Privacy
Policy

1. Who We Are

Webvyn is a South African digital solutions company. We design, build, and manage websites, e-commerce stores, and custom SaaS platforms for South African businesses. We are the responsible party for the processing of your personal information as defined under POPIA.

2. What Information We Collect

We collect the following categories of personal information:

• Identity Information — Full name, email address, phone number
• Company Information — Business name, industry, website requirements
• Financial Information — Invoice records and payment history (no card details stored)
• Technical Data — IP address, browser type, device information, login timestamps
• Communication Data — Support tickets, contact form submissions, email correspondence
• Project Data — Project briefs, requirements, and deliverables shared during the service engagement

3. Why We Collect Your Information

We process your personal information for the following lawful purposes under POPIA Section 11:

Contractual Necessity

To deliver our services, manage your contract, process invoices, track project progress, and administer your client portal account.

Legal Obligation

To comply with POPIA, FICA, and South African tax requirements which require us to maintain accurate records of business transactions.

Legitimate Interest

To respond to support tickets, send project updates, issue invoices, and communicate important account information.

Consent

To send marketing communications about Webvyn services. You may withdraw consent at any time by emailing [email protected].

4. Who We Share Your Information With

We do not sell your personal information. We share it only where necessary:

• Cloud Providers — Azure for hosting and infrastructure
• Email Service Providers — For sending transactional emails and notifications
• Payment Processors — For processing invoice payments (no card data stored by Webvyn)
• Regulatory Authorities — SARS and law enforcement where legally required

All third-party service providers are bound by data processing agreements that meet the POPIA standard.

5. How Long We Keep Your Information

6. Your Rights Under POPIA

As a data subject under POPIA, you have the following rights:

7. How We Protect Your Information

• Encryption — All passwords are hashed using bcrypt. Data is encrypted in transit via SSL/TLS.
• Access Controls — Only authorised staff can access client data. Admin accounts require two-factor authentication.
• Secure Hosting — All platforms are hosted on Azure with professional security monitoring and daily backups.
• Rate Limiting — Our API enforces strict rate limiting to prevent brute force attacks.
• Incident Response — If a breach occurs that affects your rights, we will notify you and the Information Regulator within 72 hours.

8. Cookies

Our website uses only strictly necessary session cookies for authentication and security. We do not use tracking cookies, advertising cookies, or third-party analytics tools. Your IP address is logged for security purposes and retained for 90 days.

9. Cross-Border Data Transfers

We use Azure which may process data outside South Africa. Both providers maintain data protection standards that meet or exceed POPIA Section 72 requirements. All transfers are governed by data processing agreements.

10. Contact & Complaints