Welcome

This Privacy Policy explains how we collect, use, store, protect and share your personal information through our services. SnapPOD is a software product of Isibani Digital (Pty) Ltd. Isibani Digital (Pty) Ltd. is the primary data controller and the Responsible Party. It’s important that you read this entire policy, but here’s a summary to get you started:

• We care a lot about privacy. We are committed to enabling you to interact with our platform in a simple, safe and productive way. Respecting user privacy is a key part of that mission.
• We don’t sell your personal information. Our business is funded through subscriptions, paid product services and content, not based on selling your personal information to third parties.
• We limit what information is required. We require the information that enables us to create your account, provide and maintain our services, meet our commitments to our users and satisfy our legal requirements.
• We give you control. We give you the ability to control your privacy with tools to manage your subscriptions and if required to completely remove all your data from our servers.

Notice at Collection – Section 18 of POPIA

Responsible Party: Isibani Digital (Pty) Ltd (“SnapPOD”).
Purposes: Account creation and administration; provision and improvement of the services; billing; security and fraud prevention; customer support; legal compliance; direct marketing (with consent).
Recipients/Categories: Payment processors (e.g., Upmind/PayFast/Ozow/Stripe/PayPal), cloud hosting (e.g., Microsoft Azure/AWS/MochaHost), analytics/diagnostics providers, related companies, and professional advisors – only as necessary for the purposes above.
Voluntary vs mandatory: Certain information (e.g., email, company details, billing info) is required to create and maintain your account. Without it, we cannot provide the services.
Source (where not collected directly): Advertising/referral platforms and publicly available sources (where applicable).
Cross-border transfers: We may transfer personal information to countries outside South Africa under section 72 of POPIA, relying on appropriate safeguards (e.g., contractual measures or adequacy where applicable). See “Cross Border Data Transfer” for details.
Your rights: Access; correction; deletion; objection to processing (including direct marketing); restriction; portability (where applicable under GDPR); and withdrawal of consent (where consent is relied upon).
How to exercise: Use your account tools or contact dpo@isibanidigital.co.za.
Information Regulator (South Africa): Lodge POPIA complaints at POPIAComplaints@inforegulator.org.za or contact enquiries@inforegulator.org.za, Tel 010 023 5200. Website: inforegulator.org.za.

Information We Collect

We collect certain information when you use SnapPOD. This includes information you provide to us, information we collect automatically, and information we receive from other sources.

• Account information. When you create a SnapPOD account, you specify an email address and come up with a password, and provide a way of contacting you (such as an email address and/or phone number). You’ll also need to provide your Company details. In some cases, we may require additional information to verify your subscription. You may be required to verify your account or provide additional information (like a verified phone number or email address) to your account. You may also have the option to add your name or choose a display name.
• Content you create. This includes any content that you upload to the service. For example, you may upload document photo files through the SnapPOD App service. This also includes your profile information and the information you provide when you create your account and manage your organisation. We generally do not store the contents of uploaded document photos from our SnapPOD App. If we were to change that in the future (for example, to facilitate content moderation), we would disclose that to you in advance.
• Payment information. If you buy any paid services through SnapPOD, you may need to submit a valid payment method and associated billing information, including your full name and billing address. Our payment processors, like Upmind, PayFast, Ozow, Stripe and PayPal, receive and process your payment information. Depending on the processor, we may also receive and store certain billing information, including the last four digits of the credit card number associated with the transaction. If you pay for services via electronic transfer, you may be required to provide additional information to SnapPOD or to our payment processors, such as bank account information to facilitate payments, tax identification information and copies of government-issued identification required to identify users in accordance with regulatory obligations. If we decide to process our own payments in the future, we will receive and process this information ourselves.
• Information from actions you take. We collect information about your use of SnapPOD and your activities on the services. This includes information such as the features and services you engage with. We may also collect limited information from your device while SnapPOD is running (such as application performance metrics).
• Other information you provide directly to us. You may have the option to submit additional information as you use SnapPOD. For example, you may participate in surveys where you can provide feedback on the services or submit information to our SnapPOD Support teams.

