributions and transactions
  • Create and manage your account
  • Facilitate stokvel participation and communication
  • Send you important notifications and updates
  • Provide customer support and respond to inquiries
  • Detect and prevent fraud, abuse, and security incidents
  • Analyze usage patterns to improve user experience
  • Comply with legal obligations and enforce our Terms
  • Send marketing communications (with your consent)

4. How We Share Your Information

We may share your information with:

4.1 Stokvel Members

When you join a stokvel, certain information (name, profile photo) becomes visible to other members and the stokvel admin.

4.2 Service Providers

We share information with trusted third-party service providers who help us operate the platform:

  • Payment processors (Paystack)
  • Cloud hosting providers (Firebase, Supabase)
  • Email and communication services
  • Analytics providers
  • Security and fraud prevention services

4.3 Legal Requirements

We may disclose information if required by law or in response to legal processes, such as:

  • Court orders or subpoenas
  • Law enforcement requests
  • Protection of our rights and property
  • Prevention of fraud or illegal activities

4.4 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity.

5. Data Security

We implement industry-standard security measures to protect your information:

  • Encryption of data in transit and at rest (SSL/TLS)
  • Secure payment processing through PCI-compliant providers
  • Regular security audits and vulnerability assessments
  • Access controls and authentication requirements
  • Employee training on data protection practices

However, no system is completely secure. We cannot guarantee absolute security of your information.

6. Data Retention

We retain your personal information for as long as:

  • Your account is active
  • Needed to provide services to you
  • Required to comply with legal obligations
  • Necessary to resolve disputes and enforce our agreements

When data is no longer needed, we securely delete or anonymize it.

7. Your Privacy Rights

Under POPIA and applicable laws, you have the right to:

  • Access: Request a copy of your personal information
  • Correction: Update or correct inaccurate information
  • Deletion: Request deletion of your personal data
  • Objection: Object to processing of your information
  • Portability: Receive your data in a portable format
  • Restriction: Limit how we process your information
  • Withdraw Consent: Withdraw consent for data processing

To exercise these rights, contact us at privacy@grocerystokvel.co.za

8. Cookies & Tracking Technologies

We use cookies and similar technologies to:

  • Remember your preferences and settings
  • Authenticate your account
  • Analyze site traffic and usage patterns
  • Personalize your experience
  • Improve platform performance

You can control cookies through your browser settings, but disabling them may affect platform functionality.

9. Third-Party Links

Our platform may contain links to third-party websites. We are not responsible for the privacy practices of these external sites. We encourage you to review their privacy policies.

10. Children's Privacy

Our services are not intended for users under 18 years old. We do not knowingly collect information from children. If we discover that we have collected information from a child, we will delete it immediately.

11. International Users

Our services are primarily intended for users in South Africa. If you access our platform from outside South Africa, your information may be transferred to and processed in South Africa.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated date. We will notify you of significant changes via email or platform notification.

13. Contact Us

If you have questions about this Privacy Policy or our data practices:

  • Privacy Officer: privacy@grocerystokvel.co.za
  • General Inquiries: support@grocerystokvel.co.za
  • Phone: +27 87 236 3065
  • Address: 55 Richards Drive, Halfway House, Midrand, 1685, South Africa

14. Financial Information Protection

14.1 Payment Card Industry (PCI) Compliance

We are committed to PCI-DSS compliance standards for handling payment card information:

  • We do not store complete payment card details on our servers
  • All payment card information is processed through PCI-compliant payment gateways (Paystack)
  • Card data is encrypted during transmission using industry-standard SSL/TLS protocols
  • We maintain secure network infrastructure and regularly update security measures
  • Access to financial data is strictly restricted to authorized personnel only

14.2 Financial Transaction Records

We maintain records of financial transactions as required by law:

  • Transaction history is stored for a minimum of 5 years for audit and compliance purposes
  • Financial records include: transaction amounts, dates, payment methods, and reference numbers
  • You can access your complete transaction history through your account dashboard
  • Transaction records may be shared with financial institutions and auditors as required by law

14.3 Anti-Money Laundering (AML)

As a fintech platform, we comply with anti-money laundering regulations:

  • We verify the identity of all users through Know Your Customer (KYC) procedures
  • Suspicious transactions are monitored and reported to relevant authorities
  • We maintain transaction monitoring systems to detect unusual patterns
  • Large transactions may require additional verification and documentation
  • We cooperate with law enforcement and regulatory bodies in investigations

14.4 Bank Account Information

If you provide bank account details for EFT transfers:

  • Bank account numbers and details are encrypted and stored securely
  • We never share your bank details with third parties except as necessary to process payments
  • You can update or remove saved bank details at any time from your account settings
  • We use bank-grade security measures to protect account information

15. Digital Wallet and Payment Data

Your digital wallet on our platform is protected by multiple security layers:

  • Wallet Balance Protection: Your wallet balance and transaction history are encrypted and backed up daily
  • Two-Factor Authentication: We strongly recommend enabling 2FA for all wallet-related activities
  • Transaction Limits: Configurable daily and monthly transaction limits help prevent unauthorized access
  • Real-Time Alerts: Receive instant notifications for all wallet transactions
  • Audit Trail: Complete audit trail maintained for all wallet activities for dispute resolution

16. Credit and Financial Reporting

In the future, we may share information with credit bureaus:

  • Contribution payment history may be reported to credit reference agencies
  • Positive payment behavior could help build your credit profile
  • You have the right to dispute any inaccurate credit information
  • We will notify you before implementing any credit reporting features

17. Cross-Border Data Transfers

For payment processing and cloud services, your data may be transferred internationally:

  • Payment processing may involve data transfer to Paystack's international servers
  • Cloud hosting services may store data in multiple geographic locations for redundancy
  • All international transfers comply with POPIA cross-border data protection requirements
  • We ensure adequate safeguards are in place when transferring data internationally
  • Data is only transferred to countries with adequate data protection laws

18. Fraud Prevention and Detection

We employ advanced fraud prevention measures to protect your financial information:

  • Machine Learning: AI-powered systems detect unusual patterns and suspicious activities
  • Behavioral Analysis: We monitor user behavior to identify potential fraud
  • Device Fingerprinting: Devices used for transactions are tracked for security purposes
  • Velocity Checks: Rapid or repetitive transactions trigger security reviews
  • Geolocation Verification: Transaction locations are verified against account patterns
  • Incident Response: Suspected fraud is immediately investigated and accounts may be temporarily frozen

19. Financial Regulatory Compliance

As a fintech platform operating in South Africa, we comply with:

  • POPIA (Protection of Personal Information Act): Comprehensive data protection compliance
  • Financial Intelligence Centre Act (FICA): Anti-money laundering and counter-terrorism financing
  • National Payment System Act: Secure and efficient payment system standards
  • Consumer Protection Act: Fair treatment and transparent pricing
  • Electronic Communications and Transactions Act: Secure electronic transactions

We may be required to disclose information to regulatory bodies including the South African Reserve Bank, Financial Intelligence Centre, and other authorized financial regulators.

20. Complaints

If you believe your privacy rights have been violated, you may lodge a complaint with the Information Regulator of South Africa:

Questions about your privacy? Contact us →