Privacy Policy

Last updated: 12 April 2026

At Linefree (Pty) Ltd ("Linefree", "we", "us", "our"), your privacy is a priority. This Privacy Policy explains what information we collect, how we use it, and the rights you have under the Protection of Personal Information Act, 2013 ("POPIA").

1. Information we collect

We collect the following categories of personal information:

• Account details — name, email address, phone number, password, and role.
• Business details — business name, type, contact information, and banking details (store owners only).
• Transaction data — checkouts, products scanned, payment method, loyalty activity, and refund requests.
• Device and usage data — IP address, device identifiers, log timestamps, and crash reports.

2. How we use your information

• To provide and improve the Linefree service.
• To process payments and merchant disbursements.
• To detect and prevent fraud.
• To comply with legal and regulatory obligations.
• To communicate with you about your account and important updates.

3. Payment data handling

Linefree does not store, process, or transmit payment card or bank login details. All payment processing is handled by PCI DSS Level 1 certified third-party providers (Ozow, Stitch). Your card or bank credentials are transmitted directly to these providers and are never stored on Linefree servers.

4. How we share your information

We do not sell your personal information. We share it only with trusted processors who help us operate the service, all under strict contractual controls:

• Payment gateways — Ozow, Stitch (payment processing and disbursements).
• Cloud infrastructure — hosting, database, and caching services.
• Monitoring — Prometheus, Grafana, Loki, and Jaeger for system health.
• Search — Elasticsearch for product search functionality.
• Email — SMTP provider for transactional emails (receipts, password resets, OTPs).

5. POS integration data

If a store integrates with a POS system, Linefree syncs product catalogues, promotions, and transaction confirmations to the configured POS provider. POS providers receive only store-specific data. All POS communication is encrypted and logged.

6. Merchant data access

Store owners can view transaction history, shopper loyalty accounts, and cart activity for their own stores. Merchants act as data controllers for shopper data accessed through their stores and must use this data only for commerce operations in compliance with POPIA.

7. Data retention

• Account data (profile, transactions) — retained for account lifetime plus 7 years for tax and fraud compliance.
• Audit logs — retained for 7 years.
• Temporary data (session tokens, OTPs) — deleted after 24 hours.
• After account deletion — personal data purged within 90 days, except where retention is legally required.

8. Cookies and local storage

Linefree uses browser localStorage to store authentication tokens (JWT) and user preferences. These expire after 24 hours or when you log out. We do not use tracking cookies for advertising. You can clear localStorage by clearing your browser data.

9. Your rights under POPIA

You have the right to:

• Access the personal information we hold about you.
• Correct or update your personal information.
• Request deletion of your personal information.
• Object to processing for direct marketing purposes.
• Lodge a complaint with the Information Regulator of South Africa.

To exercise your rights, email privacy@linefree.co.za with the subject "POPIA Request" and your account email. We will verify your identity and respond within 30 days. If unsatisfied, lodge a complaint with the Information Regulator.

10. Data breach notification

If we discover that your personal information has been compromised, we will:

• Notify you within 7 days via email.
• Describe the nature and scope of the breach.
• Provide recommended security measures.
• Notify the Information Regulator as required by POPIA Section 22.

11. Security

Linefree uses industry-standard encryption, access controls, and secure infrastructure to protect your information. All data is transmitted over TLS, and sensitive fields (banking details, POS credentials) are encrypted at rest using AES-256-GCM.

12. Children's privacy

Linefree is not intended for users under 18. If we discover that a child's personal information has been collected, we will delete it immediately. Parents or guardians may contact privacy@linefree.co.za.

13. Contact us

Questions about this Privacy Policy or your personal information? Email us at privacy@linefree.co.za.