Privacy Policy
Last Updated: January 20, 2026
1. Introduction & Scope
Welcome to [Hustla]. We are committed to protecting the privacy and personal information of our users in accordance with the Protection of Personal Information Act (POPIA) of South Africa.
This policy applies to:
- Workers: Individuals seeking or engaged in employment opportunities.
- Employers: Businesses or individuals seeking to hire workers.
- Visitors: Anyone browsing our website or mobile application.
As the "Responsible Party," [Hustla] ensures that all processing of personal information is done lawfully, transparently, and for specified purposes.
2. Information We Collect
A. From Workers
To match you with opportunities, we collect:
- Identity Data: Full name, ID number, date of birth, and profile photo.
- Contact Data: Physical address, email, and phone number.
- Professional Data: Qualifications, skills, work history, and references.
- Financial Data: Bank details (for payment processing).
- Special Personal Information: Criminal background checks (where applicable for the role) and health information relevant to work capabilities.
- Technical Data: Real-time location (if using "Jobs Near Me" features).
B. From Employers
To facilitate hiring, we collect:
- Entity Data: Company name, registration number, and VAT/Tax details.
- Contact Person: Name, role, email, and business address.
- Transaction Data: Bank details for billing and payment history.
- Job Data: Requirements, site locations, and communication logs with workers.
C. Automatically Collected Data
- IP addresses, device type, browser information, and cookies for site analytics.
3. How We Use Your Information
We process your data for the following "Conditions for Lawful Processing":
- Job Matching: Connecting the right skills with the right vacancies.
- Verification: Confirming identities and qualifications to prevent fraud.
- Financials: Processing wages and platform fees.
- Security: Monitoring messaging systems to prevent platform abuse.
- Legal Obligations: Complying with South African labor and tax laws.
4. Legal Basis for Processing
We rely on the following grounds under POPIA:
- Consent: You explicitly agree to this policy when signing up.
- Contractual Necessity: We need this data to provide the service you signed up for.
- Legitimate Interest: To ensure the safety and integrity of our marketplace.
- Compliance: Meeting statutory requirements (e.g., SARS reporting).
5. Sharing & Third Parties
We do not sell your data. We only share it with:
- The Counterparty: Workers see Employer details; Employers see Worker profiles.
- Service Providers:
- Hosting: AWS / Google Cloud (Local SA Regions).
- Payments: [Insert Payment Gateway Name].
- Verification: Third-party background and ID check providers.
- Legal Authorities: When required by a subpoena or the Information Regulator.
6. Data Storage & Security
- Location: Data is primarily stored on secure servers located within South Africa.
- Encryption: We use AES-256 encryption for data at rest and SSL/TLS for data in transit.
- Access Control: Only authorized staff with Multi-Factor Authentication (MFA) can access sensitive databases.
- Breach Protocol: In the event of a data breach, we will notify the Information Regulator and affected users as soon as reasonably possible.
7. Your Rights (POPIA Section 5)
As a "Data Subject," you have the right to:
- Access: Request a copy of the personal info we hold about you.
- Correct: Update any inaccurate or out-of-date information.
- Delete: Request the permanent deletion of your profile (Right to Erasure).
- Object: Withdraw your consent for marketing at any time.
- Complain: Lodge a complaint with the Information Regulator if you feel we have misused your data.
8. Specific Platform Features
| Feature | Data Handling Practice |
|---|---|
| Profile Visibility | Workers can choose to hide their profile from specific employers. |
| Background Checks | Done only with explicit, separate digital consent. |
| Ratings/Reviews | Reviews left by employers are tied to your profile and visible to future hirers. |
| Messaging | We store chat logs to resolve disputes and prevent "off-platform" fraud. |
9. Data Retention
- Active Accounts: We keep your data for as long as your account is active.
- Inactive Accounts: Profiles inactive for more than [24 months] will be archived or deleted.
- Legal Records: Financial and contract data are kept for 7 years as required by the Companies Act.
10. Contact Information
Our Information Officer
Name: [Insert Name] Email: privacy@[yourdomain].co.za Address: [Insert Physical Address]
The Information Regulator (South Africa)
If you are unsatisfied with our response, you may contact the Regulator:
- Address: Woodmead North Office Park, 54 Maxwell Drive, Johannesburg, 2191
- Email: POPIAComplaints@inforegulator.org.za
- Website: https://inforegulator.org.za/
Consent Declaration: By clicking "I Agree" during registration, you confirm that you have read this policy and consent to the processing of your personal information as described above.