Partify Logo
Partify
Back to Home
🔒 Your Privacy Matters

Privacy Policy

Last Updated: July 2025

Partify (Pty) Ltd ("Partify", "we", "us") respects your privacy and is committed to protecting your personal information in compliance with South Africa's Protection of Personal Information Act (POPIA). This Privacy Policy explains how we collect, use, disclose, retain and safeguard your personal data when you use Partify's e-commerce platform (including any of our subdomains or tenant stores under partify.co.za). It also describes your rights under POPIA and how you can exercise them. As noted in our documentation, Partify is built with POPIA compliance and data security at its core, offering features such as data export and the right to be forgotten. Please read this Policy carefully. By using our services, you consent to the practices described herein.

Information We Collect

We collect various categories of personal information about you when you use Partify:

  • Account Information: When you create or log into your Partify account (including via Google Sign-In OAuth), we collect your name, email address, and other profile data. If you sign in with Google, we receive the basic profile information (such as your Google-linked name and email) necessary to establish and authenticate your account. We do not obtain your Google password or other sensitive Google data.
  • Authentication and Security Data: We collect login credentials (password hashes, OAuth tokens) and security data used to protect your account. We may record your device identifiers and IP address to prevent fraud and secure your session.
  • Usage and Analytics Data: We automatically collect information about how you use our platform (pages you visit, actions taken, session duration, etc.). This may include device and browser information, dates and times of access, and similar usage metrics. We use browser cookies and similar technologies to gather this data. As a POPIA-compliant platform, we treat all such analytics data in aggregated and de‑identified form. We do not combine Google Analytics data with your personal identity.
  • Communications Data: If you contact us (for example via support requests or email), we collect the content of those communications and your contact details to respond.
  • Transactional Data: If you purchase a Partify subscription or make any payments through the platform, we record the transaction details (amount, date, payer) as required for billing and tax purposes. Note: Actual payment credentials (e.g. credit card numbers) are handled by our payment processors and are not stored by Partify.
  • Cookies and Tracking Data: We use cookies and similar technologies for authentication and session management (see Cookies and Session Management below).

All personal data collected is kept to the extent necessary to provide our services, comply with the law, and support a smooth user experience. We do not collect sensitive personal information (such as race, religion, health details, political opinions, etc.) unless explicitly provided and consented to for a specific feature.

How We Use Your Information

We use your personal information only for legitimate purposes directly related to our services. These purposes include:

  • Account and Platform Operations: to authenticate you when you log in, to manage your account, to provide access to the platform features you request, and to personalize your experience. For example, your unified Partify account lets you sign in across multiple store tenants using the same credentials. Each tenant store will only see the identifying information needed for your login and user role; we do not share passwords or sensitive personal or payment details between tenants. Each tenant's customer data remains siloed and private.
  • Security and Fraud Prevention: to protect our platform and users. We analyze login attempts and usage patterns to detect and prevent unauthorized access or malicious activity. We store session cookies to keep you securely logged in. We employ measures like encryption (256‑bit SSL for data in transit and encrypted storage at rest) and role-based access controls to safeguard data. As required by POPIA, we take reasonable technical and organizational steps to secure personal information.
  • Communication: to send you service-related notices (such as password resets, account notifications, changes to terms) and, if you have consented, marketing messages. You may opt out of promotional emails at any time. Transactional emails (account confirmations, receipts, etc.) are necessary for performance of contract and compliance and are sent without requiring separate consent.
  • Analytics and Site Improvement: to understand and improve how users interact with our services. We use Google Analytics (see below) to track and analyze platform usage. This helps us identify features usage, performance issues, and areas for enhancement. Analytics are strictly for internal analysis and do not identify you as an individual.
  • Legal Obligations: to comply with laws and regulations. For example, we retain billing records as required for tax and financial auditing. We also process personal information to fulfill any legal obligations (such as responding to subpoenas or lawful requests by authorities) and to protect our legal interests or those of our users.

We do not sell or lease your personal information to third parties. We may share data only as necessary to provide our services under strict confidentiality. For example, we may disclose information to payment processors or shipping carriers when you make a purchase, but only the minimum data required (e.g. your name and address to process an order). We require all third-party service providers to uphold POPIA standards for privacy and confidentiality.

Cross-Tenant Accounts and Google Sign-In

Partify supports a unified account model across all stores (tenants) on our platform. This means you can use a single Partify login to access multiple store admin panels or customer portals. If you sign up or log in using Google Sign-In (OAuth), Partify links your Google-verified identity to one Partify account. We retrieve only the necessary profile details (your name and email) from Google to create or authenticate your account. You may also create a Partify account with email and password instead of Google if you prefer.

