Privacy Policy

Effective Date: 10 April 2026 | Last Updated: 10 April 2026

Responsible party	CHEQIT Innovations (Pty) Ltd
Registration number	2023/268134/07
Registered address	457 Rooibos Street, Thatchfield Glen
Privacy / Information Officer email	support@mg.cheqit.co.za

CHEQIT Innovations (Pty) Ltd (“CHEQIT”, “we”, “us”, or “our”) respects your privacy and is committed to protecting your personal information. This Privacy Policy explains how we collect, use, store, share, and protect personal information when you access or use the CHEQIT platform, including our website, mobile applications, merchant tools, communications, and related services (collectively, the “Platform”).

By using the Platform, creating an account, onboarding as a merchant or provider, submitting information to us, or otherwise interacting with CHEQIT, you acknowledge that your personal information may be processed in accordance with this Privacy Policy.

1. Scope

This Privacy Policy applies to the personal information of:

website visitors;
customers, clients, and end users of the Platform;
merchants, providers, business representatives, and merchant staff;
people who communicate with CHEQIT, submit information to CHEQIT, or otherwise interact with the Platform.

This Privacy Policy should be read together with CHEQIT’s Terms and Conditions, Merchant Services Agreement, and any additional notices shown in the Platform.

2. Responsible Party and Contact Details

CHEQIT Innovations (Pty) Ltd is the responsible party for the personal information described in this Privacy Policy, except where another arrangement is expressly stated in a separate agreement.

Entity	CHEQIT Innovations (Pty) Ltd
Registration number	2023/268134/07
Registered address	457 Rooibos Street, Thatchfield Glen
Privacy / Information Officer email	support@mg.cheqit.co.za

General support email: support@mg.cheqit.co.za

3. Categories of Personal Information We Collect

The categories of personal information we collect depend on how you use the Platform.

3.1 Account and profile information

full name;
email address;
mobile phone number;
password and login credentials;
verification status;
role or account type (for example customer, merchant, or provider account);
profile image or avatar, where provided;
settings and notification preferences, where available.

3.2 Merchant, provider, and business information

business name, profile name, logo, description, category, type, and offering information;
legal first name, legal last name, and date of birth for verification purposes;
business email address, business phone number, website, and social media handles where provided;
company registration details, entity type, registration number, and related business records;
proof of residence, proof of banking, tax, licensing, health, identity, or other compliance documents where required;
bank account holder name, bank name, branch code, account number, account type, payout settings, and related payout information;
verification outcomes, review notes, rejection reasons, suspension status, and related compliance records.

3.3 Booking, session, order, and transaction information

booking, session, reservation, or order identifiers;
merchant and profile identifiers;
selected offerings, quantities, pricing, totals, deposits, balance amounts, fees, and settlement records;
scheduled dates, times, time zones, fulfilment type, attendance, reschedules, cancellations, expiry timestamps, and refund-related records;
payer name, payer email, payer phone number, payment references, transaction IDs, webhook outcomes, refund amounts, and payout allocation records;
free-text notes, instructions, and inspiration images submitted in connection with a booking or session;
receipt, bill, fulfilment-code, and payment-status records.

3.4 Communications and support information

email, SMS, push, and in-app notification records;
OTP verification events;
communications sent to or from CHEQIT;
support requests, complaint details, dispute details, internal resolution notes, and related records where a support or complaint channel is used.

3.5 Technical and usage information

authentication-session information;
device and application information;
browser and request metadata;
IP address or network-related metadata collected through infrastructure or security tooling;
crash, log, error, audit, and security-event information;
notification tokens and delivery metadata;
feature usage information and platform interaction history.

3.6 Location-related information

We may collect location-related information that you provide manually, such as addresses, operating location, service radius, city, province, country, or postal code. At launch, CHEQIT does not describe continuous background GPS tracking as a core platform feature. If device-based location permissions are introduced later, we may collect location data with your permission where required.

3.7 Content you upload or submit

Where you upload images, merchant content, notes, reviews, profile content, verification documents, or similar materials, we may process those materials as part of operating the Platform, verifying merchants, facilitating bookings, or maintaining platform records.

4. How We Collect Personal Information

We may collect personal information:

directly from you when you sign up, edit your account, make a booking, submit a payment, onboard as a merchant, or contact us;
automatically when you use the Platform, through systems that support authentication, security, notifications, infrastructure, and service operation;
from other users or merchants where that is necessary to facilitate a booking, session, order, or complaint;
from service providers, payment providers, or verification/compliance tools involved in operating the Platform;
from legal, regulatory, fraud-prevention, or dispute-related processes where appropriate.

5. Why We Use Personal Information

We use personal information for the following purposes.

