Privacy Policy

1. Responsible Party

This privacy policy applies to Mimosie, operated by Kehan Taljaard and Nina Swart, a private company (pty) ltd based in Stellenbosch, Western Cape, South Africa.

2. Personal Information We Collect

We collect the following categories of personal information when you use Mimosie:

2.1 Information You Provide Directly

• Full name and display name
• Email address
• Phone number (optional — only shared if you enable WhatsApp contact)
• Profile photo
• Dress listings (photos, descriptions, sizes, pricing, availability)
• Messages sent through our in-app messaging system
• Payment information (processed by Paystack — we do not store card details)

2.2 Information Collected Automatically

• Device type and browser information
• IP address
• Session and authentication tokens (via Clerk)
• Platform usage patterns and page views
• Error reports and performance data (via Sentry — session replays are only recorded with your analytics cookie consent)

3. Purposes of Processing

We process your personal information for the following purposes:

• Account creation and management
• Enabling dress listing and browsing functionality
• Facilitating in-app messaging between users
• Processing listing fee payments via Paystack
• Platform safety, fraud prevention, and abuse detection
• Sending service-related notifications (new messages, listing approvals, etc.)
• Analytics to improve platform performance and user experience
• Responding to support requests and complaints
• Complying with legal obligations

We do not sell your personal information to third parties.

4. Lawful Basis for Processing (POPIA)

We process your personal information on the following lawful grounds as set out in the Protection of Personal Information Act 4 of 2013 (POPIA):

5. Cross-Border Data Transfers

We use the following third-party service providers, some of which process data outside South Africa. Adequate safeguards are in place in accordance with POPIA Section 72:

Each provider is contractually bound to process data only as instructed and to implement appropriate technical and organisational security measures. We have reviewed their safeguards to ensure compliance with POPIA Section 72 requirements for cross-border transfers.

6. Your Rights Under POPIA (Sections 23–25)

Under the Protection of Personal Information Act, you have the following rights:

• Right of access (Section 23): You may request a copy of the personal information we hold about you.
• Right to correction (Section 24): You may request correction of inaccurate, irrelevant, or excessive personal information.
• Right to deletion: You may request deletion of your account and associated personal information. You can do this via your profile settings or by emailing us.
• Right to object to processing (Section 11(3)): You may object to the processing of your personal information on reasonable grounds.
• Right to complain to the Information Regulator: If you believe your rights have been violated, you may lodge a complaint with the Information Regulator of South Africa (see contact details below).

To exercise any of these rights, contact us at mimosieza@gmail.com. We will respond within 30 days.

7. Data Sharing

We share your personal information only in the following circumstances:

• With other users: Your display name, profile photo, and dress listings are visible to other platform users. Your phone number is only shared when you explicitly approve a WhatsApp contact request.
• With service providers: We share data with the providers listed in Section 5 solely for the purpose of operating the platform. They are not permitted to use your data for their own purposes.
• For legal compliance: We may disclose personal information if required by law, court order, or to protect the safety or rights of users or third parties.

We never sell, rent, or trade your personal information to third parties for marketing purposes.

8. Data Retention

• Your account and associated data is retained for as long as your account remains active.
• When you delete your account, your personal data (profile, listings, messages) is purged within 30 days.
• Payment records (transaction references and amounts) are retained for 5 years in accordance with South African tax law.
• Consent records are retained indefinitely for legal compliance purposes.

9. Security Measures

We implement the following technical and organisational security measures:

• All data transmitted between your browser and our servers is encrypted using TLS (HTTPS).
• Authentication is handled by Clerk, which implements industry-standard security practices including password hashing and multi-factor authentication support.
• Access to the database is restricted to authorised services via row-level security policies.
• Administrative access requires elevated credentials and is logged.
• Security practices are reviewed regularly.

No internet-based platform can guarantee absolute security. We encourage you to use a strong, unique password and to report any security concerns to mimosieza@gmail.com.

10. Data Breach Notification

In accordance with POPIA Section 22, if we become aware of a security compromise that results in unauthorised access to your personal information, we will:

• Notify the Information Regulator as soon as reasonably possible after becoming aware of the breach.
• Notify affected data subjects (you) as soon as reasonably possible, describing the nature of the breach, the information involved, and the steps we are taking in response.
• Take immediate steps to investigate and contain the breach, and to mitigate any potential harm.

If you believe your account or personal information has been compromised, please contact us immediately at mimosieza@gmail.com.

11. Cookies

We use the following categories of cookies:

• Essential cookies: Clerk session cookies required to keep you logged in, and cookie consent preferences. These cannot be disabled without breaking core functionality.
• Analytics cookies: If you consent, Sentry may use cookies and local storage to record session replays and performance data to help us identify and fix errors. These are only activated when you opt in via the cookie banner. Additionally, Vercel Web Analytics collects anonymous page view data (URLs, referrers, device type, country) at the CDN level — this does not use cookies or collect personally identifiable information.
• Experience cookies: If you consent, we may store preferences (e.g. display settings) to personalise your experience.

We do not use advertising cookies or behavioural tracking tools such as Google Analytics. Vercel Web Analytics collects anonymous, aggregated performance data without cookies. You can manage your cookie preferences at any time via the cookie banner or your browser settings.

12. Children and Minors

Mimosie is a platform marketed to adults aged 18 and over. We require users to confirm that they are 18 or older during signup.

We do not knowingly collect personal information from children under 18. If we become aware that a user under 18 has provided personal information without appropriate consent, we will take steps to delete that information promptly.

13. Information Officer

The Information Officer responsible for compliance with POPIA is:

14. Information Regulator Contact

If you are dissatisfied with our handling of your personal information, you have the right to lodge a complaint with the Information Regulator of South Africa:

15. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated to you via email notification and/or an in-app notification at least 30 days before the changes take effect. Continued use of the platform after the effective date of any changes constitutes acceptance of the updated policy.

16. Effective Date

This Privacy Policy is effective from March 2026.