Privacy Policy
Last updated: March 2026 · POPIA compliant
Information We Collect
We collect information you provide directly:
Account information (name, email, phone number)
Verification documents (ID number, selfie, location)
Listing content (titles, descriptions, images, pricing)
Communication records and payment information handled by Ozow and payment providers
We also collect device/browser info, IP address, and usage data automatically.
How Verification Data Is Used
ID numbers, ID document images, selfies, phone numbers, and location data are used to run verification checks, reduce fraud, review account safety, and support legal compliance.
Verification may include internal review, automated validation checks, SMS delivery providers, secure file storage, and third-party KYC or infrastructure providers where needed to deliver the service.
VerifyMzansi verifies people and account evidence. We do not verify that a business itself is official; business-profile trust signals refer to the person posting or managing the profile unless stated otherwise.
Verification does not guarantee that a person, business profile, product, rental, event, job, or transaction is safe. It only means specific platform checks were completed or reviewed.
Data Retention and Deletion
We retain account and listing data while your account is active. After account deletion, some records may be retained for fraud prevention, accounting, dispute handling, legal obligations, or platform integrity before deletion or anonymisation.
Successful ID/selfie verification evidence is targeted for deletion within 30 days after review, while failed or appealed verification evidence may be retained for up to 90 days for appeal, abuse, and duplicate-account checks unless a fraud, dispute, security, accounting, or legal hold applies.
After account closure, public listings and profile content may be removed or anonymised, while limited operational records may remain where required by law, accounting rules, abuse prevention, or unresolved disputes.
Your Rights Under POPIA
As a data subject in South Africa, you have the right to:
Access your personal information we hold
Request correction or deletion of your data
Object to processing of your data
Request information about the parties who received your personal information
Lodge a complaint with the Information Regulator
We provide a signed-in data-subject request form for access, correction, deletion, objection, and recipient-information requests.
Data Security and Access
We use encryption in transit, restricted verification storage, signed access paths, audit controls, and operational access limits for sensitive verification files.
Only authorised personnel with a platform safety, support, verification, legal, or security reason should access ID, selfie, or location evidence.
If we discover a data breach that may affect your personal information, we will investigate, contain the incident, preserve evidence, notify affected users and/or regulators where required, and publish follow-up guidance when appropriate.
Third Parties
We may use trusted providers for hosting, storage, identity/KYC workflows, SMS delivery, email, payments, security tooling, analytics, and operational support.
Providers should receive only the information needed to deliver their service and are expected to protect it under appropriate contractual, security, and POPIA-aligned obligations.
Sensitive Data Handling
| Data type | Why collected | Who receives it | Storage period | Deletion process |
|---|---|---|---|---|
| ID number | Identity verification, duplicate-account checks, fraud prevention | Internal reviewers and KYC/infrastructure providers where required | Successful checks: up to 90 days unless fraud, dispute, or legal hold applies | Request through privacy contact or signed-in data-rights form |
| ID document image | Evidence review and identity matching | Restricted verification reviewers and secure storage/KYC providers | Successful checks: target deletion within 30 days after review unless hold applies | Reviewed against fraud, dispute, accounting, and legal-hold obligations |
| Selfie image | Selfie-to-ID comparison and liveness-style review where enabled | Restricted verification reviewers and KYC/infrastructure providers | Failed checks: up to 90 days for appeal and abuse checks unless hold applies | Request deletion; closed-account evidence is reviewed for deletion within 90 days |
| Phone number | OTP checks, account recovery, safety contact, and posting accountability | SMS provider, internal platform systems, and support reviewers | Kept while account is active and as required for fraud or legal records | Update or delete through account/data-rights workflow where legally allowed |
| GPS/location | Location verification and marketplace location display | Internal platform systems and infrastructure providers | Kept while profile/listing uses the location or while needed for disputes | Remove from profile/listing or request correction/deletion |
| Payment data | Checkout, paid placement, accounting, refunds, and dispute handling | Ozow/payment provider, accounting records, and platform support | Payment and accounting records may be retained for up to 5 years where required | Handled under provider rules and platform legal/accounting obligations |
Selfie and ID-image processing may involve biometric-style comparison. Any such processing is used for verification and fraud prevention, not for public display.
Data Subjects & Contact
To exercise your rights under POPIA, contact our Information Officer first. If needed, you can continue with the signed-in data rights form.