Privacy Notice
Last updated: 24 May 2026 · Compliant with POPIA (Protection of Personal Information Act 4 of 2013)
1. Who we are
ShotLeft (Pty) Ltd (the "Responsible Party") operates the ShotLeft
ride-hailing platform in South Africa. Our registered address is
[pending CIPC registration], Cape Town. Information Officer: Nika
van den Berg, info-officer@shotleftcab.co.za.
2. What we collect
- Identity: full name, phone number, optional email.
- Location: precise GPS during active trips; approximate when browsing for drivers.
- Payment: a tokenised reference to your card (we never store full card numbers) or cash trip records.
- Driver-only: SA ID number, driving licence, PrDP, police clearance, e-hailing insurance, banking details — required by South Africa's National Land Transport Act and SARS.
- Safety: optional emergency contacts (name + phone) used only when you press the panic button.
- App activity: anonymised crash reports via Sentry for fixing bugs.
3. Why we collect it
To match riders with drivers, calculate fares, route payouts, comply
with NLTA and SARS, and protect you when something goes wrong. We do
not sell your data to advertisers and do not target adverts based on
your trip history.
4. How long we keep it
| Data | Kept for |
|---|
| Trip history + payments | 7 years (SARS retention) |
| Live GPS trail | 90 days then deleted |
| Notifications | 6 months then deleted |
| Deleted accounts | 30-day grace then hard-deleted |
| KYC documents (rejected) | 30 days |
| KYC documents (approved) | 5 years (NLTA audit) |
5. Your rights under POPIA
- Access: see Profile → request data export, or email us.
- Correction: edit your name/email in-app; for trip data, open a support ticket.
- Deletion: Profile → Delete account. Soft-delete now; hard-delete in 30 days.
- Object: opt out of marketing in Profile → Notifications.
- Complain: contact us first; if unhappy, the Information Regulator at inforegulator.org.za.
6. Third parties we share data with
- Walletdoc (card payments + instant driver payouts) — only the tokenised reference, not your card number.
- Your bank — payout settlement instructions for drivers, no marketing.
- EskomSePush — anonymous load-shedding status lookups, no personal data sent.
- Meta (WhatsApp Business) — trip notifications to your phone, only if you opted in.
- Sentry — crash reports, scrubbed of PII.
- South African Police Service / authorised regulators — only when legally compelled.
7. Cross-border transfer
Most of your data stays on servers in South Africa or the EU. The few
cross-border transfers (Meta WhatsApp, Firebase Cloud Messaging,
Sentry) operate under POPIA-equivalent regimes and Standard
Contractual Clauses.
8. Security
Data in transit is encrypted with TLS. Sensitive fields (SA ID, banking)
are encrypted at rest. Admin access requires MFA. We follow OWASP
best practice; quarterly access reviews; annual penetration tests.
9. Changes to this notice
We'll notify you in-app and via email at least 14 days before any
material change. Continued use after the change means you accept it.
10. Contact
Information Officer: Nika van den Berg
Email: info-officer@shotleftcab.co.za
WhatsApp: +27 21 000 0000