Once authenticated, your identity (for example, your name, email, and internal user ID) is recognized by each store under the Partify umbrella. However, no sensitive or private information is shared between tenants. Each store (tenant) only has access to the data specific to its own business (e.g. its customer orders, products, etc.). We do not share your payment information, store-specific settings, or private content across different tenant stores. In other words, your unified Partify login simply provides convenience; it does not merge data across stores.

Cookies and Session Management

Partify uses cookies and similar technologies strictly as needed for authentication, security, and functionality. Cookies are small files stored on your device. We use them for:

  • Authentication Cookies: When you log in, we set a secure session cookie so you stay logged in as you navigate the platform. These cookies are essential; without them, we could not maintain your session or protect your account.
  • Session State Cookies: Temporary cookies help preserve your actions (such as form entries or navigation state) as you move between pages.
  • Remember-Me Cookies (optional): If you choose "Remember Me" at login, we set a persistent cookie so you do not need to log in each time.
  • Analytics Cookies: We use Google Analytics cookies only to measure aggregated site usage and performance (see Google Analytics below). These cookies fall into the category of non-essential cookies and are only used if you have given consent (see Cookie Consent).

All cookies we set do not contain your password or sensitive financial data. We use modern security flags (such as Secure and HttpOnly) on our cookies to reduce risk of interception or misuse. You can disable or clear cookies at any time via your browser settings, but be aware that blocking essential cookies will prevent you from logging in or using key features.

As a POPIA-compliant platform, we limit cookies to the minimum necessary for functionality. In fact, as noted in the official POPIA Cookie Policy example, only "functional (or required) cookies that are necessary for this site to function" are used. This includes the cookies for Google Analytics, which we treat as strictly operational. Analytics data collected via cookies is always de‑identified and aggregated, so we "don't know who you are" from that data.

Google Analytics and Tracking

We utilize Google Analytics to understand overall usage patterns of Partify's platform. Google Analytics collects information such as which pages were viewed, how long users stayed on pages, browser type, geographical region, device type, and similar metrics. This tracking is performed via Google Analytics cookies (e.g. _ga and related) once you have consented. Google Analytics helps us improve the platform by showing us trends and usage statistics.

Important safeguards:

  • We do not share your personal identity with Google Analytics. We enable IP anonymization, and we do not link any of this analytics data to your account or personal profile.
  • The analytics data we view in reports is aggregated (for example, "500 visitors in South Africa viewed Product X last month"). We do not receive lists of individuals or email addresses from Google Analytics. As with other cookies, the data from Google Analytics is purely de-identified audience metrics.
  • You can opt out of Google Analytics tracking by rejecting analytics cookies through our cookie consent tool (or by using your browser's opt-out or privacy plugins). If you refuse analytics cookies, we simply lose the ability to track usage on your browser, but all essential functionality remains unchanged.

By analyzing this aggregated data, we make informed improvements to security, usability, and performance of Partify.

Cookie Consent

On your first visit to Partify, we will display a clear cookie consent banner or notice in accordance with POPIA guidelines. This banner will explain that we use cookies and will give you the option to accept or reject non-essential cookies (such as analytics cookies). Essential cookies (for login and basic operation) will be set by default, as they are necessary for the site to function. You may grant or withhold consent for analytics and other optional cookies. Once you make a choice, you may still manage your preferences at any time via the banner or your browser settings.

Consistent with POPIA, we treat consent as an "informed expression of will". We provide information about each category of cookies, and we will not place any analytics or tracking cookies on your device until you have actively consented. If you decline non-essential cookies, we will use only the minimum cookies required for security and functionality.

Data Security

We employ robust security measures to protect your personal information. All communication between your browser and Partify is encrypted with industry-standard 256-bit SSL/TLS (HTTPS). Our servers and databases use encryption at rest and strict access controls to ensure data is stored securely. We restrict access to personal data to only authorized Partify personnel and we regularly audit our systems for vulnerabilities.

Specifically:

  • Encryption: We use 256-bit SSL for data in transit and encrypt sensitive data in our database.
  • Access Controls: Staff access is governed by role-based permissions; only those employees who need your data to perform their job can access it.
  • Secure Development: Our platform undergoes regular security reviews. We follow best practices and maintain compliance with PCI DSS standards for any payment data involved.
  • Data Breach Protocol: In the event of a suspected data breach, we will act swiftly to contain the incident. Consistent with POPIA's requirements, we will notify the Information Regulator and affected users as soon as possible if personal data is compromised.

By law we must also ensure the quality and integrity of personal data we process. We take reasonable steps to ensure that the information we collect is accurate, complete, and up-to-date. If you believe any personal data we hold about you is incorrect, you may request a correction (see Your Rights below).

