This policy is written to align with South Africa's Protection of Personal Information Act (POPIA). Have it reviewed by a legal professional before launch.
1. Information we collect
- Account data: name, email, phone, password (stored hashed), location.
- Verification data: ID/passport details and proof of vehicle ownership (sellers).
- Listing data: vehicle details, photos, descriptions.
- Activity data: bids, comments, watchlist, messages.
- Technical data: IP address, browser type, cookies (see Cookie Policy).
2. Why we collect it (lawful purpose)
- To operate the auction service and connect buyers with sellers.
- To verify identity and prevent fraud.
- To process fees and (where used) secure payments.
- To notify you about bids, outbids, and account activity.
- To comply with legal obligations.
3. Your POPIA rights
Under POPIA you have the right to:
- Access the personal information we hold about you.
- Request correction or deletion of your information.
- Object to processing in certain circumstances.
- Lodge a complaint with the Information Regulator (South Africa).
4. How we protect your data
- HTTPS/TLS encryption across the entire site.
- Passwords stored using bcrypt hashing — never in plain text.
- Database access restricted and firewalled.
- Verification documents stored securely and access-limited.
5. Sharing your information
We do not sell your personal information. We share data only:
- Between buyer and seller after a successful auction, to complete the sale.
- With service providers (e.g. payment processors) under contract.
- When required by law or to prevent fraud.
6. Data retention
We keep your data only as long as necessary for the purposes above or as required by law. You may request deletion of your account at any time, subject to records we must retain for legal/financial compliance.
7. Information Officer
Our designated Information Officer can be reached at hello@bidsa.co.za for any privacy requests or concerns.