POPIA Compliance Notice

Last updated: 6 June 2026 · Applies to Fletcha Eats, operating in South Africa.

This notice explains how Fletcha Eats complies with the Protection of Personal Information Act, 2013 (Act No. 4 of 2013) — POPIA — and the rights you have as a data subject in South Africa. It works together with our Privacy Policy.

1. Who is the responsible party?

Fletcha Eats is the "responsible party" for personal information you submit through the app. You can contact our Information Officer at fletchalink.admin@gmail.com.

2. Your privacy rights

• Right to be informed — what we collect and why (see Privacy Policy).
• Right of access — request a copy of the personal information we hold about you.
• Right to correction — ask us to fix anything that is wrong, outdated or incomplete.
• Right to deletion — ask us to delete your personal information, subject to legal retention rules.
• Right to object — object to processing that is not strictly necessary.
• Right to withdraw consent — for processing that is based on your consent (e.g. push notifications, marketing).
• Right to lodge a complaint — with the Information Regulator (South Africa) at inforegulator.org.za.

3. How we process information lawfully

We process personal information only when one of these legal grounds applies:

• You have given consent (e.g. enabling location, opting into notifications).
• Processing is necessary to perform a contract with you (e.g. delivering an order, paying a driver).
• Processing complies with a legal obligation (e.g. tax records).
• Processing protects a legitimate interest (e.g. preventing fraud, securing the platform), balanced against your rights.

4. How we protect information

• Encryption in transit (TLS) for all app traffic.
• Row-level security on every database table — users only see their own data unless explicitly allowed.
• Passwords are hashed; verification documents and proofs live in access-controlled storage.
• Administrator access is logged.
• Regular reviews of security policies and an internal incident-response process.

5. Sharing of information

• We share data with order participants (customer ↔ driver ↔ business) only as needed to complete the delivery.
• We may share data with service providers (hosting, push-notification provider, payment processors) under strict confidentiality.
• We may share data with law enforcement when legally required.
• We do not sell personal information.

6. Cross-border transfers

Our hosting and push-notification providers may store data on servers outside South Africa. Where this happens we ensure equivalent protections to those required by POPIA.

7. Submitting access or correction requests

1. Email fletchalink.admin@gmail.com from the email on your account.
2. Subject: POPIA request — Access or POPIA request — Correction or POPIA request — Deletion.
3. Describe what you want and attach proof of identity.
4. We respond within 30 days. There is no charge for reasonable requests.

Questions? Contact us via the in-app Support page or email fletchalink.admin@gmail.com.