Data Retention

We retain your personal information only for as long as necessary to fulfill the purposes outlined in this Policy, unless a longer retention period is required or permitted by law. This means:

  • Account Data: If you maintain a Partify account, we will keep your profile and transaction data for the duration of your active account, and for a reasonable period thereafter (to meet legal obligations such as tax or accounting rules). Once your account is closed or deleted, we will remove or anonymize your personal data, except where we must retain certain information by law (for example, financial records for auditing).
  • Transactional Records: Data related to purchases or financial transactions may be retained for the period mandated by South African tax and commerce law.
  • Support and Communication: Records of customer support interactions and emails are kept only as long as needed to resolve your requests.
  • Analytics Data: Aggregated usage data collected via Google Analytics is retained according to Google's policies; individual user identifiers (cookies) have their own expiration (typically 2 years for _ga).

In all cases, POPIA requires that we "cannot retain [personal information] for longer than is necessary". Once personal data is no longer needed, we securely delete or irreversibly anonymize it.

Lawful Basis for Processing (POPIA Compliance)

Under POPIA, we are only allowed to process your personal information if we have a valid lawful basis. The common lawful bases we rely on include (as reflected in Section 11 of POPIA):

  • Consent: Where you have explicitly agreed to certain processing (for example, consenting to cookies or subscribing to our newsletter). POPIA defines consent as a voluntary, specific and informed expression of will. You may withdraw consent at any time (and we will cease the related processing).
  • Contractual Necessity: When processing is necessary to perform our contract with you. For example, to provide the Partify platform services you signed up for, to bill you for services, or to communicate important account updates.
  • Legal Obligations: To comply with laws, regulations or court orders. For instance, we may need to retain transaction records to comply with tax laws, or to cooperate with law enforcement.
  • Legitimate Interest: In some cases, we may process data for purposes that are essential to our business operations and that do not infringe on your fundamental privacy rights. For example, securing our platform against fraud or analyzing service performance is typically based on our legitimate interest in running a safe and effective service.

By agreeing to this Policy, you acknowledge that any information you voluntarily provide (through forms, Google Sign-In, etc.) will be processed under these lawful bases. We will always inform you in advance about the purpose of any data collection, and we will not process your information in any way incompatible with the consent or purpose originally given.

Your Rights

Under POPIA (Chapter 3, Section 2), you have certain rights over your personal information. Partify provides mechanisms to exercise these rights:

  • Right of Access: You may request details of the personal information we hold about you. We will provide a copy of your data in a readable format.
  • Right to Correction: If any of your personal data held by us is inaccurate, incomplete or outdated, you may request that we update or correct it.
  • Right to Deletion ("Right to be Forgotten"): You may request that we delete your personal information, especially if you withdraw consent or wish to close your account. We will do so in accordance with applicable law and any overriding legal requirements. POPIA explicitly grants data subjects the right to request deletion of their personal data. Once deleted, your information will be removed from our active systems (with exceptions for legal or technical reasons as noted above).
  • Right to Object: You may object to certain types of processing, such as direct marketing communications, at any time. If you object to marketing, we will stop sending promotional emails, but we may still send you transactional or service messages.
  • Right to Withdraw Consent: Where processing is based on your consent, you can withdraw it at any time. For example, you can disable cookies, unsubscribe from newsletters, or delete your account. We will honor withdrawal requests and cease processing that data (subject to any legal obligations).
  • Right to Complain: If you believe we have infringed your privacy rights, you may lodge a complaint with the South African Information Regulator (details at inforegulator.org.za) or initiate legal proceedings. POPIA ensures that data subjects can seek recourse for any violation.

To exercise any of these rights, please contact us (see Contact Information below). We will verify your identity to prevent unauthorized requests. We aim to respond to any request within the timeframes prescribed by law.

Changes to This Policy

We may update this Privacy Policy from time to time (for example, to reflect changes in law or our services). When we do, we will revise the "Last Updated" date at the top of the policy. Significant changes will be posted on our website or otherwise communicated so you can review the updated terms. As POPIA requires transparency, we maintain this Policy publicly and will notify you of material changes in a timely manner.

If you continue to use Partify after changes are made, it will be considered your acceptance of the updated Policy. We encourage you to review this page periodically.

Contact Information

If you have questions about this Privacy Policy, or wish to exercise any of your rights (access, correction, deletion, etc.), please contact our Information Officer at:

We will handle your request in accordance with POPIA. In addition, you have the right under POPIA to lodge a complaint directly with the South African Information Regulator if you believe your privacy rights have been violated.

Return to Homepage