Privacy Policy | YesChef

This Privacy Policy explains how YesChef (Pty) Ltd (“YesChef”, “we”, “us”, “our”) collects, uses, shares, and protects your personal information when you use our platform. This policy complies with the Protection of Personal Information Act 4 of 2013 (POPIA) and applies to all users of the YesChef platform, including customers, vendors, and website visitors.

1. Information We Collect

1.1 Information You Provide

Vendor registration: Business name, owner name, email address, phone number, physical address, business registration number, banking details (for Yoco integration).
Customer orders: Name (optional), email address, phone number, order details.
Contact form: Name, email address, message content.

1.2 Information Collected Automatically

Device information: Browser type, operating system, device type, screen resolution.
Usage data: Pages visited, features used, time spent on the platform, referral source.
Location data: Approximate location based on IP address (we do not use GPS tracking).
Cookies and similar technologies: See Section 7 below.

1.3 Information from Third Parties

Yoco: Payment confirmation status, transaction IDs (we do not receive or store full card numbers).

2. How We Use Your Information

We use your personal information for the following purposes, each with a lawful basis under POPIA:

Processing orders (contractual necessity): Facilitating orders between customers and vendors, sending order confirmations and status updates.
Platform operation (legitimate interest): Maintaining and improving the platform, preventing fraud, resolving technical issues.
Communication (consent / contractual necessity): Responding to enquiries, sending transactional emails (order confirmations, status updates), and vendor account notifications.
Analytics (legitimate interest): Understanding how the platform is used to improve the experience. We use PostHog for product analytics. Data is aggregated and anonymised where possible.
Legal compliance (legal obligation): Meeting tax, accounting, and regulatory requirements.

3. Who We Share Your Information With

We share personal information only with:

Vendors: Customer name, phone number, and order details are shared with the relevant vendor to fulfil orders.
Payment processors: Yoco processes all payments. Their privacy policy applies to payment data they handle.
Email service provider: Resend (for transactional emails). They process email addresses and email content on our behalf.
Hosting and infrastructure: Vercel (hosting), Supabase (database). Data is stored on servers in regions that provide adequate data protection.
Law enforcement: When required by South African law, court order, or to protect our rights and safety.

We do not sell, rent, or trade your personal information to third parties for marketing purposes.

4. Data Retention

Customer order data: Retained for 24 months after the order date for support and dispute resolution, then anonymised or deleted.
Vendor account data: Retained for the duration of the account plus 36 months after account closure for legal and financial record-keeping.
Analytics data: Aggregated and anonymised after 12 months.
Contact form submissions: Retained for 6 months after the enquiry is resolved.

5. Your Rights Under POPIA

As a data subject, you have the right to:

Access: Request confirmation of whether we hold your personal information and obtain a copy.
Correction: Request correction of inaccurate or incomplete personal information.
Deletion: Request deletion of your personal information where we no longer have a lawful reason to retain it.
Objection: Object to the processing of your personal information on reasonable grounds.
Complaint: Lodge a complaint with the Information Regulator (South Africa) if you believe your rights have been infringed.

To exercise any of these rights, contact our Information Officer at privacy@yeschefapp.co.za. We will respond within 30 days as required by POPIA.

6. Data Security

We implement appropriate technical and organisational measures to protect your personal information, including:

Encryption in transit (TLS/HTTPS) and at rest.
Access controls and role-based permissions for internal systems.
Row-level security on our database, ensuring users can only access their own data.
Regular security reviews and dependency updates.
No storage of credit card details (handled entirely by Yoco).

While we take reasonable steps to protect your information, no system is completely secure. We will notify affected users and the Information Regulator of any data breach as required by POPIA.

7. Cookies and Tracking

We use the following cookies and similar technologies:

Essential cookies: Required for the platform to function (authentication, session management). These cannot be disabled.
Analytics cookies: PostHog analytics to understand platform usage. These can be opted out of through your browser settings.

We do not use advertising cookies or tracking pixels. We do not participate in cross-site tracking or advertising networks.

8. Children

The platform is not intended for use by persons under the age of 18. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us and we will delete it.

9. Cross-Border Data Transfers

Some of our service providers (Vercel, Supabase, Resend) may process data outside South Africa. Where this occurs, we ensure that adequate safeguards are in place as required by Section 72 of POPIA, including contractual commitments to protect personal information to a standard equivalent to POPIA.

10. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via email to registered users. The “Last updated” date at the top indicates the most recent revision.

11. Contact

Information Officer:
Email: privacy@yeschefapp.co.za
YesChef (Pty) Ltd
Cape Town, South Africa

Information Regulator (South Africa):
Website: inforegulator.org.za
Email: enquiries@inforegulator.org.za