Privacy notice (POPIA)
This notice explains how palflip collects and uses personal information, as required by the Protection of Personal Information Act, 4 of 2013 (POPIA).
Who we are
Palflip connects South African businesses with South African content creators and pays creators for the views their clips earn. Palflip is the "responsible party" under POPIA for the information described below. Contact: bigheadntanzi@gmail.com.
What we collect, and why
- Account details (email address, password stored only as a one-way hash, role) — to create and secure your account.
- Campaign and submission data(links to clips you post, the platforms they are on, view counts we retrieve from those platforms' public data) — to calculate what you are owed or what your campaign has delivered.
- Payment-related details (amounts owed and paid; if you are a creator, the bank details you give us to receive EFT payouts) — to pay you. We do not store card numbers.
- Agreement records (which agreements you accepted and when; for a likeness release, your typed full legal name, an 18+ confirmation, timestamp and IP address) — because these are legal records we must be able to evidence.
What we do not do
- We do not sell your personal information.
- We do not send your information outside South Africa except where a service provider we use (such as our database host) stores it securely abroad.
- We do not use your information for purposes other than running palflip.
How long we keep it
Account and payment records are kept while your account is active and for five years afterwards (tax and legal record-keeping), then deleted. Signed agreements are kept for as long as the rights they cover remain in effect.
Your rights
You may ask us what personal information we hold about you, ask for corrections, object to processing, or ask for deletion (subject to records we are legally required to keep). Email bigheadntanzi@gmail.com and we will respond. If you are not satisfied, you may complain to the Information Regulator (South Africa) — inforeg.org.za.
Security and breaches
Passwords are hashed, sessions are signed, and access to payment records is limited to administrators. If a breach affecting your personal information occurs, we will notify you and the Information Regulator as POPIA requires.
Version 1 — July 2026. This notice will be updated as palflip adds features (for example, payment gateways or Instagram/TikTok API connections).