Privacy Policy
Last updated: 7 April 2026 · Version 1.0
1. Who We Are
hustler.co.za ("Hustler", "we", "us", "our") is a platform owned and operated by Tapnet Solutions (Pty) Ltd (tapnet.co.za) in South Africa. It enables side hustlers, freelancers, and service providers to create professional profiles and connect with clients. Tapnet Solutions (Pty) Ltd is the responsible partyas defined in the Protection of Personal Information Act 4 of 2013 ("POPIA"). This policy applies to hustler.co.za and all other websites, applications, and digital services operated by Tapnet Solutions (Pty) Ltd.
Responsible party: Tapnet Solutions (Pty) Ltd
Information Officer: Wynand de Beer
Phone: 079 174 8357
Email: wynand@tapnet.co.za
Address: 594 Bombani Street, Elarduspark, Gauteng, 0181, South Africa
2. What Personal Information We Collect
2.1 Information you provide directly
- Account data: Full name, email address, password (stored as a one-way hash — we never store or see your actual password)
- Profile data: Display name, username, biography, profile photo, phone number, WhatsApp number, location (city/area), province, service category
- Service listings: Service titles, descriptions, pricing
- Client data: Client names and contact details included in quotes and invoices
- Quote/invoice data: Client names, email, phone, line items, amounts
2.2 Information from third parties
- Google OAuth: If you sign in with Google, we receive your name, email address, and profile photo from Google. We do not receive your Google password.
2.3 Information collected automatically
- Analytics data: Page views, button clicks, traffic sources (referrer URLs). IP addresses are one-way hashed before storage — we cannot reverse them to identify you.
- Device information: Browser type and version (user agent), truncated to 200 characters
- Cookies: Authentication session cookies (essential) and optional analytics cookies. See Section 9.
3. Why We Collect Your Information (Purpose)
| Data | Purpose | Legal basis |
|---|---|---|
| Name, email, password | Create and authenticate your account | Contract performance |
| Profile information | Display your public profile page | Contract performance |
| Phone / WhatsApp | Enable clients to contact you | Consent + contract |
| Service listings, pricing | Display your services to potential clients | Contract performance |
| Quote/invoice data | Generate and store documents you create | Contract performance |
| Analytics data | Understand profile performance, improve the platform | Consent (via cookie banner) |
| Google OAuth data | Provide convenient sign-in | Consent |
| Session cookies | Keep you logged in securely | Contract performance (essential) |
4. Who We Share Your Information With
We share personal information only with the following categories of recipients, and only to the extent necessary:
- Vercel Inc. (USA/Global) — Hosts our website and application. Data may be cached on global CDN nodes.
- Neon Inc. (Frankfurt, Germany, EU) — Stores our primary database containing all user data
- PayFast (Network International) (South Africa) — Processes subscription payments. We do not see or store your card details. PayFast is the only provider hosted in South Africa.
- Resend Inc. (USA) — Sends transactional emails (verification, notifications). Only receives email addresses.
- Google LLC (USA) — Only if you choose to sign in with Google. Receives and provides your name, email, and profile photo.
We have Data Processing Agreements with each provider requiring them to protect your information to a standard consistent with POPIA. We do not sell, rent, or trade your personal information to any third party. For full details of where your data is stored, see Section 5 (Cross-Border Data Transfers).
5. Cross-Border Data Transfers
Your personal information is stored and processed outside of South Africa. While hustler.co.za is a South African platform operated for South African users, we use international cloud service providers to host and deliver the platform. We are transparent about exactly where your data goes:
5.1 Where your data is stored
| Service | What it stores | Location |
|---|---|---|
| Neon (database) | All your account data, profiles, services, quotes, invoices, analytics | Frankfurt, Germany (EU) |
| Vercel (hosting) | Application code, cached pages, serverless function execution | Global CDN, primary compute in the US and EU |
| Resend (email) | Email addresses used for sending transactional emails | United States |
| PayFast (payments) | Payment and subscription data | South Africa |
| Google (OAuth) | Name, email, and profile photo (only if you sign in with Google) | United States |
5.2 Why we host outside South Africa
We host our primary database in Frankfurt, Germany because it provides the best combination of performance, reliability, and data protection for our users. The European Union has comprehensive data protection laws (GDPR) that are widely considered to offer a level of protection equivalent to or exceeding POPIA. There are currently limited serverless database options with South African data centres that meet our technical requirements.
