Privacy Policy

Last updated: March 2026 • v1.0 — March 2026

1. Responsible Party

This privacy policy applies to Mimosie, operated by Kehan Taljaard and Nina Swart, a partnership (co-owned) based in Stellenbosch, Western Cape, South Africa.

Website: https://mimosie.co.za

Email: mimosieza@gmail.com

Physical address: 94 Merriman avenue, Stellenbosch, Western Cape, South Africa

Phone: +27712209477

2. Personal Information We Collect

We collect the following categories of personal information when you use Mimosie:

2.1 Information You Provide Directly

Full name and display name
Email address
Phone number (optional — only shared if you enable WhatsApp contact)
Profile photo
Dress listings (photos, descriptions, sizes, pricing, availability)
Messages sent through our in-app messaging system
Payment information (processed by PayFast — we do not store card details)

2.2 Information Collected Automatically

Device type and browser information
IP address
Session and authentication tokens (via Clerk)
Platform usage patterns and page views

3. Purposes of Processing

We process your personal information for the following purposes:

Account creation and management
Enabling dress listing and browsing functionality
Facilitating in-app messaging between users
Processing listing fee payments via PayFast
Platform safety, fraud prevention, and abuse detection
Sending service-related notifications (new messages, listing approvals, etc.)
Analytics to improve platform performance and user experience
Responding to support requests and complaints
Complying with legal obligations

We do not sell your personal information to third parties.

4. Lawful Basis for Processing (POPIA)

We process your personal information on the following lawful grounds as set out in the Protection of Personal Information Act 4 of 2013 (POPIA):

Consent (explicit at signup)

You provide explicit consent when you accept our Terms and Conditions and Privacy Policy during account registration, including confirmation that you are 18 or older.

Contract

Processing is necessary to perform our obligations under our Terms and Conditions, including enabling you to create listings, message other users, and use the platform.

Legitimate Interest

We process certain data in our legitimate interest to prevent fraud, ensure platform security, and improve our services.

Legal Obligation

We may process data as required by South African law, including retaining financial records for tax compliance purposes.

5. Cross-Border Data Transfers

We use the following third-party service providers, some of which process data outside South Africa. Adequate safeguards are in place in accordance with POPIA Section 72:

Provider	Location	Purpose
Clerk	United States	Authentication (login, signup, session management)
Supabase	United States (AWS us-east-1)	Database storage (profiles, listings, messages)
Vercel	Global CDN (nearest edge)	Web hosting and content delivery
PayFast	South Africa (Cape Town)	Payment processing for listing fees
Resend	United States	Transactional email delivery
Cloudflare R2	Global (nearest region)	Image and file storage for dress listings and profiles

Each provider is contractually bound to process data only as instructed and to implement appropriate technical and organisational security measures. We have reviewed their safeguards to ensure compliance with POPIA Section 72 requirements for cross-border transfers.

6. Your Rights Under POPIA (Sections 23–25)

Under the Protection of Personal Information Act, you have the following rights:

Right of access (Section 23): You may request a copy of the personal information we hold about you.
Right to correction (Section 24): You may request correction of inaccurate, irrelevant, or excessive personal information.
Right to deletion: You may request deletion of your account and associated personal information. You can do this via your profile settings or by emailing us.
Right to object to processing (Section 11(3)): You may object to the processing of your personal information on reasonable grounds.
Right to complain to the Information Regulator: If you believe your rights have been violated, you may lodge a complaint with the Information Regulator of South Africa (see contact details below).

To exercise any of these rights, contact us at mimosieza@gmail.com. We will respond within 30 days.

The Information Regulator (South Africa)

JD House, 27 Stiemens Street, Braamfontein, Johannesburg, 2001

Email: POPIAComplaints@inforegulator.org.za

Tel: +27 10 023 5207

7. Data Sharing

We share your personal information only in the following circumstances:

With other users: Your display name, profile photo, and dress listings are visible to other platform users. Your phone number is only shared when you explicitly approve a WhatsApp contact request.
With service providers: We share data with the providers listed in Section 5 solely for the purpose of operating the platform. They are not permitted to use your data for their own purposes.
For legal compliance: We may disclose personal information if required by law, court order, or to protect the safety or rights of users or third parties.

We never sell, rent, or trade your personal information to third parties for marketing purposes.

8. Data Retention

Your account and associated data is retained for as long as your account remains active.
When you delete your account, your personal data (profile, listings, messages) is purged within 30 days.
Payment records (transaction references and amounts) are retained for 5 years in accordance with South African tax law.
Consent records are retained indefinitely for legal compliance purposes.

9. Security Measures

We implement the following technical and organisational security measures:

All data transmitted between your browser and our servers is encrypted using TLS (HTTPS).
Authentication is handled by Clerk, which implements industry-standard security practices including password hashing and multi-factor authentication support.
Access to the database is restricted to authorised services via row-level security policies.
Administrative access requires elevated credentials and is logged.
Security practices are reviewed regularly.

No internet-based platform can guarantee absolute security. We encourage you to use a strong, unique password and to report any security concerns to mimosieza@gmail.com.

10. Cookies

We use the following cookies:

Clerk session cookies: These are functional cookies required to keep you logged in. They cannot be disabled without breaking authentication.

We do not use tracking cookies, advertising cookies, or third-party analytics cookies. We do not use Google Analytics or similar tracking tools.

11. Children and Minors

Mimosie is a platform marketed to adults aged 18 and over. We require users to confirm that they are 18 or older during signup.

We do not knowingly collect personal information from children under 18. If we become aware that a user under 18 has provided personal information without appropriate consent, we will take steps to delete that information promptly.

12. Information Officer

The Information Officer responsible for compliance with POPIA is:

Name: Kehan Taljaard

Email: mimosieza@gmail.com

13. Information Regulator Contact

If you are dissatisfied with our handling of your personal information, you have the right to lodge a complaint with the Information Regulator of South Africa:

The Information Regulator (South Africa)

JD House, 27 Stiemens Street, Braamfontein, Johannesburg, 2001

Email: POPIAComplaints@inforegulator.org.za

Tel: +27 10 023 5207

Website: inforegulator.org.za

14. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated to you via email notification and/or an in-app notification at least 30 days before the changes take effect. Continued use of the platform after the effective date of any changes constitutes acceptance of the updated policy.

15. Effective Date

This Privacy Policy is effective from March 2026.

For any privacy-related questions or to exercise your rights, contact us at mimosieza@gmail.com.