Privacy Policy
Last Updated: December 21, 2025
1. Introduction
At HOWZIT, we take your privacy seriously. This Privacy Policy explains how HOWZIT (Pty) Ltd ("HOWZIT," "we," "us," or "our") collects, uses, discloses, and safeguards your personal information when you use the HOWZIT mobile application and any related websites or services (collectively, the "Service").
By using the Service, you consent to the data practices described in this Privacy Policy. If you do not agree with our practices, please do not use the Service.
This Privacy Policy should be read together with our Terms and Conditions, which govern your use of the Service.
2. Responsible Party / Data Controller
HOWZIT (Pty) Ltd is the responsible party (under POPIA) and data controller (under GDPR) for the personal information we collect through the Service.
Contact Details:
- Email: legal@howzit.club
- Postal Address: 37 Park Ave, Hout Bay, Cape Town, South Africa, 7806
- Registration Number: 2020 / 504279 / 07
EU Representative (for GDPR compliance):
Thomas Tait - legal@howzit.club
If you have any questions about this Privacy Policy or our data practices, please contact us at support@howzit.club.
3. Information We Collect
We collect information in the following ways:
3.1 Information You Provide Directly
When you create an account and use the Service, you provide us with:
| Data Type | Purpose | Legal Basis |
|---|---|---|
| Name | Profile display, identification | Contract performance |
| Email Address | Account creation, notifications, support | Contract performance |
| Phone Number | Account verification, security, two-factor authentication | Contract performance, legitimate interest (security) |
| Date of Birth | Age verification (18+ requirement), age display | Contract performance, legal obligation |
| Gender | Profile display, matching preferences | Contract performance |
| Profile Photos | Profile display, identity verification | Contract performance, consent |
| Location | Core matching functionality, showing nearby users | Consent (explicit) |
| Bio/Description | Profile display | Contract performance |
| Activity Preferences | Matching algorithm, personalized experience | Contract performance |
| Messages | Facilitating communication between users | Contract performance |
| Organization Code | Connecting with colleagues (optional) | Consent |
3.2 Information Collected Automatically
When you use the Service, we automatically collect:
| Data Type | Purpose | Legal Basis |
|---|---|---|
| Device Information | App functionality, security, troubleshooting | Legitimate interest |
| IP Address | Security, fraud prevention, approximate location | Legitimate interest |
| App Usage Data | Service improvement, analytics | Legitimate interest, consent (for analytics) |
| Crash Reports | Bug fixing, stability improvement | Legitimate interest |
| Push Notification Tokens | Delivering notifications | Contract performance |
3.3 Location Data - Special Notice
HOWZIT collects your precise GPS location data. This is essential for our core functionality of connecting you with people nearby.
What we collect:
- Precise GPS coordinates (latitude and longitude)
- Location accuracy data
- Timestamp of location collection
When we collect it:
- When you actively use the app
- We do NOT collect location data in the background when the app is closed
How we use it:
- To show you other users in your area
- To display approximate distances on profiles (for your privacy, we show "2km away" rather than exact locations)
- To enable location-based matching
Your controls:
- You can enable/disable location services through your device settings
- Disabling location will significantly limit app functionality
- You can request deletion of your location history
Consent: We obtain your explicit consent before collecting location data. You may withdraw this consent at any time, but this will affect your ability to use core features of the Service.
