← Home

Privacy Policy

Last updated: 29 April 2026

Gijima respects your privacy. This policy explains what data we collect, why we collect it, and how we protect it under the Protection of Personal Information Act 4 of 2013 (POPIA) and applicable South African law.

1. Who is the responsible party?

Gijima (Pty) Ltd, George, Western Cape, is the "responsible party" in POPIA terms. You can reach our information officer at privacy@gijima.app.

2. What we collect

Anonymous session — every time you scan a Plato QR code we mint a one-off anonymous session. We do not know who you are unless you tell us.

Order details — the items you order, the in-venue location you ask us to deliver to, and any special instructions you type in.

Optional contact — you may share an email address or mobile number to receive a receipt. Either or both is voluntary.

Technical metadata — IP, user-agent, timestamps, and device characteristics are logged for fraud prevention and debugging.

3. What we don’t collect

We never see your card number, CVV or PIN — those are entered on Yoco's hosted checkout. We receive only a payment reference and a success/failure result.

4. Why we use it

To prepare and deliver the food you ordered, to process payment, to email or SMS you a receipt if you asked for one, and to generate aggregated reports for the Merchant. We do not sell your personal data and we do not use it for advertising.

5. Where it lives

Order records, sessions and receipts are stored in our Supabase (PostgreSQL) database hosted in the African region (Cape Town). Email delivery uses Resend; SMS delivery uses Vonage. Yoco handles all card data on its own PCI-DSS-compliant infrastructure.

6. How long we keep it

Anonymous sessions and their cart contents are deleted after 30 days of inactivity. Orders and receipts are retained for 5 years to satisfy SARS and CPA recordkeeping. Optional email/phone inputs are retained only for as long as needed to deliver the associated receipt.

7. Your rights under POPIA

You have the right to (a) ask us what personal information we hold about you, (b) request correction or deletion, (c) object to processing, and (d) lodge a complaint with the Information Regulator (inforegulator.org.za).

Send any request to privacy@gijima.app and we'll respond within 30 days.

8. Cookies and local storage

Gijima uses a single first-party cookie to keep your Supabase session alive, and your browser's localStorage to remember your cart between page loads. No third-party tracking cookies are set.

9. Changes

We'll publish material changes here and flag them on the welcome screen the next time you order.

10. Contact

Gijima (Pty) Ltd, George, Western Cape, South Africa.
Information officer: privacy@gijima.app