hustler.co.za

Data Protection Policy

Last updated: 7 April 2026

1. Purpose

This policy defines how Tapnet Solutions (Pty) Ltd ("Tapnet") handles, stores, processes, and protects personal information collected through hustler.co.za and all platforms operated by Tapnet, in compliance with the Protection of Personal Information Act 4 of 2013 ("POPIA").

2. Scope

This policy applies to all personal information processed by Tapnet, including data from:

  • Registered users (hustlers/freelancers)
  • Clients who contact hustlers via the platform
  • Visitors to the website
  • Any third parties whose data is entered into the platform (e.g., client names on quotes/invoices)

3. Principles

All processing of personal information must adhere to POPIA's eight conditions:

3.1 Accountability

Tapnet, through its Information Officer (Wynand de Beer), is responsible for ensuring compliance. All processing activities are documented and auditable.

3.2 Processing Limitation

We only collect personal information that is adequate, relevant, and not excessive for the purposes described in our Privacy Policy. We rely on consent, contract necessity, or legitimate interest as our legal basis.

3.3 Purpose Specification

Personal information is collected for specific, explicitly defined, and lawful purposes. These purposes are communicated at or before the point of collection. Data is not used for any purpose other than what was specified without obtaining fresh consent.

3.4 Further Processing Limitation

We do not use personal information for purposes beyond what was originally specified. If a new use case arises, we will obtain separate consent before processing.

3.5 Information Quality

We take reasonable steps to ensure personal information is complete, accurate, and up to date. Users can correct their information at any time via their dashboard or by contacting the Information Officer.

3.6 Openness

Our Privacy Policy, this Data Protection Policy, and our PAIA Manual are publicly available on our website. Users are notified of what data we collect and why at the point of collection.

3.7 Security Safeguards

We implement appropriate technical and organisational measures to protect personal information. These are detailed in our Information Security Policy.

3.8 Data Subject Participation

Users may access, correct, export, or request deletion of their personal information through their account dashboard or by contacting the Information Officer. Requests are processed within 30 days, free of charge.

4. Data Collection

We collect personal information through the following means:

  • Direct collection: Registration forms, profile setup, service listings, financial entries, quote/invoice creation
  • Third-party collection: Google OAuth (name, email, profile photo — only when user chooses Google sign-in)
  • Automated collection: Analytics data (page views, hashed IP addresses, browser type) — only with cookie consent

We do not collect personal information from publicly available sources, data brokers, or social media scraping.

5. Lawful Basis for Processing

  • Consent: Registration, Google OAuth, analytics tracking, marketing emails
  • Contract performance: Providing the platform's services (profiles, quotes, invoices)
  • Legitimate interest: Platform security, fraud prevention, service improvement
  • Legal obligation: Financial record retention (Tax Administration Act), responding to lawful data requests

6. Consent Management

Consent is obtained through:

  • Explicit opt-in checkboxes at registration (Privacy Policy, Terms, age confirmation, optional marketing)
  • Cookie consent banner before non-essential cookies are set
  • Privacy notices on public forms

All consents are recorded in our database with: user ID, consent type, granted/denied status, hashed IP address, policy version, and timestamp. Users may withdraw consent at any time.

7. Cross-Border Transfers

Personal information is transferred outside South Africa as detailed in our Privacy Policy (Section 5). Our primary database is hosted in Frankfurt, Germany (EU), subject to GDPR. We rely on Data Processing Agreements, GDPR adequacy, user consent, and contractual necessity as transfer mechanisms under POPIA Section 72.

8. Third-Party Operators

We use the following operators (third-party processors) and maintain agreements with each. See our Operator Agreements page for details.

  • Neon Inc. — Database hosting (Frankfurt, EU)
  • Vercel Inc. — Application hosting (Global/US)
  • Resend Inc. — Email delivery (US)
  • PayFast / Network International — Payment processing (South Africa)
  • Google LLC — OAuth authentication (US)

9. Data Subject Rights

Users may exercise the following rights via their dashboard (Settings > Account) or by emailing wynand@tapnet.co.za:

  • Right to access (request a copy of their data)
  • Right to correction (fix inaccurate data)
  • Right to deletion (request account and data removal)
  • Right to export (download data in JSON format)
  • Right to object (object to specific processing)
  • Right to withdraw consent
  • Right to complain to the Information Regulator

All requests are processed within 30 days, free of charge, as required by POPIA and the 2025 Amendment Regulations.

10. Incidents and Breaches

Data breaches are handled in accordance with our Breach Response Plan. The Information Regulator and affected users will be notified as soon as reasonably possible.

11. Review

This policy is reviewed annually and updated as needed. The Information Officer is responsible for ensuring ongoing compliance.

12. Information Officer

Wynand de Beer
Tapnet Solutions (Pty) Ltd
Email: wynand@tapnet.co.za
Phone: 079 174 8357
Address: 594 Bombani Street, Elarduspark, Gauteng, 0181