5.1 To provide the Platform

create and manage user, merchant, and provider accounts;
verify email addresses, mobile numbers, and account access;
enable merchant onboarding, verification, offerings, availability, bookings, sessions, orders, and payouts;
facilitate customer use of the Platform, including deposits, balances, receipts, notifications, and operational messaging;

5.2 To verify identity, safety, and compliance

review identity and KYC information;
detect and prevent fraud, abuse, impersonation, misuse, and unauthorised conduct;
maintain security, account integrity, and platform trust;
review or enforce merchant or provider eligibility and status;

5.3 To process payments, refunds, and payouts

initiate, verify, reconcile, and record payments;
process or facilitate refunds where applicable;
manage payout-related information and merchant settlement processes;
maintain financial, reconciliation, and audit records;

5.4 To communicate with you

send transactional emails, SMS messages, OTPs, account notices, receipts, and push notifications;
respond to support requests, complaints, or disputes;
send service, security, legal, or operational notices;

5.5 To operate, improve, and secure the Platform

monitor service performance;
troubleshoot defects and incidents;
analyse usage for operational improvement;
maintain logs, audit records, security reviews, and internal controls;

5.6 For legal and regulatory purposes

comply with applicable law, lawful requests, and recordkeeping obligations;
enforce CHEQIT’s agreements, terms, and internal rules;
investigate claims, complaints, chargebacks, or disputes;
protect CHEQIT, merchants, users, the public, and platform systems;

5.7 For direct marketing where permitted

send service-related launch updates, product updates, or promotions where legally permitted;
manage consent and opt-out choices where required by law.

6. Lawful Grounds for Processing

Depending on the circumstances, we process personal information on one or more of the following grounds:

because the processing is necessary to provide the Platform or perform services you requested;
because the processing is necessary to take steps connected with account management, onboarding, bookings, payments, refunds, or merchant operations;
because the processing is necessary to comply with a legal or regulatory obligation;
because the processing supports CHEQIT’s legitimate interests, including platform security, fraud prevention, service improvement, operational integrity, recordkeeping, and dispute handling;
because you have given consent, where consent is required.

7. When We Share Personal Information

We do not sell personal information. We may share personal information in the following circumstances.

7.1 Between customers, merchants, and providers

Where required for the Platform to function, we may share relevant information between users, merchants, and providers so that bookings, sessions, orders, fulfilment, scheduling, and operational follow-up can take place. This may include names, contact information, booking details, notes, and other information reasonably necessary for the relevant transaction or service.

7.2 With service providers and processors

We may share personal information with third-party providers that help us run the Platform. These may include providers of:

hosting, infrastructure, database, storage, and authentication services;
payment initiation, verification, refunds, and payout flows;
transactional email delivery;
SMS and OTP delivery;
push notifications;
verification, compliance, and KYC support;
monitoring, logging, security, and operational tooling;
support and administrative tooling.

7.3 Key categories of providers used by the Platform at launch

Provider category	Purpose
Infrastructure, auth, storage, and database	Providers supporting core hosting, authentication, storage, and database functions for the Platform.
Payment provider(s)	Providers used to initiate payments, verify payments, process refunds, support subaccounts, and facilitate merchant payouts.
Email provider(s)	Providers used to send OTP, account, receipt, invite, and operational email communications.
SMS / OTP provider(s)	Providers used to deliver phone verification and service-related text messages.
Push notification provider(s)	Providers used to obtain device notification tokens and deliver push notifications.
Verification / compliance provider(s)	Providers used to support KYC, compliance sync, verification, or record transmission workflows.

7.4 For legal, safety, and dispute-related reasons

to comply with applicable law, court orders, lawful requests, or regulatory processes;
to protect CHEQIT, our users, merchants, providers, service providers, or the public;
to investigate fraud, abuse, security incidents, claims, complaints, chargebacks, or disputes;
to enforce our agreements, policies, or platform rules;
to support corporate transactions, insurance matters, or professional advice where lawfully required or reasonably necessary.

8. International and Cross-Border Transfers

CHEQIT may use service providers, infrastructure, or systems that process or store personal information outside South Africa. Where personal information is transferred across borders, we will take reasonable steps to ensure that the information remains protected in a manner consistent with applicable law, including through contractual, organisational, or technical safeguards where appropriate.

9. Cookies, Session Tools, and Similar Technologies

CHEQIT’s web services may use cookies, session tools, and similar technologies that are reasonably necessary for login persistence, security, preferences, session continuity, and core website functionality.

At launch, CHEQIT does not describe the Platform as operating a mature personalised advertising or broad ad-tech tracking stack as a core feature. If analytics, advertising, or marketing-cookie use is expanded later, CHEQIT may provide further notice and update this Privacy Policy or publish a separate cookie notice where appropriate.

