Privacy Policy

Version: 16 February 2026

Introduction

RefundU ("we", "us", "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application (the "Application"). This policy is designed to comply with the Protection of Personal Information Act (POPIA) and other applicable data protection laws. By using the Application, you consent to the data practices described in this policy.

Information We Collect

Personal Information:

  • Full name and surname
  • South African ID number
  • Cell phone number
  • Email address
  • Date of birth (derived from ID number)

Profile Information:

  • Gender
  • Age range
  • Marital status
  • Whether you have children (yes/no)
  • Monthly gross income

Address Information:

  • Street address
  • Suburb
  • City
  • Province
  • Postal code

Employment Details:

  • Employment status
  • Employer name
  • Occupation
  • Employment duration

Financial Products Information:

We collect information about financial products and services you currently use or are interested in:

  • Credit products (Personal Loan, Credit Card, RCP, Overdraft, Home Loan, Vehicle Finance, Retail Store Card)
  • Cellular products (Prepaid, Postpaid, Data packages)
  • Insurance products (Life Insurance, Funeral Cover, Medical Aid, Gap Cover, Vehicle Insurance, Home Insurance)
  • Investment products (Cash Savings, Pension Fund, Shares, Cryptocurrency, Stokvels, Fixed Deposits)

Usage Data:

  • Advertisements viewed
  • Time spent viewing advertisements
  • Products and services you express interest in
  • Referral activity
  • Token accumulation and voucher redemption history
  • Push notification token (for sending notifications only)
  • Application usage statistics and preferences
  • Phone verification status and history

How We Collect Information

We collect information:

  • Directly from you when you register and use the Application
  • Automatically through your use of the Application (such as notification preferences and activity tracking)
  • From third parties when you interact with advertisers

How We Use Your Information

We use your information to:

  • Create and manage your account
  • Verify your identity and location through your ID number and address information
  • Provide personalized advertisements relevant to your demographic profile, location, and interests
  • Match you with financial service advertisements based on your current financial products and employment status
  • Target regional offers based on your city and province
  • Process token rewards and voucher redemptions
  • Connect you with advertisers whose products may interest you based on your professional and financial profile
  • Improve and optimize the Application
  • Send you notifications about new opportunities that match your profile
  • Communicate with you about the Application and promotional offers
  • Comply with legal obligations
  • Prevent fraud and enhance security through phone verification
  • Conduct analytics and research to improve our services
  • Process referrals and reward distribution

Information Sharing and Disclosure

We may share your information with:

Advertisers and Marketing Partners:

  • We share your contact information (name, phone number, email, ID number) with advertisers whose content you have viewed or expressed interest in
  • We share your demographic profile including gender, age range, marital status, and whether you have children
  • We share your address information (city, province, and in some cases full address) to enable regional targeting
  • We share your employment details (employment status, occupation, employer name) to help advertisers understand your professional profile
  • We share information about financial products you currently use or are interested in to match you with relevant financial service offers
  • Advertisers may contact you directly regarding their products and services
  • You control which advertisements you engage with, and information is only shared with advertisers you choose to interact with

Service Providers:

  • Third-party vendors who assist in operating the Application
  • Payment processors for voucher redemption
  • Analytics providers to help us understand Application usage
  • Customer service and support providers

Legal Requirements:

  • When required by law or legal process
  • To protect our rights, property, or safety
  • To prevent fraud or security threats
  • In connection with business transfers or acquisitions

We will not sell your personal information to third parties for their independent marketing purposes without your explicit consent.

