Privacy Policy

1. Who we are

Zwifhatwa Properties provides software for property and facilities teams to manage buildings, maintenance, members, billing, and resident communication.

For privacy requests or questions, contact us at support@zwifhatwa.com.

2. Who this policy applies to

• Company administrators and staff who create accounts and manage buildings on Zwifhatwa.
• Building members, mechanics, and other roles invited into a company workspace.
• Residents or tenants who use a building’s resident desk link.
• Visitors to our public website, signup, and login pages.

3. Information we collect

Depending on how you use Zwifhatwa, we may collect the following categories of information:

• Account and profile data: name, email address, phone numbers, password (stored in hashed form only), profile photo, role, and company details such as company name, type, and portfolio size.
• Building and operations data: building names, addresses, unit information, member/tenant names, emails, phone numbers, fault reports, maintenance messages, inspection records, announcements, and related workflow history.
• Files and media you upload: fault photos, building images, company logos, lease documents, rent payment proofs, compliance documents, and other files attached to records in your workspace.
• Billing and subscription data: plan selection, subscription status, payment references, amounts, currency, and billing period dates. Card and bank payment details are collected and processed by Paystack; we do not store full payment card numbers on our servers.
• White-label branding settings: display name, reply-to email, logo, and brand colours configured by your company.
• Communications data: emails we send (such as verification, password reset, tenant login details, and billing notices) and in-app notifications.
• Device and session data: login sessions, mobile refresh tokens, push notification tokens, and standard server logs (such as IP address, browser or app user agent, and request timestamps) used for security and troubleshooting.
• Resident desk access: when a tenant signs in to a building desk, we use the email address they provide to locate their tenant record for that building.

4. How we use your information

• Provide, operate, and maintain the Zwifhatwa web app, mobile apps, and resident desk.
• Create and manage user accounts, authenticate users, and enforce role-based access.
• Process subscriptions, trials, member-slot add-ons, and payment confirmations through Paystack.
• Send service emails and push notifications about faults, assignments, billing, and building updates.
• Apply company branding on tenant emails and resident-facing touchpoints.
• Maintain audit logs and operational records for accountability and support.
• Improve reliability, prevent fraud, and protect the security of our platform.
• Comply with legal obligations and respond to lawful requests.

5. Legal basis under POPIA

We process personal information when it is necessary to perform a contract with you or your organisation, when you or your organisation has consented (for example, accepting terms at signup or enabling push notifications), when processing is required by law, or when we have a legitimate interest that is not overridden by your rights (such as securing our services and preventing abuse).

6. How information is shared

We do not sell your personal information. We share information only as described below:

• Within your organisation: users in the same company workspace can see information according to their role and building access.
• Service providers that help us run Zwifhatwa, including hosting (for example Vercel), file storage (for example Vercel Blob), email delivery, payment processing (Paystack), and mobile push delivery (Expo). These providers process data on our instructions and only as needed to deliver the service.
• Legal and safety: when required by law, court order, or to protect rights, safety, and security.
• Business transfers: if we are involved in a merger, acquisition, or asset sale, personal information may transfer as part of that transaction with appropriate safeguards.

7. International processing

Some of our service providers may process personal information outside South Africa. Where this occurs, we take reasonable steps to ensure appropriate safeguards are in place, consistent with POPIA requirements.

8. Data retention

We retain personal information for as long as your organisation uses Zwifhatwa and as needed to provide the service, resolve disputes, enforce agreements, and meet legal obligations. When data is no longer required, we delete or anonymise it within a reasonable period, subject to backup and audit requirements.

9. Security

We use administrative, technical, and organisational measures designed to protect personal information, including access controls, encrypted transport (HTTPS), hashed passwords, and audit logging. No method of transmission or storage is completely secure; please use a strong password and keep your login details confidential.

10. Your rights

Subject to POPIA, you may have the right to request access to, correction of, or deletion of your personal information, to object to certain processing, and to withdraw consent where processing is based on consent. To exercise these rights, email support@zwifhatwa.com. We may need to verify your identity before responding.

11. Children

Zwifhatwa is a business platform and is not directed at children under 18. We do not knowingly collect personal information from children.

12. Third-party links

Our service may link to third-party websites or payment pages (such as Paystack checkout). Their privacy practices are governed by their own policies, not this one.

13. Changes to this policy

We may update this Privacy Policy from time to time. We will post the updated version on this page and change the “Last updated” date. Material changes may also be communicated by email or in-app notice where appropriate.

14. Contact

Email: support@zwifhatwa.com

If you are not satisfied with our response, you may contact the Information Regulator (South Africa) at inforegulator.org.za.