Skip to content
Yoros

Privacy Policy

Effective date: 11 March 2026

Yoros ("we", "us", "our") is committed to protecting the personal information of everyone who visits our website, engages our services, or interacts with us in any way. This Privacy Policy explains what personal information we collect, why we collect it, how we use and protect it, and what your rights are under South African law.

This Policy is issued in terms of the Protection of Personal Information Act 4 of 2013 ("POPIA") and applies to all personal information processed by Yoros in the course of its business activities.

Responsible Party (as defined in POPIA): Yoros (Pty) Ltd, Cape Town, Western Cape, South Africa. Contact: hello@yoros.co.za | Website: www.yoros.co.za

1. Definitions

For the purposes of this Policy:

  • "Personal Information" means any information relating to an identifiable, living natural person or juristic person, as defined in POPIA. This includes names, contact details, identification numbers, location information, online identifiers, and any other information that can be used to identify a person.
  • "Processing" means any operation performed on personal information, including collecting, storing, using, transmitting, erasing, or destroying it.
  • "Data Subject" means the person to whom the personal information relates.
  • "Responsible Party" means Yoros, which determines the purpose and means of processing personal information.
  • "Operator" means any third party that processes personal information on behalf of Yoros.
  • "Special Personal Information" includes information about a person's race, health or sex life, biometric data, criminal history, religious or philosophical beliefs, trade union membership, or political persuasion.

2. What Personal Information We Collect

We collect personal information only where it is necessary and relevant to the services we provide or the operation of our website.

2.1 Information you provide directly

  • Full name and business name
  • Email address and telephone number
  • Postal or business address
  • Project requirements and business details shared during the enquiry or onboarding process
  • Payment information (processed via secure third-party payment platforms; Yoros does not store card or banking details)
  • Communications sent to us by email, contact form, or other means

2.2 Information collected automatically

  • IP address and approximate geographic location
  • Browser type and version
  • Pages visited on our website and time spent on each page
  • Referring website or search query
  • Device type and operating system

2.3 Information collected in the course of client work

  • Credentials and account access details required to deliver services (stored securely and deleted or transferred upon project completion)
  • Business data, content, and materials provided by the client for use in their project
  • Any personal information of the client's own customers that may be processed as part of building or configuring a digital system

3. Special Personal Information

Yoros does not intentionally collect Special Personal Information as defined in POPIA. We ask that clients and website visitors do not submit Special Personal Information unless it is strictly necessary and we have specifically requested it for a defined purpose.

Where the nature of a client's business requires us to configure systems that will handle Special Personal Information (for example, healthcare platforms that process patient data), we will enter into a data processing agreement with the client and implement appropriate technical and organisational safeguards.

4. Why We Collect Personal Information (Lawful Basis)

We process personal information only where we have a lawful basis to do so under POPIA.

4.1Performance of a contract — We process personal information that is necessary to provide our services, fulfil a project agreement, issue invoices, and manage the client relationship.
4.2Legitimate interests — We process certain information such as website analytics and communication records based on our legitimate interest in operating and improving our business.
4.3Consent — Where we rely on consent (for example, for newsletter subscriptions), we will obtain your explicit, informed consent before processing. You may withdraw consent at any time.
4.4Legal obligation — We may process personal information where required to comply with a legal obligation, such as tax, accounting, or regulatory requirements.

5. How We Use Your Personal Information

We use the personal information we collect for the following purposes:

  • Responding to enquiries and providing project quotes
  • Delivering web development, design, and digital systems services
  • Managing invoices, payments, and client accounts
  • Communicating project updates, timelines, and deliverables
  • Sending transactional emails where we operate systems on a client's behalf
  • Sending newsletters and marketing communications to subscribers who have opted in (you may unsubscribe at any time)
  • Improving our website and services through analytics
  • Complying with legal and regulatory obligations
  • Enforcing our Terms and Conditions and protecting our legal rights

6. How We Share Your Personal Information

Yoros does not sell, rent, or trade personal information. We share personal information only in the following limited circumstances.

6.1Service providers and operators — We use trusted third-party service providers including Vercel (hosting), Supabase (database and authentication), Resend (email delivery), Paystack (payment processing), Google Analytics, and GitHub (source code management). These providers process personal information on our behalf as operators and are required to implement appropriate security measures.
6.2Legal requirements — We may disclose personal information where required by law, court order, or lawful request by a public authority.
6.3Business transfers — In the event of a merger, acquisition, or sale of Yoros's business, personal information may be transferred to the acquiring entity subject to the same protections in this Policy.

7. Cross-Border Transfers of Personal Information

Some of the third-party platforms we use are based outside South Africa, meaning your personal information may be transferred to and processed in other countries, including the United States.