5.3 How we protect your data during transfers (Section 72 of POPIA)
In terms of Section 72 of POPIA, we rely on the following legal bases to transfer your personal information outside South Africa:
- Binding contractual agreements: We have Data Processing Agreements (DPAs) with each provider that contractually require them to protect your information to a standard equivalent to POPIA
- Adequate protection: Our database is hosted in Germany, which is subject to the EU General Data Protection Regulation (GDPR) — widely recognised as providing adequate data protection
- Your explicit consent: By agreeing to our Privacy Policy at registration, you consent to the cross-border transfer of your personal information as described in this section
- Contractual necessity: The transfer is necessary to perform our contract with you (providing the platform and its features)
5.4 Your right to object
If you object to the cross-border transfer of your personal information, you may contact us at wynand@tapnet.co.za. Please note that if you object, we may not be able to provide you with the platform's services, as the infrastructure required to operate the platform is hosted internationally.
6. How Long We Keep Your Information
| Data type | Retention period |
|---|---|
| Account data | Duration of your account + 1 year after deletion |
| Profile & services | Duration of your account |
| Quotes & invoices | 5 years from creation (South African tax law) |
| Analytics data | 24 months, then automatically deleted |
| Consent records | 5 years (to demonstrate compliance) |
| Authentication logs | 12 months |
When data is deleted, it is destroyed so it cannot be reconstructed, in accordance with Section 14(4) of POPIA.
7. Your Rights Under POPIA
As a data subject, you have the right to:
- Access: Request a copy of all personal information we hold about you
- Correction: Request correction of inaccurate or incomplete information
- Deletion: Request deletion of your personal information (subject to legal retention requirements)
- Export: Receive your data in a machine-readable format
- Object: Object to the processing of your personal information on reasonable grounds
- Withdraw consent: Withdraw any consent you have given, at any time
- Complain: Lodge a complaint with the Information Regulator
To exercise any of these rights, go to Settings > Account > My Data in your dashboard, or email wynand@tapnet.co.za. We will respond within 30 days, free of charge.
Information Regulator (South Africa)
Email: enquiries@inforegulator.org.za
Website: https://inforegulator.org.za
8. Security
- Passwords are hashed using bcrypt with a cost factor of 12 — we cannot see your password
- All data transmitted via HTTPS (TLS encryption in transit)
- Database access restricted to authenticated application connections only
- IP addresses are one-way hashed (SHA-256) before storage
- Authentication uses secure, HTTP-only, SameSite cookies
- Rate limiting on all sensitive endpoints to prevent brute-force attacks
- Input validation on every API endpoint using server-side schema validation
- Security headers: CSP, X-Frame-Options, X-Content-Type-Options, Referrer-Policy
9. Cookies
Essential cookies (always active)
- next-auth.session-token — Keeps you logged in. Expires when you log out or after the session timeout. Required for the platform to function.
- next-auth.csrf-token — Protects against cross-site request forgery. Required for security.
Analytics cookies (require your consent)
- hustler-analytics-consent — Records whether you have opted in or out of analytics tracking. Stored for 12 months.
We do not use any third-party advertising or tracking cookies. You can manage your cookie preferences at any time via the cookie settings link in the footer of every page.
10. Children
Hustler is intended for users aged 18 and older. We do not knowingly collect personal information from children under 18. If we become aware that a child under 18 has created an account, we will promptly delete their information. If you believe a child has provided us with personal information, please contact wynand@tapnet.co.za.
11. Direct Marketing
We will only send you marketing communications if you have explicitly opted in. You can opt out at any time by clicking the unsubscribe link in any marketing email or updating your preferences in Settings. We will honour your opt-out immediately.
Transactional emails (verification emails, account alerts) are not marketing and will be sent as part of the service.
12. Data Breach Notification
If we become aware of a security breach that compromises your personal information, we will notify the Information Regulator and affected users as soon as reasonably possible, in accordance with Section 22 of POPIA. Notifications will include the nature of the breach, potential consequences, and recommended protective measures.
13. Changes to This Policy
We may update this privacy policy from time to time. If we make material changes, we will notify you via email or a prominent notice on the platform before the changes take effect. Continued use of the platform after notification constitutes acceptance of the updated policy.
14. Contact Us
For any questions, concerns, or requests related to this privacy policy or your personal information:
- Responsible party: Tapnet Solutions (Pty) Ltd
- Information Officer: Wynand de Beer
- Phone: 079 174 8357
- Email: wynand@tapnet.co.za
- Address: 594 Bombani Street, Elarduspark, Gauteng, 0181