Information We Collect Automatically

We also collect information automatically from you when you use SnapPOD Platform. This includes:

• Information about your device. We collect information about the device you are using to access the services. For example, this includes information like your IP address, operating system information, browser information and information about your device settings, such as your camera when you use the SnapPOD App camera features.
• Information about your use of the app or website. For example, we collect log and event information related to how and when you use our services (such as the pages you visit, the features you engage with, and the surfaces or embedded content you interact with).
• Other information that we collect automatically. When you take certain actions on other sites, we may receive information about you. For example, when we advertise for SnapPOD on third-party platforms, if you click on the ad, we may receive information about which ad you saw and on which platform. Similarly, we may also receive certain information when you click on a referral link, such as which website you came from.
• Cookies. We may receive information from cookies (small text files placed on your computer or device) and similar technologies. You can find out more about SnapPOD cookie usage and how you can manage your cookie permissions in our Cookie Policy.
• Other information you provide directly to us. You may have the option to submit additional information as you use SnapPOD. For example, you may participate in surveys where you can provide feedback on the services or submit information to our SnapPOD Support teams.

Information We Receive From Other Sources

We may receive information about you from other sources, including from third parties, and combine that information with the other information we have about you. For example, if you interact with our social media account on another platform, we may receive certain information about your interaction on that platform. Similarly, when we advertise on other services, we may receive information about your engagement with those ads.

Children’s Information

We do not knowingly collect personal information from persons under 18. If you believe a child has provided personal information without appropriate authorisation, please contact us so we can delete it or obtain verifiable guardian consent.

The Use of Cookies

We utilise encrypted server cookies to store information that is used to identify you on our platform. This information is essential to the operation of the site and to provide a personalised experience to you. We only set non-essential cookies with your prior consent via our cookie banner. You can change preferences at any time via the “Cookie Preferences” link in the footer. You can read more about our cookie policy by following this link: Learn more about our Cookie Policy

How We Use Your Information

Under certain data protection laws like GDPR and POPIA, companies must have a ‘legal basis’ – a valid reason – to process personal information. SnapPOD relies on different legal bases to process your information for the purposes described in this Privacy Policy. We use the Information We Collect – Account information, Payment information, Information from actions you take, Information used to enable optional features, Other information you provide directly to us, Information about your device, Information about your use of our apps or websites, Other information that we collect automatically and Information we receive from other sources – for the following reasons and according to these legal bases (where applicable). For each reason, we describe how we process your information to achieve each purpose. This processing can include the use of automated technologies such as machine learning systems that help us power and improve our services. In certain jurisdictions, we rely on consent (implied or express) to collect, use and disclose personal information, subject to limited exceptions. The information we collect is used for the legal basis for the performance of contract in our services to you. If you have any concerns, reach out to us via email.

• To provide you with the services. We use your information to provide you with the services. We also use the information you provide to us to create and manage your account and to facilitate purchases. When you enable optional features (like connecting your SnapPOD account to other platforms), we use information to power the feature.
• To contact you. We use your information to contact you in connection with your account, such as to verify or secure it with two-factor authentication. We may also use your information to contact you about important product or policy changes and to send you information about products you have purchased.
• To provide customer service. We use your information to respond to your questions about our products and services, and to investigate bugs or other issues.
• To protect our services. We use your information to keep our services secure, to prevent misuse and to enforce our Terms of Service and other policies against users who violate them.
• To report on our company’s performance. We use your information to track the fundamental metrics of our business, to perform financial reporting, to respond to regulatory obligations and to debug billing issues.
• To personalise the product. We use your information to personalise our services. This can include customising your experience on SnapPOD so that you see application features or promotions from us.
• To improve our services. We use your information to help us understand how users interact with our services, what features or products users may want, to develop features that make SnapPOD safer and better to use, or to otherwise understand and improve our services.
• To contact you. We may use your information to let you know about new products or features we think you’ll like, to ask you for feedback about our services. You may opt out of receiving such marketing communications. Where local law requires, we will obtain your consent before sending such communications.
• To comply with our legal obligations. We retain and use your information in connection with potential legal claims when necessary and for compliance, regulatory and auditing purposes. For example, we retain information where we are required by law or if we are compelled to do so by a court order or regulatory body. Also, when you exercise any of your applicable legal rights to access, amend or delete your personal information, we may request additional information from you for the purpose of confirming your identity.