We only transfer personal information to third parties in other countries where we are satisfied that adequate levels of protection are in place, through the third party's adherence to internationally recognised data protection standards or contractual data processing agreements, as contemplated in section 72 of POPIA.

8. Cookies and Tracking Technologies

Our website uses cookies and similar tracking technologies to improve the user experience, analyse traffic, and understand how visitors interact with our content.

8.1 Types of cookies we use:

  • Essential cookies: required for the website to function correctly. These cannot be disabled.
  • Analytics cookies: used to collect anonymous usage data via Google Analytics 4. These are only set with your consent.
  • Preference cookies: used to remember your settings such as dark mode preference and cookie consent choice.
8.2When you first visit our website, you will be presented with a cookie consent banner. You may accept or decline non-essential cookies at any time. You may also control cookies through your browser settings.

9. Data Retention

We retain personal information for as long as necessary for the purpose for which it was collected, or as required by law.

  • Client records and project documentation: 5 years from the end of the client relationship
  • Invoice and financial records: 5 years, as required by the South African Revenue Service
  • Email enquiries and correspondence: 3 years
  • Newsletter subscriber data: retained until unsubscription or withdrawal of consent
  • Website analytics data: 26 months (as configured in Google Analytics 4)
  • Website server logs: 90 days

When personal information is no longer required and no legal retention obligation applies, we will securely delete or anonymise it.

10. Security of Personal Information

Yoros implements appropriate technical and organisational measures to protect personal information. These measures include:

  • Encryption of data in transit (TLS/HTTPS on all web properties)
  • Encryption of data at rest (applied by Supabase and our hosting infrastructure)
  • Role-based access controls ensuring personal information is accessible only to those who need it
  • Row-level security policies enforced at the database level
  • Two-factor authentication on administrative accounts
  • Regular security reviews and dependency updates
  • Secure credential management — no plain-text storage of passwords or API keys

In the event of a data breach that poses a risk to data subjects, we will notify affected individuals and the Information Regulator as required by POPIA.

11. Personal Information of Children

Yoros's website and services are not directed at children under the age of 18. We do not knowingly collect personal information from children. If we become aware that a child has provided us with personal information without appropriate parental or guardian consent, we will delete that information promptly. Contact us at hello@yoros.co.za if you believe your child has provided us with personal information.

12. Your Rights as a Data Subject

Under POPIA, you have the following rights in relation to your personal information.

12.1Right of access — You have the right to request a copy of the personal information we hold about you and to be informed of how it is being used.
12.2Right to correction — You have the right to request that we correct inaccurate, incomplete, or outdated personal information.
12.3Right to deletion — You have the right to request that we delete your personal information where it is no longer necessary, where you have withdrawn consent, or where processing is unlawful. This is subject to any overriding legal obligation to retain the information.
12.4Right to object — You have the right to object to processing where we rely on legitimate interests as the lawful basis. We will cease processing unless we have compelling legitimate grounds that override your interests.
12.5Right to withdraw consent — Where we process your personal information based on consent, you may withdraw that consent at any time without affecting the lawfulness of prior processing.

12.6 Right to complain — You have the right to lodge a complaint with the Information Regulator of South Africa.

  • Website: www.inforegulator.org.za
  • Email: inforeg@justice.gov.za
  • Telephone: 010 023 5207

13. How to Exercise Your Rights

To exercise any of the rights described in Section 12, or to raise any concern about how we handle your personal information, contact our Information Officer at hello@yoros.co.za or www.yoros.co.za. We will respond to all requests within 30 days of receipt. We may need to verify your identity before processing your request.

14. Processing on Behalf of Clients (Operator Role)

Where Yoros builds and configures digital systems that collect or process personal information on behalf of a client (for example, a booking system, client portal, or contact form), Yoros acts as an Operator and the client is the Responsible Party.

In this context:

  • Yoros will process personal information only in accordance with the client's instructions and for the purpose of delivering the contracted services.
  • Yoros will implement appropriate security measures to protect the personal information.
  • Yoros will not use that personal information for its own purposes.
  • Upon completion of the project or termination of the engagement, Yoros will transfer or delete the personal information as instructed by the client.

Clients who operate platforms that collect personal information from their own users are responsible for ensuring their own POPIA compliance.

15. Links to Third-Party Websites

Our website may contain links to third-party websites, tools, or platforms. This Privacy Policy applies only to Yoros and does not cover how third parties collect or use personal information. We encourage you to read the privacy policies of any third-party sites you visit.

16. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. The most current version will always be published at www.yoros.co.za/privacy with the effective date indicated. Continued use of our website or services after any update constitutes acceptance of the revised Policy.