Plug A Pro

Privacy Policy

Last updated: 29 April 2026

Plug A Pro (“we”, “us”, or “our”) operates the marketplace platform at plugapro.co.za and app.plugapro.co.za, including our WhatsApp booking channel. This Privacy Policy explains how we collect, use, store, protect, and share your personal information in compliance with the Protection of Personal Information Act 4 of 2013 (“POPIA”) and other applicable South African law.

This policy is intended to be read alongside our Terms of Service.

1. Who is Responsible for Your Information

Plug A Pro is the “responsible party” under POPIA for personal information collected through the Platform. Our privacy contact is: privacy@plugapro.co.za.

2. What Personal Information We Collect

From Customers

  • Identity: First name (collected during WhatsApp onboarding or registration)
  • Contact: WhatsApp phone number (used as your account identifier)
  • Location: Service address (street, suburb, city) provided when booking
  • Job details: Service category, availability preferences, job descriptions, and any special instructions
  • Payment: When Platform-facilitated payment is used — transaction confirmation, reference numbers, and reconciliation data from the payment processor. We do not store card numbers.
  • Conversation history: WhatsApp messages exchanged with our Platform to process your requests, including message status (sent, delivered, read)
  • Reviews and ratings you submit for Providers

From Service Providers

  • Identity: Full name, identity number (handled with heightened protection under POPIA — not logged or exported without lawful basis)
  • Contact: WhatsApp phone number, email address where provided
  • Professional: Skills, trade licences, service areas, experience, availability, certifications, and portfolio materials
  • Earnings and job history: Job completion records, payout history, and settlement data processed through the Platform
  • Wallet and credits: Provider credits balance, top-up history, lead unlock records
  • Onboarding: Application status, review notes (internal only)

Automatically Collected

  • Device type and browser (web app users only, for functionality and security)
  • Session tokens to keep you signed in
  • API request logs for security monitoring and debugging

3. Why We Process Your Information (Legal Basis)

  • Contract performance: Matching Customers with Providers, processing Bookings, facilitating payment, generating invoices, managing disputes
  • Legitimate interest: Fraud prevention, abuse detection, Platform security, improving service quality
  • Legal obligation: Tax, financial record-keeping, regulatory compliance, responding to valid law enforcement requests
  • Consent: Sending marketing communications (separate consent required and revocable)

We do not sell your personal information to third parties.

4. How We Share Your Information

  • Matched Providers: Receive your first name, suburb, and job description when a lead is matched. Your full contact number is shared only once a booking is confirmed and the Provider needs to make contact.
  • Payment processors: If a Booking uses Platform-facilitated payment, your payment is processed by Peach Payments, PayFast, or another processor under their own privacy terms. We share only the minimum data required for payment processing.
  • Supabase: Our database and authentication infrastructure, hosted in a GDPR-compliant data centre. Subject to a data processing agreement.
  • Meta (WhatsApp): Messages sent via our WhatsApp channel are processed by Meta Platforms Inc. under their Business Messaging terms. We do not control Meta's data handling beyond our contractual arrangements.
  • Vercel: Our application hosting provider. Application code and logs are processed on Vercel infrastructure.
  • Law enforcement: Where required by a valid court order, subpoena, or applicable South African law.

5. Your Rights Under POPIA

As a data subject under POPIA, you have the right to:

  • Access: Request a copy of the personal information we hold about you
  • Correction: Ask us to correct inaccurate or incomplete information
  • Deletion: Request deletion of your account and personal data (subject to legal retention obligations below)
  • Objection: Object to processing for direct marketing purposes at any time
  • Restriction: Ask us to restrict how we process your data in certain circumstances
  • Complaints: Lodge a complaint with the Information Regulator of South Africa at justice.gov.za/inforeg

To exercise any of these rights, email privacy@plugapro.co.za. We will acknowledge your request within 5 business days and respond substantively within 30 days, as required by POPIA.

6. Direct Marketing and Communications Opt-Out

We send two categories of WhatsApp messages:

  • Transactional / service messages: Booking confirmations, job updates, payment confirmations, support responses. These are necessary for the Platform to operate. Opting out means you will not receive operational updates about your bookings.
  • Marketing messages: Promotions, referral offers, seasonal reminders, service suggestions. These require separate consent and you may opt out at any time by replying STOP to any marketing message, or by emailing support@plugapro.co.za. Opt-outs are processed within 5 business days and are recorded in our audit log.

We do not send unsolicited marketing without your consent. We do not pass your contact details to third parties for marketing purposes.

7. Data Retention

  • Active accounts: Retained while your account is active and for 30 days after you request closure
  • Deleted accounts: Personal data deleted within 30 days of closure, except where required by law (see below)
  • Financial and tax records: Retained for 5 years from the transaction date, as required under South African tax law
  • Job and booking records: Retained for 5 years for financial, safety, audit, and legal purposes
  • WhatsApp conversations: Retained for 12 months from the date of the conversation, then anonymised
  • Audit logs: Retained for 5 years to support fraud investigation, dispute resolution, and regulatory compliance
  • Provider identity documents (ID numbers): Retained for the period required under applicable law; not included in standard data exports

8. Security

We implement industry-standard security measures including: TLS encryption for all data in transit; encrypted storage at rest; role-based access controls; session management; and audit logging of sensitive administrative actions. We conduct periodic security reviews.

No system is completely secure. If you discover a security vulnerability, report it to privacy@plugapro.co.za and we will respond as quickly as possible.

9. Data Breach Notification

If we become aware of a data breach that creates a real risk of harm to data subjects, we will:

  • Notify the Information Regulator as required under POPIA
  • Notify affected users as soon as reasonably practicable
  • Describe the nature of the breach, what information was affected, what steps we have taken, and what you should do

Breaches are reported to the Regulator within a reasonable time of discovery in accordance with POPIA requirements.

10. Cookies

Our web app uses session cookies only (strictly necessary for authentication and session management). We do not use tracking, advertising, or analytics cookies. The marketing site (plugapro.co.za) uses no cookies.

11. Cross-Border Data Transfers

Some of our third-party service providers (including Supabase and Vercel) may process data in data centres outside South Africa. Where we use such providers, we ensure appropriate data processing agreements are in place that meet or exceed POPIA requirements for third-party data processors.

12. Children

Our Platform is for users aged 18 and over. We do not knowingly collect personal information from minors. If you believe a minor has provided their details, contact us at privacy@plugapro.co.za and we will delete the information promptly.

13. Changes to This Policy

We may update this policy from time to time. Material changes will be communicated via WhatsApp or a prominent notice on the Platform before they take effect. The “Last updated” date reflects the most recent revision. We retain dated copies of previous policy versions.

14. Contact

Privacy and data requests: privacy@plugapro.co.za
General support: support@plugapro.co.za
Plug A Pro — Registered in South Africa

Information Regulator (South Africa): justice.gov.za/inforeg