Privacy Policy

This Privacy Policy explains how Elime (Pty) Ltd (registration number [REGISTRATION NUMBER]), based at [REGISTERED OFFICE ADDRESS], South Africa (“Elime”, “we”, “us”) collects, uses, shares, and protects personal information. It applies to elime.co.za, our client portal, and any service we provide.

We comply with the Protection of Personal Information Act, 2013 (POPIA) as a responsible party in the Republic of South Africa. For visitors and clients in the European Economic Area and the United Kingdom, we act as a data controller under the GDPR and UK GDPR where those laws apply.

1. Information we collect

Information you give us. When you contact us, book a discovery call, request a quote, or sign up to the client portal, we collect your name, email address, phone number, company name, and any project details you choose to share.

Account information. If you use the client portal, we collect the identifiers and profile data supplied via our authentication provider (currently Clerk), along with role and permission data needed to operate the portal.

Project and billing information. While delivering an engagement, we process quotes, invoices, contracts, support tickets, and any files you upload. Some of this will contain personal information about you or your team.

Usage and device information. We automatically collect standard log data such as IP address, browser type, pages viewed, and timestamps. We use this for security, debugging, and to improve the service.

Cookies. We use strictly necessary cookies to keep you signed in and to remember preferences (such as your theme). See section 7 below.

2. How we use your information

• To respond to your enquiries and provide quotes.
• To deliver, support, and invoice for the services you engage us for.
• To operate, secure, and improve the client portal.
• To send you transactional messages (e.g. booking confirmations, reminders, invoices, support notifications).
• To send occasional service updates you have opted in to receive.
• To meet our legal, tax, accounting, and regulatory obligations.

3. Legal basis for processing

We process personal information where:

• it is necessary to perform a contract with you or take steps at your request before entering a contract;
• you have given us consent, which you may withdraw at any time;
• it is necessary for our legitimate interests (such as running, securing, and improving our services), balanced against your rights; or
• it is necessary to comply with a legal obligation.

4. Who we share information with

We do not sell your personal information. We share it only with trusted service providers who help us run the business, under written agreements that require them to protect your data:

• Clerk — authentication and user management for the client portal.
• Convex — application database and backend.
• Vercel — website and application hosting.
• Google Workspace — calendar, meetings, and email communication.
• Resend or equivalent email providers — transactional email delivery.
• PostHog — product analytics and error tracking.
• Accounting, legal, tax, and professional advisors where necessary; and regulators, courts, or law-enforcement bodies where we are legally required to do so.

5. International transfers

Some of our service providers operate outside of South Africa, including in the European Union, the United Kingdom, and the United States. Where personal information is transferred abroad, we rely on the protections permitted by section 72 of POPIA and, where applicable, the GDPR's Standard Contractual Clauses or other lawful transfer mechanisms.

6. How long we keep your information

We keep personal information only for as long as we need it for the purposes set out in this Policy, or as required by law (including tax and accounting rules). When it is no longer needed, we delete or anonymise it.

7. Cookies

We use a minimal set of cookies and similar technologies: session cookies set by our authentication provider to keep you signed in, and a preference cookie that remembers UI choices such as your theme. We do not use advertising cookies. You can block cookies in your browser, but the client portal will not function correctly without session cookies.

8. Your rights

Under POPIA, and under the GDPR/UK GDPR where it applies, you have the right to:

• be told what personal information we hold about you;
• request access to, and a copy of, that information;
• have inaccurate or incomplete information corrected or completed;
• have information deleted where we no longer have a lawful basis to keep it;
• object to or restrict certain processing;
• withdraw consent you previously gave;
• lodge a complaint with the Information Regulator (South Africa) or your local data-protection authority.

To exercise any of these rights, email us at hello@elime.co.za. We may need to verify your identity before responding.

The Information Regulator (South Africa) can be contacted at inforegulator.org.za.

9. Security

We take reasonable technical and organisational measures to protect personal information against loss, unauthorised access, and misuse. These include encryption in transit, least-privilege access controls, audit logging, and regular review of our providers. No system is perfectly secure — please tell us immediately if you suspect a security incident affecting your account.

10. Children

Our services are not directed at children under 18, and we do not knowingly collect personal information from them. If you believe a child has provided us with personal information, please contact us and we will delete it.

11. Changes to this Policy

We may update this Policy from time to time. The updated version takes effect when published on this page and is identified by the effective date at the top.

12. Contact and Information Officer

Our designated Information Officer is Emile Boshoff. For any privacy-related question, request, or complaint:

Email: hello@elime.co.za
Post: Elime (Pty) Ltd, [REGISTERED OFFICE ADDRESS], South Africa

See also our Terms of Service.