Privacy Policy

1. INTRODUCTION

  • This Privacy Policy explains how Creative Tech Worx (Pty) Ltd (“Company”, “we”, “us”, or “our”) collects, uses, stores, and protects personal information when you use our website, software platforms, SaaS applications, and mobile applications (collectively, the “Services”).

We are committed to lawful, fair, and transparent processing of personal information in accordance with:

  • Protection of Personal Information Act 4 of 2013 (POPIA)

  • EU General Data Protection Regulation (GDPR)

  • Applicable South African and international data protection laws

2. RESPONSIBLE PARTY & CONTACT DETAILS

Responsible Party: Creative Tech Worx (Pty) Ltd

  • Registration Number: 2012/041361/07

Physical Address: Suite 5 and 6, Morehill Office Park, 7 Landau Street, Morehill, Gauteng, 1501, South Africa

Data Protection Contact: Our Legal Department

3. SCOPE OF THIS POLICY

This Policy applies to:

  • Website visitors

  • SaaS platform users

  • Mobile application users

  • Trial users and waitlist subscribers

  • Clients and authorised representatives

4. PERSONAL INFORMATION WE COLLECT

4.1 Information You Provide

  • Full name

  • Email address

  • Mobile number

  • Login credentials

  • Account preferences

  • Support communications

4.2 Sensitive / Special Personal Information

Depending on the SaaS product, we may process:

  • Health-related information

  • Personal life data

  • Financial metadata (not payment card data)

  • Information relating to minors (only with lawful consent)

  • Sensitive data is always subject to enhanced security and access controls.

5. AUTHENTICATION & SECURITY DATA

Certain platforms enforce:

  • Mandatory Two-Factor Authentication (2FA)

  • Login history and device identifiers

  • Security audit logs

  • This data is processed strictly for security, fraud prevention, and legal compliance.

6. COOKIES & ANALYTICS

We use:

  • Essential cookies

  • Tracking cookies

  • Analytics tools

  • We do not use advertising cookies and do not sell personal data.

  • You may control cookies via your browser settings; however, functionality may be affected.

7. PURPOSES OF PROCESSING

We process personal information to:

  • Provide and operate Services

  • Authenticate users

  • Maintain system security

  • Provide customer support

  • Improve performance and reliability

  • Comply with legal obligations

  • We do not process personal information for profiling, advertising, or resale.

8. LEGAL BASIS FOR PROCESSING

  • POPIA (South Africa)

Processing is based on:

  • Consent

  • Contractual necessity

  • Legal obligation

  • Legitimate interests

  • GDPR (EU/EEA)

Processing is based on:

  • Article 6(1)(a) – Consent

  • Article 6(1)(b) – Contract

  • Article 6(1)(c) – Legal obligation

  • Article 6(1)(f) – Legitimate interests

9. DATA STORAGE & HOSTING

Data is stored:

  • Primarily in South Africa

  • On secure infrastructure

  • With encrypted backups

Some platforms may use:

  • AWS

  • Supabase

  • Where international transfers occur, appropriate safeguards are applied.

10. SUB-PROCESSORS & THIRD PARTIES

  • To provide certain AI-driven and cloud-based Services (including Lucia and PawScore), Creative Tech Worx (Pty) Ltd makes use of carefully selected third-party service providers (“Sub-processors”).

10.1 AI Service Providers

User inputs may be processed (anonymised where reasonably possible) by AI service providers, including but not limited to:

  • OpenAI

  • Anthropic

  • Google Gemini

  • GrokAI

These providers are contractually bound to:

  • Process data only on our documented instructions

  • Implement appropriate security safeguards

  • Not use personal data for their own marketing or profiling purposes

10.2 Cloud Infrastructure

  • We utilise reputable cloud infrastructure providers, including:

  • Amazon Web Services (AWS)

  • Supabase

  • These providers host data in secure environments and comply with recognised international security standards.

10.3 No Sale of Data

  • We do not sell, trade, lease, or commercially exploit personal information for marketing or advertising purposes.

11. PAYMENT INFORMATION

  • We do not process or store payment card details

  • SaaS billing is handled internally by our finance department

  • Mobile app payments are handled by Apple App Store and Google Play

12. DATA RETENTION

Personal information is retained:

  • Only for as long as necessary

  • In accordance with contractual, legal, and operational requirements

  • When no longer required, data is securely deleted or anonymised.

13. DATA SUBJECT RIGHTS

Under POPIA

You have the right to:

  • Access your personal information

  • Correct or update information

  • Object to processing

  • Lodge a complaint with the Information Regulator

Under GDPR

You have the right to:

  • Access

  • Rectification

  • Erasure (“right to be forgotten”)

  • Restriction

  • Data portability

  • Objection

  • Requests may be sent to our Legal Department

14. DATA BREACHES

In the event of a data breach:

  • We will assess the risk promptly

  • Notify affected users and regulators where legally required

  • Take immediate remedial action

15. CHILDREN’S INFORMATION & LIFEARK

  • Our LifeArk application is designed to record personal milestones from pre-natal stages through adulthood.

  • In compliance with Section 35 of POPIA and Article 8 of the GDPR, we apply enhanced protections when processing information relating to minors (persons under 18 years of age).

15.1 Parental / Guardian Consent

  • We only process a minor’s personal information where we have obtained explicit consent from a Competent Person, being a parent or legal guardian.

15.2 Verification

  • We reserve the right to implement age-verification or identity-verification measures to confirm that consent has been lawfully obtained.

15.3 Right to Withdraw

A parent or legal guardian may at any time:

  • Withdraw consent

  • Request deletion of a minor’s personal information

  • Object to further processing

  • Such requests may be submitted to our Legal Department.

16. AUTOMATED PROCESSING & AI ETHICS

  • Our Services utilise Artificial Intelligence to enhance functionality and user experience.

16.1 Human Oversight

In accordance with Section 71 of POPIA and Article 22 of the GDPR:

  • No decision producing significant legal or similar effects for a user is made solely by automated means

  • Human oversight is maintained where required

16.2 Non-Reliance on AI Outputs

AI-generated outputs within entertainment or informational contexts (including Lucia and PawScore):

  • Are illustrative or recreational in nature
  • Do not constitute professional, medical, psychological, or legal advice
  • Should not be relied upon as factual or authoritative information

17. INTERNATIONAL USERS

  • By using our Services outside South Africa, you consent to processing in accordance with this Policy and applicable cross-border data protections.

18. CHANGES TO THIS POLICY

  • We may update this Policy periodically.
  • Continued use of the Services constitutes acceptance of the updated version.

19. COMPLAINTS

South African users may lodge complaints with:

20. CONTACT

For privacy-related queries or requests:

  • Email our Legal Department
  • Requests for access to records held by the Company, as provided for in the Promotion of Access to Information Act PAIA Manual, may be made using the procedures outlined in our PAIA Manual available on our website.