ConsentYes is committed to protecting your privacy and complying with the Protection of Personal Information Act 4 of 2013 (POPIA) and, where applicable, the General Data Protection Regulation (GDPR). This Privacy Policy explains how we collect, use, store, and protect personal information when you use our platform.
1. Who we are
ConsentYes is a consent and privacy operations platform designed for South African businesses. We act as the Responsible Party under POPIA, or Data Controller under GDPR where applicable, for personal information processed through our platform.
2. Information we collect
Account information
When you create an account we collect your full name, email address, and password, which is stored as a secure hash. If you sign in with Google, we receive your name and email from Google.
Usage and analytics
We collect information about how you use ConsentYes, including pages viewed, features used, browser type, operating system, and IP address, to improve our service and help keep it secure.
Visitor consent data
When your website visitors interact with a ConsentYes banner, we record an anonymous visitor ID, the consent decision, categories chosen, page URL, and timestamp. We do not collect names or email addresses from website visitors through the consent banner.
DSAR data
When someone submits a data subject request through a ConsentYes-powered form, we store their name, email, request type, and message so the request can be handled.
3. How we use information
- To provide and improve the ConsentYes platform.
- To authenticate accounts and keep them secure.
- To send transactional emails such as account confirmation and password reset messages.
- To generate consent records and audit-ready reports on your behalf.
- To comply with legal obligations.
- To communicate service updates and, with consent where required, marketing messages.
4. Legal basis for processing
We process personal information based on performance of our contract with you, our legitimate interests in operating a secure service, consent where required, and compliance with legal obligations.
5. Data storage and security
Your data is stored using service providers such as Supabase and hosting infrastructure used to operate ConsentYes. Data is protected in transit using TLS and at rest where supported by our infrastructure providers. No system is completely secure, and we cannot guarantee absolute security.
6. Data sharing
We do not sell personal information. We may share information with service providers that help us operate ConsentYes, authentication providers if you choose to use them, and law enforcement or regulators where required by law.
7. Your rights under POPIA
As a data subject, you may request access to personal information, correction of inaccurate information, deletion where applicable, objection to processing, or restriction of processing. You may also lodge a complaint with the Information Regulator of South Africa.
To exercise these rights, email privacy@consentyes.co.za. We aim to respond within 30 days.
8. Cookies
We use necessary cookies to provide the service and may use preferences, statistics, or marketing cookies where consent is required. See our Cookie Policy for more detail.
9. Retention
We retain account data for as long as an account is active or as needed to meet legal and operational requirements. Consent records and DSAR records are retained for audit and support purposes unless deletion is required or requested under applicable law.
10. Changes to this policy
We may update this Privacy Policy from time to time. We will post the updated policy on this page with a new effective date where appropriate.
11. Contact
For privacy enquiries, contact privacy@consentyes.co.za. For general support, contact support@consentyes.co.za.