Privacy Policy
POPIA-compliant data handling · Last updated: April 2026
NoZar — Privacy Policy
Effective Date: 13 April 2026
NoZar is currently in Public MVP Beta. This means our data processing activities are under active development. While we maintain POPIA compliance, we may occasionally update our processing methods as we refine the platform. Information Officer: Leroy Adonis — hello@nozar.co.za
This Privacy Policy complies with the Protection of Personal Information Act 4 of 2013 ("POPIA") and the Electronic Communications and Transactions Act 25 of 2002 ("ECTA").
1. Responsible Party
NoZar (operated as a sole proprietorship) is the "responsible party" as defined in POPIA.
- •Information Officer: Leroy Adonis
- •Contact: hello@nozar.co.za
- •Postal address: Available on request via hello@nozar.co.za
2. Personal Information We Collect
| Category | Data | Purpose | POPIA Basis |
|---|---|---|---|
| Account | Email, phone number | Authentication, OTP verification | Contract (s11(1)(b)) |
| Profile | Display name, bio, avatar, suburb, city | Platform functionality | Contract |
| Location | GPS coordinates (when permitted) | Distance-based search, trade facilitation | Consent (s11(1)(a)) |
| Listings | Item/service descriptions, photos, estimated values | Core platform function | Contract |
| Trade History | Trade records, ratings, completion rate | Trust system, safety | Legitimate interest (s11(1)(f)) |
| Communications | In-app chat messages | Trade negotiation, dispute resolution | Contract |
| Identity (optional) | SA ID verification result (not the ID itself) | Verified badge, trust | Consent |
| Business (optional) | CIPC registration number | Business verification | Consent |
| Technical | Device type, IP address, app version | Security, performance | Legitimate interest |
| Payment | Subscription tier, payment history | Billing (via Polar.sh) | Contract |
3. How We Use Your Information
3.1. To operate the Platform and facilitate Barter Transactions.
3.2. To verify your identity and maintain account security.
3.3. To calculate and display trust scores and ratings.
3.4. To detect and prevent fraud, abuse, and prohibited content.
3.5. To send transactional notifications (trade updates, messages).
3.6. To improve the Platform based on aggregated, anonymized usage data.
We will NOT:
- •Sell your personal information to third parties.
- •Use your data for profiling or automated decision-making that produces legal effects (POPIA s71).
- •Send marketing communications without your opt-in consent.
4. Contact Detail Disclosure in Trades
4.1. When you enter a Trade Agreement, limited contact information is disclosed to your trading partner based on the trade method:
- •Public meetup: First name + suburb
- •Delivery: First name + delivery address (to sender only)
- •Remote service: First name only
4.2. Phone communication is facilitated through a masked relay service. Your actual phone number is NOT disclosed.
4.3. Disclosed information automatically expires 72 hours after trade completion. After expiry, it is hidden from the other party.
4.4. You may request immediate revocation of disclosed information at any time by cancelling the trade.
5. Data Sharing with Third Parties
| Third Party | Data Shared | Purpose |
|---|---|---|
| Africa's Talking | Phone number | OTP verification, phone relay |
| Polar.sh | Email, subscription tier | Payment processing |
| Neon (Neon Tech Inc.) | All database content | Database hosting |
| Smile Identity (optional) | ID verification request | Identity verification |
| Vercel / hosting provider | Technical logs | Application hosting |
5.1. All third-party processors are contractually bound to protect your data.
5.2. Cross-border transfer notice (POPIA s72): Our database is hosted by Neon Tech Inc., whose servers may be located outside South Africa. By using the Platform, you consent to the transfer of your personal information to jurisdictions that may not have equivalent data protection laws. We ensure appropriate safeguards through contractual obligations with our processors.
6. Your Rights Under POPIA
You have the right to:
- •Access your personal information (s23)
- •Correct inaccurate information (s24)
- •Delete your information (s24) — subject to legal retention requirements
- •Object to processing of your information (s11(3))
- •Withdraw consent where processing is based on consent
- •Lodge a complaint with the Information Regulator (https://inforegulator.org.za)
To exercise any right, email: hello@nozar.co.za
We will respond within 30 days as required by POPIA.
7. Data Retention
- •Active account data: Retained while your account is active.
- •Deleted account data: Anonymized within 30 days of deletion, except trade records retained for 3 years (tax and legal compliance).
- •Chat messages: Retained for 1 year after trade completion for dispute resolution, then deleted.
- •Contact disclosure records: Audit trail retained for 2 years.
8. Security Measures
- •All data transmitted via TLS 1.3 encryption.
- •Database encryption at rest (Neon managed).
- •Phone numbers masked through relay service.
- •Access controls and audit logging on all sensitive data.
- •Regular security assessments.
- •Breach notification within 72 hours as required by POPIA s22.
9. Children's Privacy
The Platform is not intended for persons under 18. We do not knowingly collect personal information from children. If we discover a minor's account, it will be terminated immediately.
10. Cookies & Local Storage
The Platform uses:
- •Session cookies for authentication (essential, no consent required)
- •IndexedDB/localStorage for offline caching (essential)
- •No third-party tracking cookies
- •No advertising pixels
11. Changes to This Policy
We will notify you of material changes via email and in-app notification at least 30 days before they take effect.
12. Information Regulator Contact
The Information Regulator (South Africa)
- •Email: inforeg@justice.gov.za
- •Website: https://inforegulator.org.za
- •Tel: 012 406 4818