Privacy Policy — POPIA

LekkerJob ("LekkerJob", "we", "us") is the responsible party (data controller) under POPIA for any personal information you provide when using the platform at next_public_site_url.

Information Officer: Jean Louw. You can reach the Information Officer at thejeanlouw@gmail.com or +27793297360. We are based in Cape Town, Western Cape, South Africa.

We only collect the information we need to run a job-management service for trade businesses. Concretely:

• Account data: your name, email address, password hash, phone number (optional), trade type (optional) and company name.
• Business data: clients you add (name, contact details, address), job cards, photos, notes, time entries, invoices, banking account details for invoices, and team member records.
• Signature data: digital signatures captured from you or your customers on job cards, stored as images against the job.
• Usage data: server-side logs of requests (IP address, user agent, page accessed, timestamp) kept for security and abuse prevention.
• Device data: when you install LekkerJob as a progressive web app, a service worker caches assets on your device for offline use. No personal information is shared with third parties by this mechanism.

We do not knowingly collect information from children under 18. If you believe a child has provided us with personal information, contact the Information Officer and we will delete it.

Under POPIA we may only process personal information for a specific, lawful purpose. Our purposes and lawful bases are:

• Providing the service you signed up for (contractual necessity) — creating your account, storing your job cards, generating invoices, sending emails from the platform.
• Legitimate interests of LekkerJob and our customers — securing the platform against abuse, preventing fraud, improving reliability.
• Compliance with a legal obligation — retaining tax-relevant records (invoices, VAT data) for the period required by SARS.
• Consent — any non-essential processing, such as optional product updates, where we explicitly ask for your permission.

We do not sell personal information. We share it only with operators (processors) that help us run the service, under written agreements:

• Supabase — managed Postgres database, authentication and file storage. Hosts your account data, job data, signatures and photos.
• Vercel — application hosting, edge network and server-side rendering. Processes request data in transit.
• Email delivery — transactional email for sign-up confirmations and password resets.

We do not send personally identifiable client information to third-party analytics providers. Aggregated, non-identifying usage metrics may be collected (see the Cookie Policy).

Some of our processors store or process personal information outside South Africa. We ensure that any cross-border transfer satisfies section 72 of POPIA — the recipient is subject to a law or binding agreement providing an adequate level of protection, or the transfer is necessary for the performance of a contract with you.

• Account data — for as long as your account is active, plus up to 12 months after deletion for dispute resolution and backup integrity.
• Invoices and VAT-relevant records — at least 5 years, as required by SARS.
• Signatures and completed job cards — for the life of your account, so that signed sign-offs remain retrievable.
• Server access logs — typically 90 days, then rotated.

When retention periods lapse, records are deleted or de-identified.

LekkerJob applies technical and organisational safeguards appropriate to the sensitivity of the information:

• Encryption in transit (HTTPS/TLS) for every request between your device and the platform.
• Encryption at rest for the Postgres database and file storage.
• Row-level security in the database so that one business cannot read another business’s records.
• Least-privilege access for LekkerJob staff, with access limited to the Information Officer and authorised engineers.
• Regular dependency updates and security review of the codebase.

In the event of a security compromise that is likely to adversely affect you, we will notify the Information Regulator and affected data subjects as required by section 22 of POPIA.

POPIA gives you specific rights over your personal information. You can:

• Ask us to confirm whether we hold information about you.
• Request a copy of the information, or a description of the records and who has had access.
• Request correction or deletion of information that is inaccurate, irrelevant, excessive, out of date, misleading or obtained unlawfully.
• Object to processing on reasonable grounds, or withdraw consent for processing that relies on consent.
• Lodge a complaint with the Information Regulator (South Africa) if you believe we are not complying with POPIA.

To exercise any of these rights, email thejeanlouw@gmail.com. We will respond within a reasonable period and at most within the timeframes required by POPIA.

Information Regulator (South Africa): complaints@inforegulator.org.za — https://inforegulator.org.za

When a LekkerJob user (a trade business) shares a job card with their customer for signature, the customer is a data subject under POPIA. Before capturing a signature we display a short notice explaining what is captured and why, and obtain explicit consent.

The signature, the timestamp, and the IP address at time of signing are stored against the job card for the trade business. The trade business is the responsible party for that customer relationship; LekkerJob is the operator processing the information on their behalf.

We may update this policy to reflect changes in the law or in how we operate the service. If we make a material change we will notify you by email or inside the app before the change takes effect. The version and effective date at the top of this page always reflect the current version.