Privacy Policy
Last updated: 1 January 2025 · Effective date: 1 January 2025
ConsentYes (Pty) Ltd ("we", "us", "our") is committed to protecting your privacy and complying with the Protection of Personal Information Act 4 of 2013 (POPIA) and, where applicable, the General Data Protection Regulation (GDPR). This Privacy Policy explains how we collect, use, store, and protect your personal information when you use our platform.
1. Who We Are
ConsentYes is a consent and privacy compliance management platform designed for South African businesses. Our registered address and contact details are available at the bottom of this document. We act as the Responsible Party (under POPIA) / Data Controller (under GDPR) for personal information processed through our platform.
2. Information We Collect
2.1 Account Information
When you create an account we collect your full name, email address, and password (stored as a secure hash). If you sign in with Google, we receive your name and email from Google.
2.2 Usage and Analytics
We collect information about how you use ConsentYes including pages viewed, features used, browser type, operating system, and IP address to improve our service and ensure security.
2.3 Visitor Consent Data
When your website visitors interact with a ConsentYes banner, we record an anonymous visitor ID, the consent decision (accepted/declined/partial), the categories chosen, the page URL, and a timestamp. We do not collect names or emails from your website visitors through the consent banner.
2.4 DSAR Data
When someone submits a Data Subject Access Request through your ConsentYes-powered form, we store their name, email, request type, and any message they provide so you can respond appropriately.
3. How We Use Your Information
- To provide and improve the ConsentYes platform
- To authenticate your account and keep it secure
- To send you transactional emails (account confirmation, password reset)
- To generate compliance reports and audit trails on your behalf
- To comply with our own legal obligations
- To communicate service updates and, with your consent, marketing messages
4. Legal Basis for Processing
We process your personal information on the following grounds: (a) performance of our contract with you when providing the platform; (b) our legitimate interests in operating a secure and effective service; (c) your consent where required; and (d) compliance with legal obligations.
5. Data Storage and Security
Your data is stored on servers provided by Supabase (PostgreSQL), hosted on AWS infrastructure. All data is encrypted in transit (TLS 1.2+) and at rest (AES-256). We implement access controls, audit logs, and regular security reviews. Despite these measures, no system is 100% secure and we cannot guarantee absolute security.
6. Data Sharing
We do not sell your personal information. We may share it with:
- Supabase — database and authentication infrastructure
- Vercel / Render — hosting and deployment
- Google — OAuth sign-in (if you choose to use it)
- Law enforcement — if required by law or court order
7. Your Rights Under POPIA
As a data subject you have the right to:
- Request access to your personal information
- Request correction of inaccurate information
- Request deletion of your personal information (right to be forgotten)
- Object to or restrict the processing of your information
- Lodge a complaint with the Information Regulator of South Africa
To exercise any of these rights, email us at privacy@consentyes.co.za. We will respond within 30 days.
8. Cookies
We use strictly necessary cookies to maintain your login session and a small analytics cookie (with your consent) to understand how our platform is used. You can manage cookies through your browser settings at any time.
9. Retention
We retain your account data for as long as your account is active. Consent logs are retained for 3 years for compliance audit purposes. DSAR records are retained for 5 years. You may request early deletion by contacting us.
10. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you by email and by posting the updated policy on this page with a new effective date. Continued use of the platform after changes constitutes acceptance.
11. Contact
For privacy enquiries, contact our Information Officer at:
- Email: privacy@consentyes.co.za
- Postal: ConsentYes (Pty) Ltd, Cape Town, South Africa
Information Regulator (South Africa): www.justice.gov.za/inforeg