Plain-language summary: Surveyz collects your name, email address, and payment details to run your account. We collect survey responses on behalf of survey creators. We do not sell your data to anyone. You can request access, correction, or deletion of your data at any time by emailing privacy@surveyz.co.za.
Surveyz (Pty) Ltd ("Surveyz", "we", "us") operates the survey platform available at www.surveyz.co.za.
Under POPIA we act in two distinct capacities:
| Category | Data collected | Source |
|---|---|---|
| Identity | Full name (display name) | Registration form / OAuth provider |
| Contact | Email address, mobile number (optional) | Registration form / OAuth provider |
| Authentication | Hashed password (BCrypt), OAuth provider ID | Registration / OAuth flow |
| Billing | PayFast payment reference, subscription status, invoice amounts | PayFast payment gateway |
| Technical | IP address (in audit logs), date/time of actions | Automatically on login and data changes |
| API access | API key (hashed) | Generated on request |
| Category | Data collected | Mandatory? |
|---|---|---|
| Identity | Name (if provided at consent gate) | Optional |
| Contact | Email address (if provided at consent gate) | Optional |
| Survey answers | All question responses submitted | Yes (purpose of the survey) |
| Technical | IP address, browser user-agent, consent timestamp | Automatically collected |
| Consent record | Consent given flag, consent IP, consent version, timestamp | Automatically on acceptance |
When a survey creator imports contacts into a Distribution List, the following data is stored: name, email address, WhatsApp number. This data is provided by the survey creator, who is responsible for ensuring they have lawful basis (including consent where required) to share it with us.
| Data | Purpose | Legal basis (POPIA) |
|---|---|---|
| Name & email | Account creation, authentication, support communication | Contractual necessity / Consent |
| Mobile number | OTP authentication, optional notifications | Consent |
| Payment data | Billing, subscription management, invoice generation | Contractual necessity |
| IP address | Security audit logging, fraud prevention, rate limiting, consent forensics | Legitimate interest (security) |
| User-agent | Abuse detection, technical diagnostics | Legitimate interest (security) |
| Survey responses | Delivery of the survey platform service to the survey creator | Consent (given at survey consent gate) |
| OAuth provider ID | Linking social login to your account | Consent |
We will not use your personal information for any purpose other than those listed above without obtaining fresh consent.
We share your personal information with the following third parties, solely to deliver our service. Each acts as an operator under POPIA on our instruction:
| Processor | Purpose | Data shared | Location |
|---|---|---|---|
| PayFast (DPO PayTech) | Payment processing & subscription billing | Name, email, payment amount | South Africa |
| Google LLC | OAuth social sign-in (optional) | OAuth token (provider ID & email) | USA (adequacy transfers apply) |
| Microsoft Corporation | OAuth social sign-in (optional) | OAuth token (provider ID & email) | USA (adequacy transfers apply) |
| Azure Communication Services | Transactional email (welcome, password reset) | Email address, display name | South Africa (Azure ZA North) |
| ClickSend | OTP and notification SMS | Mobile number, OTP code | Australia / replicated globally |
| PostgreSQL hosting provider | Database hosting | All platform data at rest | South Africa (production) |
We do not sell, rent, or trade personal information to any third party for marketing purposes.
| Data type | Retention period | Reason |
|---|---|---|
| Account data (name, email, password hash) | Duration of account + 30 days after deletion request | Service delivery; grace period for accidental deletion |
| Survey response data | 24 months from submission date, or until the survey creator deletes it | As disclosed in survey consent notice |
| Billing records (payments, invoices) | 5 years | SARS tax retention requirement |
| Audit logs | 24 months | Security and compliance |
| Password reset tokens | 1 hour (automatic expiry) | Security |
| Distribution list contacts | Until deleted by the list owner | Operator role — survey creator is responsible party |
| Consent records | 5 years | Evidence of lawful processing |
X-Frame-Options: DENY, X-Content-Type-Options: nosniff, Content Security Policy, and HSTS.As a data subject, you have the following rights under the Protection of Personal Information Act 4 of 2013:
You have the right to be informed when your personal information is collected. We fulfil this through this Privacy Policy and through the consent gate shown before any survey.
You may request a copy of all personal information we hold about you. Email privacy@surveyz.co.za with the subject line "POPIA Access Request". We will respond within 30 days.
You may update your name, email address, and mobile number at any time from your account profile. To correct billing records or survey response data, email us.
You may request deletion of your account and all associated personal information. To do so:
Note: billing records must be retained for 5 years per tax law; these will be anonymised rather than deleted.
You may object to processing based on legitimate interest at any time. Email us at privacy@surveyz.co.za.
Where processing is based on your consent, you may withdraw it at any time by deleting your account or emailing us. Withdrawal does not affect the lawfulness of processing before withdrawal.
If you believe your rights have been violated, you may lodge a complaint with the Information Regulator of South Africa:
Surveyz uses the following storage mechanisms:
| Type | Name | Purpose | Duration |
|---|---|---|---|
| localStorage | sr_token | Stores your JWT authentication token so you remain logged in | 8 hours (token expiry) |
| localStorage | sr_user | Caches your profile data to avoid repeated API calls | Session |
| localStorage | sr_theme | Remembers your light/dark mode preference | Persistent |
We do not use third-party tracking cookies, advertising cookies, or analytics cookies. We do not use Google Analytics or similar services.
Surveyz is not directed at children under 18. We do not knowingly collect personal information from children. If a survey creator wishes to collect data from minors, they must obtain consent from a parent or guardian and are solely responsible for doing so. Surveyz's consent gate will be shown in all cases regardless of respondent age.
In the event of a data breach that is likely to prejudice your rights, we will:
To report a suspected security vulnerability, email security@surveyz.co.za.
We may update this policy from time to time. We will notify registered users by email of any material changes at least 14 days before they take effect. The "Last updated" date at the top of this page will always reflect the current version. Continued use of the platform after the effective date constitutes acceptance of the updated policy.
Organisation: Surveyz (Pty) Ltd
Information Officer: [Name to be designated — see POPIA Section 55]
Email: privacy@surveyz.co.za
Postal address: [Physical address — required for Information Regulator registration]
Registration with Information Regulator: Pending registration per POPIA Section 55(1)
For all privacy-related queries, data access requests, deletion requests, or complaints, contact us at privacy@surveyz.co.za. We will acknowledge your request within 3 business days and respond fully within 30 days, as required by POPIA.
This policy is governed by the laws of the Republic of South Africa. Any disputes will be subject to the jurisdiction of the South African courts.