10. Direct Marketing

Where permitted by law, CHEQIT may send marketing or promotional communications about the Platform or related services. Where consent is required, we will seek it. You may object to or opt out of direct marketing at any time by using the unsubscribe option in the relevant message or by contacting us using the contact details in this Privacy Policy.

11. Data Retention

We retain personal information for as long as reasonably necessary for the purposes described in this Privacy Policy, including to provide services, maintain platform records, verify merchants, process payments and refunds, investigate incidents, comply with legal obligations, and protect the integrity of the Platform.

Retention periods differ depending on the category of information. For example:

account information may be retained while the account is active and for a reasonable period afterwards;
transaction, payment, payout, and accounting records may be retained for as long as required by law or operational necessity;
merchant verification and compliance records may be retained for fraud-prevention, audit, verification, and legal purposes;
support, dispute, security, and log records may be retained for as long as reasonably necessary to investigate incidents, maintain controls, and meet legal or operational obligations;
where information is no longer required, CHEQIT may delete, anonymise, or de-identify it unless retention remains legally or operationally necessary.

12. Account Deactivation, Deletion, and Recordkeeping

At launch, CHEQIT’s account-removal model is based on account deactivation rather than an automatic promise of full deletion in all cases.

If you request account removal, your account may be deactivated.
Some personal information may still need to be retained for legal, tax, fraud-prevention, security, audit, dispute, recordkeeping, or operational reasons.
Merchant, booking, payment, payout, refund, and compliance records may need to be retained for longer than general profile information.
Where applicable law gives you a right to request correction, deletion, destruction, or restriction of certain personal information, CHEQIT will consider and respond to that request in accordance with applicable law.

13. Security

CHEQIT takes reasonable technical and organisational steps to protect personal information against loss, misuse, unauthorised access, disclosure, alteration, or destruction.

These measures may include:

authentication and access controls;
account verification measures;
permission-based access to systems and records;
transaction verification controls;
logging, monitoring, and review processes;
administrative safeguards and internal procedures;
secure service-provider arrangements where appropriate.

No method of electronic transmission or storage is completely secure. CHEQIT therefore cannot guarantee absolute security.

Where CHEQIT becomes aware of a security compromise affecting personal information, CHEQIT may take steps required by applicable law, including investigation, mitigation, internal escalation, and notification where legally required.

14. Your Rights

Subject to applicable law and the circumstances of the request, you may have rights to:

request information about the personal information CHEQIT holds about you;
request access to your personal information;
request correction of inaccurate or incomplete personal information;
object to certain processing;
request deletion, destruction, or restriction of certain personal information where legally applicable;
object to direct marketing;
withdraw consent where processing is based on consent;
lodge a complaint with the relevant regulator.

These rights are not absolute and may be limited by law or by CHEQIT’s legitimate need to retain certain information.

15. Minors

The Platform is not intended for individuals under the age of 18. CHEQIT does not knowingly allow under-18 users to create or operate accounts in breach of platform rules. If CHEQIT becomes aware that personal information relating to a child has been collected in a manner not permitted by law, CHEQIT may take steps to delete, restrict, or otherwise address that information as appropriate.

16. Third-Party Links and Merchant Responsibility

The Platform may contain links to third-party sites, merchant pages, payment pages, or external services that are not controlled by CHEQIT. CHEQIT is not responsible for the privacy practices of those third parties. Once information is lawfully shared with a merchant or provider for fulfilment or related operational purposes, that merchant or provider is responsible for its own downstream handling of that information subject to its own legal obligations.

17. Complaints

If you have a privacy concern, complaint, or data rights request, please contact CHEQIT first using the details below so that we can try to resolve the issue.

You may also have the right to lodge a complaint with the Information Regulator of South Africa.

Regulator	Information Regulator (South Africa)
General enquiries	enquiries@inforegulator.org.za \| 010 023 5200
POPIA complaints	POPIAComplaints@inforegulator.org.za
Address	Woodmead North Office Park, 54 Maxwell Drive, Woodmead, Johannesburg, 2191

18. Changes to this Privacy Policy

CHEQIT may update this Privacy Policy from time to time to reflect changes to the Platform, our operations, service providers, legal obligations, or processing practices. When we make changes, we will update the ‘Last Updated’ date above and, where appropriate, give additional notice through the Platform, by email, or by other suitable means.

19. Contact CHEQIT

Company	CHEQIT Innovations (Pty) Ltd
Registration number	2023/268134/07
Registered address	457 Rooibos Street, Thatchfield Glen
Privacy / Information Officer email	support@mg.cheqit.co.za
Support email	support@mg.cheqit.co.za