Privacy policy
How we handle your data.
Last updated: 8 May 2026 · Effective immediately
Who we are
SpazaSmart is operated as a sole trader in South Africa. We are the responsible party for personal information processed through the SpazaSmart app and website under the Protection of Personal Information Act, 2013 (POPIA).
What we collect
- Account info: your name, email address, phone number (optional), and a password hash.
- Shop info: shop name and the low-stock threshold you set.
- Trading data: products, sales (line items, payment method, totals), purchases (suppliers, line items, costs).
- Technical: session cookies, basic device/browser type, error reports (Sentry), and analytics events used to improve the product (PostHog).
We do not collect customer personal information through SpazaSmart and we do not store payment card data.
Why we collect it
- To provide the service: tracking your sales, restocking, and margins.
- To secure your account and recover access if you forget your password.
- To diagnose crashes and improve the product.
- To comply with legal obligations (e.g. tax record-keeping).
How we keep it
Data is stored in PostgreSQL and Redis on infrastructure hosted in South Africa or the EU. Connections are encrypted in transit (HTTPS/TLS). Access is limited to authorised SpazaSmart engineers on a need-to-know basis. We do not sell or rent your data, and we do not share it with third parties except sub-processors required to run the service (hosting, error reporting, analytics).
How long we keep it
We retain your account, shop, sales and purchases data for as long as your account is active and for an additional 5 years after you close it, in line with South African tax record-keeping requirements. You can request earlier deletion subject to those requirements.
Your rights
Under POPIA you have the right to:
- Access the personal information we hold about you.
- Correct inaccurate information.
- Delete information we no longer need to keep.
- Object to processing in certain cases.
- Lodge a complaint with the Information Regulator (South Africa).
You can export your shop data any time from the in-app Settings → Export your data screen. To exercise other rights, email hello@spazasmart.co.
Cookies
We use a session cookie to keep you signed in and a CSRF cookie to protect form submissions. Analytics (PostHog) uses local storage and a first-party cookie to recognise returning users. You can clear these from your browser settings at any time.
Changes
If we change this policy materially, we will notify active shop owners by email and post a notice in the app at least 14 days before the change takes effect.
Contact
Email hello@spazasmart.co for any privacy questions.