Privacy Notice
Protection of Personal Information Act (POPIA) · Last updated: May 2026
This notice explains what personal data Me2You collects, why we collect it, how we keep it safe, and what rights you have. We have written it in plain language so you can make informed choices about your information.
1. What we collect
| Category | Data |
|---|---|
| Registration | Name, email, phone number, password (stored hashed, never in plain text) |
| Profile | Profile photo (optional), location or suburb |
| Orders | Delivery address, order history, payment references |
| Seller data | Bank account details, ID document for verification |
| Driver data | ID, driver's licence, vehicle details, insurance documents |
| Technical | IP address, device type, browser, session data |
| Cookies | Session cookies (required) and analytics cookies (opt-in) |
2. Why we collect it
- To create and manage your account
- To connect buyers and sellers and process transactions
- To process payments through PayFast and manage escrow
- To arrange and track deliveries
- To prevent fraud and enforce platform rules
- To send you order updates and platform notifications
- To improve the platform through anonymised analytics
3. Who we share data with
| Third party | What we share | Why |
|---|---|---|
| PayFast | Payment details, order amounts | Payment processing |
| Delivery partners / drivers | Buyer name, delivery address, phone number | Order fulfilment |
| Analytics providers | Anonymised usage data | Platform improvement |
| Law enforcement | As required by law or court order | Legal obligation |
We do not sell your personal data to third parties. We do not share your data with advertisers in identifiable form.
4. Cookies
- Essential cookies - session management and authentication. These are required for the site to work.
- Analytics cookies - usage patterns and page views. We only set these with your opt-in consent.
You can manage cookie preferences through your browser settings or our cookie banner.
5. How long we keep your data
- Active accounts - data is retained for as long as your account is active.
- Inactive accounts - data is purged after 24 months of no activity.
- Transaction records - retained for 5 years per SA tax and financial regulations.
- Dispute records - retained for 3 years after resolution.
6. Your rights under POPIA
You have the right to:
- Access - request a copy of the personal data we hold about you.
- Correction - ask us to update inaccurate or incomplete data.
- Deletion - request that your account and personal data be deleted.
- Objection - object to us processing your data for direct marketing.
- Complaint - lodge a complaint with the Information Regulator if you believe we have mishandled your data.
7. How we protect your data
- Passwords are hashed with bcrypt and never stored in plain text.
- All traffic is encrypted with HTTPS (TLS).
- Session cookies are marked httponly, secure, and samesite.
- Database access is restricted to authorised application processes only.
- We use prepared statements for all database queries to prevent injection attacks.
8. How to contact us
- Email: team@m2y.online
- In-app: Settings > Privacy > Data Request
- We will respond within 30 days, as required by POPIA.
9. Information Officer
- Email: team@m2y.online
- Registration with the Information Regulator: pending
Internal reference only. This page is not formal legal advice. Consult a qualified attorney for binding legal opinions.