← Back to SustainNet
Privacy Policy
Version 1.0 · Effective 1 April 2026 · Honey Badger Labs (Pty) Ltd
SustainNet ("we", "us", "our") is committed to protecting your personal information in accordance with the
Protection of Personal Information Act, 2013 (POPIA) of South Africa.
1. Information We Collect
| Category | Examples | Purpose |
|---|
| Account info | Name, email, phone | Create and manage your account |
| Payment info | PayFast token (we never see card numbers) | Process subscriptions |
| Usage data | Pages visited, features used, timestamps | Improve our service |
| AI interactions | Prompts, responses, coaching context | Deliver AI features (with consent) |
| Device info | Browser, IP address, device type | Security and analytics |
2. How We Use Your Information
- Service delivery — Run your account, process payments, provide AI coaching
- Communication — Send account emails, billing notices, and (with consent) marketing
- Improvement — Analyse usage patterns to improve the platform (anonymised)
- Legal compliance — Meet POPIA, tax, and regulatory requirements
We will never sell your personal data or use it for purposes beyond what you've consented to.
3. Consent (POPIA Section 11)
We collect separate consent for each processing purpose:
- Essential — Required for the service to work (cannot be withdrawn without deleting account)
- AI Coaching — AI-generated recommendations and analysis
- AI Training — Use anonymised data to improve our models
- Analytics — Usage tracking and service improvement
- Marketing — Promotional emails and offers
- Third Party — Sharing with partner services
You can grant or withdraw consent for each purpose at any time via your account settings or by contacting us.
4. Your Rights Under POPIA
- Right to access (Section 23) — Request a copy of all your personal data
- Right to correction (Section 24) — Ask us to correct inaccurate data
- Right to deletion (Section 24) — Request deletion of your account and data
- Right to object (Section 11) — Withdraw consent for specific processing purposes
- Right to data portability — Export your data in machine-readable format
Exercise these rights at GET /auth/me/data-export, DELETE /auth/me,
or email sustainnet@icloud.com.
5. Data Security
- All data transmitted over HTTPS (TLS 1.2+)
- Passwords hashed with bcrypt (never stored in plaintext)
- Database encrypted at rest (Google Cloud SQL)
- JWT tokens with expiry for session management
- Access controls: founder-only admin endpoints
6. Data Retention
- Active accounts — Data retained while your account is active
- Deleted accounts — 72-hour cooling-off period, then permanently deleted
- Billing records — Retained for 5 years per SA tax requirements
- Consent records — Retained indefinitely for audit trail (immutable)
7. Third-Party Services
| Service | Purpose | Data Shared |
|---|
| Google Cloud (GCP) | Infrastructure | All data (encrypted) |
| Anthropic (Claude) | AI features | Prompts/responses (with consent) |
| PayFast | Payments | Name, email, payment reference |
| Resend | Email delivery | Name, email address |
| Google Analytics | Usage analytics | Anonymised usage data (with consent) |
8. Cookies
We use the following cookies:
- academy_token — Essential: JWT session cookie for authentication
- Google Analytics — Analytics: usage tracking (requires consent)
9. Children's Privacy
Our service is not directed at children under 18. If we learn we have collected personal information
from a child under 18 without parental consent, we will delete it promptly.
10. Information Officer
POPIA Information Officer: Jakes Olivier
Email: sustainnet@icloud.com
Address: Centurion, Gauteng, South Africa
11. Changes to This Policy
We may update this policy. Material changes will be communicated via email.
The version number and effective date at the top of this page indicate the latest revision.
© 2026 Honey Badger Labs (Pty) Ltd · Centurion, South Africa
Terms of Service · Home