Your Rights Under POPIA

As a South African resident, you have the following rights regarding your personal information:

Right to Access:

  • You may request access to the personal information we hold about you
  • We will provide a copy of your data in a readable format within 30 days

Right to Know Retention Periods:

  • You have the right to know how long we retain your personal information
  • Detailed retention periods are outlined in the "DATA RETENTION" section below
  • Contact us at info@refundu.co.za for specific questions about your data retention

Right to Correction:

  • You may request correction of inaccurate or incomplete information
  • Most profile information can be updated directly in the Application
  • For fields that cannot be self-edited, contact us at info@refundu.co.za

Right to Deletion:

  • You may request deletion of your personal information, subject to legal obligations
  • You can delete your account directly through the "Delete Account" button in the Profile section of the Application
  • Alternatively, you may request account deletion by emailing info@refundu.co.za
  • Account deletion is permanent and irreversible
  • When you delete your account, most personal information will be removed within 30 days
  • Some data will be retained in anonymized form for legal compliance (see "DATA RETENTION" section)
  • Please note that users you referred will lose their referral tokens when you delete your account

Right to Object:

  • You may object to the processing of your information for direct marketing purposes
  • You can manage your marketing preferences in the Application settings
  • You may also object to processing based on legitimate interests

Right to Restrict Processing:

  • You may request restriction of processing in certain circumstances
  • Examples include: while we verify data accuracy, if you contest the lawfulness of processing, or during legal proceedings

Right to Data Portability:

  • You may request a copy of your data in a portable, machine-readable format (CSV or JSON)
  • This applies to data you provided to us with your consent or under a contract
  • Contact info@refundu.co.za to request data portability

Right to Lodge a Complaint:

  • If you believe your rights have been violated, you may lodge a complaint with the Information Regulator
  • See "COMPLAINTS" section below for contact details

To exercise these rights, please contact us at info@refundu.co.za with:

  • Your full name and registered email address
  • Specific right you wish to exercise
  • Any relevant details to help us process your request

We will respond to your request within 30 days as required by POPIA.

Data Security

We implement appropriate technical and organizational measures to protect your personal information, including:

  • Encryption of sensitive data
  • Secure server infrastructure
  • Access controls and authentication
  • Regular security assessments
  • Employee training on data protection

However, no method of transmission over the internet or electronic storage is 100% secure, and we cannot guarantee absolute security.

Data Retention

We are committed to retaining your personal information only for as long as necessary to fulfill the purposes for which it was collected and to comply with legal and regulatory requirements.

Inactive Account Management

To ensure data minimization and comply with POPIA principles, we have implemented an automatic inactive account deletion process:

  • An account is considered inactive after 24 months without login activity
  • At 18 months of inactivity, we will send a warning email to your registered email address
  • At 22 months of inactivity, we will send a final notice
  • At 24 months of inactivity, your account will be automatically deleted following the same process as manual account deletion (see "ACCOUNT DELETION AND DATA REMOVAL" below)
  • You can reactivate your account at any time before automatic deletion by simply logging in
  • All unredeemed tokens and active vouchers will be forfeited upon automatic deletion

Post-Deletion Retention

After you delete your account (either manually or through automatic deletion):

  • Most personal data is deleted within 30 days
  • Transaction records are retained in anonymized/pseudonymized form for 7 years for tax and financial compliance
  • Financial compliance records are retained for 7 years as required by the Tax Administration Act and Companies Act
  • Fraud prevention records may be retained for 5 years to protect the platform and other users
  • Legal dispute records are retained until dispute resolution plus 2 years
  • Backup systems are purged within 90 days of deletion request
  • All identifiable personal information is removed, with only anonymized statistical data retained for compliance purposes

Legal and Regulatory Compliance

Our retention periods are designed to comply with:

  • Protection of Personal Information Act (POPIA) Section 14 - Retention and restriction of records
  • Tax Administration Act - 5 year minimum for financial records related to tax obligations
  • Companies Act - 7 years for accounting records and financial transactions
  • Consumer Protection Act - 5 years for complaints and consumer-related records
  • Financial Intelligence Centre Act (FICA) - Requirements for financial service related records
  • Financial Advisory and Intermediary Services Act (FAIS) - Financial products information retention

Regular Data Review

We conduct regular reviews of stored data to ensure:

  • Retention periods are properly applied
  • Data no longer required is securely deleted or anonymized
  • Compliance with evolving legal requirements
  • Data minimization principles are respected

When information is no longer needed for its original purpose and retention period has expired, we will securely delete or permanently anonymize it.

