Privacy Policy
Last updated: 10 June 2026
1. Introduction
This Privacy Policy explains how ScrapFlow (“ScrapFlow”, “we”, “us”, or “our”) collects, uses, stores, shares, and protects personal information when you register for, access, or use the ScrapFlow application, website, and related services (collectively, the “Service”).
We are committed to processing personal information lawfully and responsibly in accordance with the South African Protection of Personal Information Act, 2013 (“POPIA”). By using the Service, you confirm that you have read and understood this Policy. It should be read together with our Terms and Conditions.
2. Who Is Responsible for Your Information
ScrapFlow is the “responsible party” (data controller) for the personal information we collect about you as our customer and account holder.
Where you, as a scrapyard business, enter information about your own customers, suppliers, staff, or transactions into the Service (“Customer Data”), you are the responsible party for that information, and ScrapFlow acts as an “operator” (data processor) that processes it on your behalf and under your instructions. You are responsible for ensuring you have a lawful basis to collect and process that information.
3. Information We Collect
We collect the following categories of personal information:
- Account and registration data: your name, business name, email address, phone number, and the PINs used to access your account.
- Billing and payment data: subscription plan, billing period, payment confirmation details, and EFT proof of payment you submit to us.
- Customer Data you enter: records you create within the Service, such as inventory, transactions, and details about your own customers and suppliers.
- Technical and usage data: log information, device and browser details, IP address, and activity within the Service used for security, troubleshooting, and improving the Service.
- Communications: messages you send us by email, WhatsApp, or phone for support and enquiries.
4. How and Why We Use Your Information
We process personal information for the following purposes:
- To create and manage your account and provide access to the Service;
- To process subscriptions, confirm payments, and manage billing;
- To host, sync, and back up your Customer Data so the Service functions;
- To provide customer support and respond to your enquiries;
- To secure the Service, prevent fraud and unauthorised access, and maintain audit and log records;
- To improve, maintain, and develop the Service; and
- To comply with our legal, tax, and regulatory obligations.
We rely on lawful bases permitted under POPIA, including performance of our contract with you, your consent where required, our legitimate interests in operating a secure Service, and compliance with the law.
5. How We Protect Your Information
We take reasonable technical and organisational measures to protect personal information against loss, unauthorised access, and misuse. These measures include:
- Storing PINs as one‑way encrypted (hashed) values rather than plain text;
- Restricting database access so business data is only served through authenticated, access‑controlled server requests scoped to your own business;
- Encrypted connections (HTTPS) between your device and our servers;
- Rate limiting and security controls to reduce abuse and unauthorised access.
No system can be guaranteed to be completely secure. You are responsible for keeping your PINs and credentials confidential and for notifying us promptly of any suspected security incident affecting your account.
6. Sharing and Disclosure
We do not sell your personal information. We only share it in the following limited circumstances:
- Service providers: trusted third parties who help us operate the Service, such as cloud hosting, database, and email delivery providers, who are bound to process information only on our instructions.
- Legal requirements: where we are required to disclose information by law, regulation, court order, or to protect our rights, users, or the public.
- Business transfers: in connection with a merger, acquisition, or sale of assets, subject to appropriate protections.
7. Cross-Border Transfers
Some of our service providers may store or process information on servers located outside South Africa. Where personal information is transferred across borders, we take reasonable steps to ensure it receives a level of protection consistent with POPIA, including through appropriate contractual safeguards with those providers.
8. Retention of Information
We retain personal information for as long as your account is active and for a reasonable period afterwards as necessary to provide the Service, comply with our legal and tax obligations, resolve disputes, and enforce our agreements. When information is no longer required, we will delete or de‑identify it. You are encouraged to export or record any Customer Data you need before your subscription ends.
9. Your Rights Under POPIA
Subject to applicable law, you have the right to:
- Request access to the personal information we hold about you;
- Request that we correct or update inaccurate or incomplete information;
- Request that we delete or destroy information where we are no longer entitled to retain it;
- Object to the processing of your personal information in certain circumstances;
- Withdraw consent where our processing is based on consent; and
- Lodge a complaint with the Information Regulator of South Africa if you believe your rights have been infringed.
To exercise any of these rights, please contact us using the details below. We may need to verify your identity before acting on your request.
10. Information Regulator
You have the right to complain to the Information Regulator if you are not satisfied with how we handle your personal information:
- The Information Regulator (South Africa)
- Website: inforegulator.org.za
- Email: enquiries@inforegulator.org.za
11. Children
The Service is intended for use by businesses and is not directed at children. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us so we can take appropriate action.
12. Changes to This Policy
We may update this Privacy Policy from time to time. When we make material changes, we will update the “last updated” date above and, where reasonable, notify you. Your continued use of the Service after changes take effect constitutes acceptance of the revised Policy.
13. Contact Us
If you have any questions about this Privacy Policy or wish to exercise your rights, please contact us:
- Email: rshakirascrapyard@gmail.com
- WhatsApp / Phone: 065 877 7771
This document is provided as a general template for the ScrapFlow Service and does not constitute legal advice. We recommend having this Privacy Policy reviewed by a qualified legal professional to ensure it is appropriate for your business and fully compliant with POPIA and other applicable laws.