Privacy Policy

1) Scope

This policy applies when you:
   •    browse our website or social pages,
   •    create an account or place an order,
   •    join our newsletter or promotions,
   •    contact support or engage with us in store or online.

2) The personal information we collect

We collect the minimum information needed for the purposes below:
   •    Identity & contact: name, email, mobile number, delivery address.
   •    Account & purchase data: order history, preferences, support chats.
   •    Payment info: processed by our payment provider(s) — we do not store full          card numbers.
   •    Device & usage data: IP address, device/browser info, cookies, analytics events.
   •    Age-gate data: confirmation you are 18+ (we do not knowingly collect data from minors).

3) How we collect data
   •    Directly from you: forms, checkout, emails, DMs, phone, events.
   •    Automatically: cookies and similar tech when you use our site (see Cookies section).
   •    From third parties: payment processors, couriers, fraud-prevention and analytics tools.

4) Why we process your information (lawful purposes under POPIA)

We process personal information only for specific, lawful and minimal purposes, including:
   •    To perform a contract / provide services: fulfil and deliver orders, handle returns, customer support.
   •    Legal and regulatory duties: tax, invoicing, record-keeping.
   •    Legitimate interests: website security, fraud prevention, product safety/recall, service improvement (balanced against your rights).
   •    Consent-based activities: direct marketing by electronic communication (email/SMS/WhatsApp) and non-essential cookies/analytics, which we only do with your consent. You can withdraw consent anytime (see #10). (POPIA s69 direct-marketing rules.) 

5) Cookies & analytics
   •    We use essential cookies for core site functions (e.g., cart, checkout, security).
   •    We use optional cookies/analytics (e.g., to understand site usage) only with your opt-in via our cookie banner. You can manage choices at any time in Cookie Settings on our site. Under POPIA, cookies can be personal information, so consent is best practice for non-essential cookies.   

6) Direct marketing (email/SMS/WhatsApp)
   •    We’ll only send you marketing if you are an existing customer (about similar products) or you’ve opted in.
   •    If we ask for consent, we’ll do so in the prescribed manner and keep records of your preferences.
   •    You can opt out anytime (click “unsubscribe”, reply STOP, or contact us). (POPIA s69 & the Regulator’s guidance.)   

7) Sharing your information

We share information with trusted providers only as needed:
   •    Payments: [Provider(s), e.g., Payfast/Yoco/Stripe] (processing, fraud checks).
   •    Delivery & logistics: our couriers for fulfilment and tracking.
   •    IT & security: hosting, analytics, email service, customer support tools.
   •    Legal/compliance: regulators, law enforcement or advisors where required.
We require these parties to protect the information and use it only for our instructions.

8) Cross-border transfers

Some providers may process data outside South Africa. Where this happens we take steps to ensure adequate protection (contractual safeguards and security measures) consistent with POPIA’s conditions.

9) Retention

We keep data only as long as necessary for the purpose collected and applicable legal duties (e.g., tax). Then we delete or de-identify it in line with our retention schedule.

10) Your privacy rights (under POPIA)

You can:
   •    Access your personal information we hold.
   •    Request correction or deletion/destruction of personal information (where permitted).
   •    Object to certain processing (including direct marketing).
   •    Withdraw consent for marketing or cookies at any time.
We’ll respond free of charge and notify you of actions taken, generally within 30 days as per the Regulator’s amended regulations and guidance. To exercise rights, contact our Information Officer (details above).    

11) Security

We use appropriate technical and organisational measures to secure information (encryption in transit, access controls, least-privilege practices, backups, vendor due-diligence). No method is 100% secure, but we actively monitor and improve safeguards.

12) Children

Our products and site are for 18+ only. We do not knowingly collect information from children. If you believe a minor has provided information, please contact us so we can delete it. (See the Regulator’s guidance on processing children’s information.)  

13) Your choices & controls
   •    Marketing: unsubscribe links in emails; reply STOP to SMS/WhatsApp; or email us.
   •    Cookies: manage preferences in Cookie Settings; you can also adjust browser settings (blocking may affect site features).

14) Complaints

If you’re unhappy with how we handle your information, please contact our Information Officer first. You can also lodge a complaint with the Information Regulator (South Africa):
Email (POPIA complaints): POPIAComplaints@inforegulator.org.za
Website: inforegulator.org.za (see “Complaints” page for Form 5).  

15) Supplier & website info (ECT Act)

We display required supplier details on our site (legal name, registration number, physical address, email/phone, prices including applicable costs, codes of conduct) as per Section 43 of the Electronic Communications and Transactions Act.   

16) Changes to this policy

We may update this policy to stay aligned with law and our practices. We’ll post updates here and adjust the “Last updated” date. If changes are material, we’ll notify you by email or on-site notice.