Account Deletion and Data Removal

If you choose to delete your account:

  • You can do so through the "Delete Account" button in the Profile section of the Application
  • Alternatively, you may send an email request to info@refundu.co.za
  • Most of your personal information will be permanently deleted within 30 days of your request
  • Any unredeemed tokens and active vouchers will be forfeited immediately
  • Users you have referred will lose their referral tokens
  • Account deletion is permanent and cannot be reversed
  • You will not be able to create a new account using the same ID number or email address for a period of time to prevent abuse

What Happens to Your Data After Deletion

Upon account deletion, your data is handled according to our retention policy:

Immediately Deleted (within 30 days):

  • Profile photos and display preferences
  • Push notification tokens and device identifiers
  • Active session data
  • Marketing preferences and communication settings
  • Non-compliance related personal identifiers

Retained in Anonymized/Pseudonymized Form:

  • Transaction records: Retained for 7 years in anonymized form for tax and audit compliance (Tax Administration Act, Companies Act)
  • Financial compliance records: Retained for 7 years with personal identifiers removed where possible (Companies Act Section 24)
  • Fraud prevention records: Retained for 5 years to protect the platform and other users, with minimal identifiable information
  • Legal dispute records: Retained until resolution plus 2 years, then permanently deleted
  • Consent withdrawal records: Retained for 5 years as proof of your rights exercise (POPIA Section 69)

Backup Systems:

  • All backups containing your data will be purged within 90 days of your deletion request
  • Emergency recovery systems are overwritten on a rolling 90-day cycle

Before deleting your account, please ensure you:

  • Redeem any tokens you wish to use
  • Use any active vouchers
  • Download any information you need to keep (request a data export via info@refundu.co.za)
  • Understand the impact on users you have referred
  • Note that some anonymized transaction data will be retained for legal compliance

Children's Privacy

The Application is not intended for users under 18 years of age. We do not knowingly collect information from children. If we become aware that we have collected information from a child under 18, we will take steps to delete such information.

International Data Transfers

Your information may be transferred to and processed in countries outside of South Africa. We will ensure appropriate safeguards are in place to protect your information in accordance with this Privacy Policy and applicable laws.

Marketing Communications

You may receive:

  • Promotional emails about the Application
  • Notifications about new advertisers and offers
  • Updates about tokens and vouchers
  • Communications from third-party advertisers

You can opt out of marketing communications through:

  • Account settings in the Application
  • Unsubscribe links in emails
  • Contacting us at info@refundu.co.za

Note: You cannot opt out of essential service communications related to your account.

Third-Party Links

The Application may contain links to third-party websites or services. We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by:

  • Posting the updated policy in the Application
  • Sending an email notification
  • Displaying a prominent notice in the Application

Your continued use of the Application after changes constitutes acceptance of the updated policy.

Complaints

If you believe your privacy rights have been violated, you may lodge a complaint with:

The Information Regulator (South Africa)

Email: inforeg@justice.gov.za

Website: www.justice.gov.za/inforeg

You may also contact us directly to resolve any privacy concerns.

Consent Withdrawal

You may withdraw your consent to data processing at any time by:

  • Deleting your account using the "Delete Account" button in the Profile section of the Application
  • Emailing your account deletion request to info@refundu.co.za

Note that withdrawing consent and deleting your account will:

  • Permanently remove your access to the Application
  • Result in the forfeiture of all unredeemed tokens and active vouchers
  • Cause users you referred to lose their referral tokens
  • Lead to permanent deletion of your personal information (subject to legal retention requirements)

Data Breach Notification

In the event of a data breach that poses a risk to your rights and freedoms, we will notify you and the Information Regulator as required by POPIA, typically within 72 hours of becoming aware of the breach.

Contact Information

If you have questions or concerns about this Privacy Policy or our data practices, please contact us at:

RefundU

Email: info@refundu.co.za

Information Officer:

Email: info@refundu.co.za

Acknowledgment

By using the Application, you acknowledge that you have read and understood this Privacy Policy and consent to the collection, use, and disclosure of your information as described herein.

Last Updated: 16 February 2026

Back to Home