How We Disclose Your Information

• With our vendors. We may provide information to vendors we hire to carry out specific work for us. This includes payment processors, that process transactions on our behalf and cloud providers (like Microsoft Azure, Amazon Web Services, MochaHost), that host our data and our services. We may also provide limited information to advertising platforms to help us reach people that we think will like our products and to measure the performance of our ads shown on those platforms. We do this to help bring more users to SnapPOD and make our business successful, and provide only the information required to facilitate these services.
• To comply with the law. We may disclose information in response to a request for information if we believe disclosure is required by law, including meeting national security or law enforcement requirements. Where allowed and feasible, we may attempt to provide you with prior notice before disclosing your information in response to such a request.
• To enforce our policies and rights. We may disclose information if needed to enforce our Terms of Service, any of our other policies or to protect the rights, property and safety of ourselves and others.
• With our related companies. We may provide information to our related companies, including parents, affiliates, subsidiaries and other companies under common control and ownership.
• Sale, Acquisition or Transfer of Assets. We may disclose information if SnapPOD is evaluating and/or engaging in a merger, acquisition, reorganisation, bankruptcy, or sale, transfer or change in ownership of SnapPOD or any of its assets.

Consent for Marketing Communications

We will only send you marketing communications, such as newsletters, promotions, and updates, if you have given us your explicit and affirmative consent to do so. This is done through a clear and specific action on your part, such as clicking on subscribe or Opt-In checkbox or buttons. When you provide consent, you agree that we may use your personal information, such as your name and email address, to send you marketing communications about our products, services, and special offers. You have the right to withdraw your consent at any time, for any reason. Withdrawing your consent is as easy as giving it. You can withdraw your consent by: Clicking the "Unsubscribe" link at the bottom of any marketing email you receive from us. You can also contact us directly to update your marketing preferences.

Data Retention

We retain personal information until we determine it is no longer needed for the processing purposes for which we collected or retain it or for legal compliance. You can also request for all your data to be permanently removed when you cancel your subscription.

Cross Border Data Transfer

We will only transfer your personal information outside the country where it was collected if we have a valid legal basis to do so. The legal basis we rely on may include one or more of the following:

• Adequacy decision. The relevant data protection authorities have determined that the recipient country provides an adequate level of data protection as contemplated in section 72 of POPIA.
• Binding corporate rules (BCRs). For transfers within our corporate group, we have adopted and adhere to a set of Binding Corporate Rules that have been approved by the relevant data protection authorities.
• Standard contractual clauses (SCCs). We have entered into a contract with the recipient organisation using the Standard Contractual Clauses approved by the relevant data protection authorities. These clauses provide a legal framework and contractual obligations to ensure the protection of your personal information.
• Explicit consent. We have obtained your explicit and informed consent to the proposed transfer, after we have provided you with clear information about the potential risks of such transfers in the absence of an adequacy decision or other appropriate safeguards.
• Contractual necessity. The transfer is necessary for the performance of a contract with you or for the implementation of pre-contractual measures at your request.
• Public interest. The transfer is necessary for important reasons of public interest.

How We Protect Your Information

We take a number of steps to help protect your information. All information sent within our services is encrypted both in transit and at rest. We also enforce technical and administrative access controls to limit which of our employees and contractors have access to non-public personal information.

