Privacy Policy

Welcome to ITIA ("we", "us", "our"). This Privacy Policy explains how we collect, use, disclose, and protect personal information when you use our services, including domain registration, hosting, website services, onboarding and integrations. We operate internationally and comply with applicable data protection laws, including South Africa's POPIA and the EU's GDPR where applicable.

1. Information we collect

We collect information that is necessary to provide our services and improve your experience. This includes:

Account & contact data: business name, contact name, email address (required), phone number (optional).
Business information: industry, location, business description, logo and branding files.
Usage & analytics data: app activity, IP address, device and browser metadata, pages visited, logs and performance data.
Social & API data: information returned by social platforms you connect via OAuth (for example, profile details or media), and tokens/metadata required for integrations.
Payment & billing data: billing name, billing address and transaction records where applicable. We do not store raw card numbers — payments are processed using third-party payment providers.

2. How we use your information

We use your personal information to:

Provide, operate and maintain our services.
Process subscriptions, billing and domain registrations.
Personalize and improve the product (analytics, feature improvements).
Communicate about your account and send transactional messages.
Detect, prevent and respond to fraud, abuse or security incidents.

3. Legal bases for processing (where applicable)

Depending on your location and the context of processing, we rely on one or more legal bases to process personal data, including contract performance (to provide the service), legitimate interests (for product improvement and security), and consent (for certain optional features and marketing communications). Where applicable, EU residents are granted rights under the GDPR (access, rectification, erasure, restriction, portability and objection).

4. Sharing & third parties

We do not sell your personal data. We may share information with:

Service providers and processors (payment processors, hosting providers, analytics vendors, email providers) who perform services on our behalf under contracts requiring confidentiality and security.
Legal or regulatory authorities when required by law or to protect our rights.

5. International transfers

We operate across multiple countries. When personal data is transferred across borders we implement safeguards required by applicable law (for example, standard contractual clauses or other lawful transfer mechanisms under GDPR) to ensure an adequate level of protection.

6. Data security

We implement reasonable technical and organizational measures to protect personal data, including encryption in transit (HTTPS/TLS), encryption at rest where appropriate, access controls, regular security reviews and an incident response process. We follow security practices aligned with the obligations in POPIA and GDPR.

7. Data retention

We retain personal data for as long as necessary to provide our services, meet legal obligations, resolve disputes, and enforce our agreements. If you request deletion and there is no legal reason to retain certain data, we will delete it within a reasonable timeframe.

8. Your rights and choices

You may have the right to access, rectify, port, restrict processing of, or request deletion of your personal data. You may also withdraw consent to marketing communications at any time. To exercise these rights, contact us using the details below. We will respond in accordance with applicable law.

9. Social connections & Web3 features

If you connect social accounts, we request only the minimum scopes required for the integration and store only the data necessary to perform the features you request. As we introduce Web3/blockchain features, please note that on-chain transactions and identifiers may be public and immutable. We will clearly disclose when data is placed on-chain and request explicit consent for any on-chain activity that includes user identifiers.

10. Data breaches

In the event of a personal data breach, we will follow our incident response procedures, contain the breach, assess its impact, and notify affected individuals and regulators as required by applicable law (for example, POPIA and GDPR notification requirements).

11. Contact

If you have questions, wish to exercise your rights, or would like to contact our Data Protection Officer, please email:

privacy@itia.com

Privacy Policy — ITIA