Data Security and Breach Notification

We are committed to protecting the security of your personal information. We have implemented appropriate physical, technical, and administrative security measures to prevent the unauthorized access, use, or disclosure of the information we collect. However, no security system is impenetrable, and despite our best efforts, we cannot guarantee the absolute security of our systems. In the unlikely event of a data breach, we will take the following steps:

• Immediate action and containment. Upon discovering a potential data breach, our internal team will immediately investigate and take all necessary steps to contain the incident and minimize any potential harm. This includes isolating affected systems and recovering lost data.
• Assessment and investigation. We will conduct a thorough investigation to determine the nature of the breach, the types of personal information affected, and the individuals whose data may have been compromised.
• Regulatory notification. If we have reasonable grounds to believe your personal information has been accessed or acquired by an unauthorised person, we will notify the Information Regulator (South Africa) and affected data subjects as soon as reasonably practicable in accordance with section 22 of POPIA, describing the nature of the compromise, affected information, recommended measures and the steps taken.
• Communication to affected individuals. If we determine that a data breach is likely to result in a high risk to your rights and freedoms, we will notify you without undue delay. This notification will be provided in clear and plain language and will include:
  • A description of the nature of the breach.
  • The name and contact details of our Data Protection Officer or a designated contact person.
  • A description of the likely consequences of the breach.
  • A description of the measures we have taken or propose to take to address the breach and to mitigate its possible adverse effects.
• Ongoing monitoring and improvement. We will maintain a record of all data breaches, regardless of whether they require notification. We will use the insights gained from any breach to review and improve our security measures to prevent future incidents.

Your Role in Data Security. We encourage you to take proactive steps to protect your own personal information, such as using strong passwords and being cautious of suspicious communications.

Data Protection Officer

SnapPOD Platform data security is controlled by Isibani Digital (Pty) Ltd. Our Data Protection Officer (DPO) (for GDPR) and Information Officer (for POPIA) can be contacted at dpo@isibanidigital.co.za.

Information about local privacy laws

Certain local laws, such as the European Union’s General Data Protection Regulation (GDPR), Brazil’s Lei Geral de Proteção de Dados (LGPD), and South Africa's Protection of Personal Information Act (POPIA), require services to provide information about the information they collect, how they use it, and the lawful basis for processing it. We’ve described most of that already in the earlier portions of this Policy.

Exercising Your Rights

All our users have control over their information and can edit or delete information directly from their account and limit what data we process. If you are located in certain regions, including the European Union, you may have additional rights such as those listed below that you can exercise through the SnapPOD Website directly or by contacting us

• Right of access to your personal data
• Right to rectify your personal data if it is incorrect
• Right to erase your personal data
• Right to limit the processing of your personal data
• Right to object to process your data for purposes of direct marketing
• Right to complain to the Information Regulator or EU Supervisory Authority
• Right to the portability of your personal data (GDPR)
• Right to object to the processing of your personal data
• Right to withdraw consent. Withdrawing consent does not affect the lawfulness of processing based on consent before withdrawal

If you have any questions about these rights or wish to exercise control over your information, please reach out to our data protection controller dpo@isibanidigital.co.za

Changes to this Privacy Policy

We will update this Privacy Policy from time to time. We always indicate the date the last changes were published and, if changes are significant, we’ll provide a more prominent notice as required by law, such as by emailing you or highlighting the changes within the services.

Contact us

Email us at privacy@isibanidigital.co.za with any questions about this Privacy Policy or how we process your information. We’ll be happy to help. To contact our Data Protection Officer, please email dpo@isibanidigital.co.za. You can also reach us by post if you want. You can contact us at:

Isibani Digital (Pty) Ltd.
ATTN: Legal Policy
Kingfisher Office Park 2
28 Siphosethu Road, Mount Edgecombe 4300
KZN, South Africa

You may also contact the Information Regulator (South Africa) regarding POPIA complaints: POPIAComplaints@inforegulator.org.za, or enquiries@inforegulator.org.za, Tel 010 023 5200, inforegulator.org.za, JD House, 27 Stiemens Street, Braamfontein, Johannesburg, 2001.