4. How We Use Your Information
We use your personal information for the following purposes:
4.1 Core Service Delivery
- Creating and managing your account
- Displaying your profile to other users
- Matching you with compatible users based on location, activities, and preferences
- Facilitating messaging between matched users
- Processing organization code verification
- Sending notifications about matches, messages, and account activity
4.2 Safety and Security
- Verifying your age and identity
- Preventing fraud, spam, and abuse
- Enforcing our Terms and Conditions
- Responding to user reports and conducting moderation
- Detecting and preventing unauthorized access
- Maintaining the integrity of our platform
4.3 Legal Compliance
- Complying with applicable laws and regulations
- Responding to legal requests from authorities
- Establishing, exercising, or defending legal claims
- Retaining records as required by law
4.4 Service Improvement
- Analyzing usage patterns to improve the Service
- Fixing bugs and technical issues
- Developing new features and functionality
- Conducting research and analytics (in anonymized/aggregated form where possible)
4.5 Communication
- Sending service-related announcements
- Responding to your inquiries and support requests
- Sending promotional communications (with your consent, where required)
5. Legal Basis for Processing (GDPR/POPIA)
We process your personal information based on the following legal grounds:
| Legal Basis | When We Use It |
|---|---|
| Contract Performance | Processing necessary to provide the Service you've requested (account creation, profile display, matching, messaging) |
| Consent | Location data collection, marketing communications, analytics cookies, optional features |
| Legitimate Interest | Security, fraud prevention, service improvement, enforcing our Terms (balanced against your rights) |
| Legal Obligation | Age verification, responding to legal requests, tax/accounting requirements, moderation record retention |
| Defense of Legal Claims | Retaining data for accounts with moderation history to protect against legal claims |
You have the right to withdraw consent at any time. Withdrawing consent does not affect the lawfulness of processing before withdrawal.
6. How We Share Your Information
6.1 With Other Users
Your profile information (name, photos, age, bio, activities, approximate location) is visible to other users of the Service. Messages you send are visible to the recipients.
6.2 With Service Providers
We share information with third-party service providers who assist us in operating the Service:
| Provider | Purpose | Data Shared |
|---|---|---|
| Firebase (Google LLC) | Backend services: authentication, database, messaging, analytics, crash reporting | Account data, usage data, crash logs |
| Apple/Google | App distribution, push notifications | Device tokens, app usage |
| Payment Processors | Processing payments (if applicable) | Payment information |
All service providers are bound by data processing agreements and are only permitted to use your data for the specified purposes.
Firebase/Google Specific Disclosures:
- Firebase is subject to Google's Data Processing Terms
- Your data may be processed on Google servers in the United States
- We rely on the EU-US Data Privacy Framework and Standard Contractual Clauses for lawful data transfers
- Firebase privacy information: https://firebase.google.com/support/privacy
- Firebase maintains ISO 27001, SOC 2, SOC 3, ISO 27017, and ISO 27018 certifications
6.3 With Law Enforcement and Authorities
We may disclose your information if required by law or if we believe in good faith that such action is necessary to:
- Comply with a legal obligation, court order, or legal process
- Protect and defend our rights or property
- Prevent or investigate possible wrongdoing in connection with the Service
- Protect the personal safety of users or the public
- Protect against legal liability
6.4 Business Transfers
If HOWZIT is involved in a merger, acquisition, sale of assets, or bankruptcy, your information may be transferred as part of that transaction. We will notify you of any change in ownership or use of your personal information.
6.5 With Your Consent
We may share your information for other purposes with your explicit consent.
7. International Data Transfers
Your personal information may be transferred to and processed in countries outside of South Africa, including the United States (for Firebase/Google services).
Safeguards for international transfers:
- EU-US Data Privacy Framework: For transfers to the US, we rely on the Data Privacy Framework where applicable
- Standard Contractual Clauses: We use EU-approved Standard Contractual Clauses for transfers to countries without adequacy decisions
- POPIA Compliance: We ensure that recipients provide an adequate level of protection as required by POPIA Section 72
You can request a copy of the safeguards we use for international transfers by contacting legal@howzit.club.
8. Data Retention
We retain your personal information for as long as necessary to provide the Service and fulfill the purposes described in this Privacy Policy.
8.1 Active Accounts
While your account is active, we retain your information to provide the Service.
8.2 Account Deletion - Two-Tier System
HOWZIT uses a two-tier account deletion system based on your account history:
Tier 1: Clean Accounts (No Moderation History)
If your account has no reports, warnings, suspensions, or bans:
- All personal data is permanently deleted within 30 days of your deletion request
- Profile information, photos, messages, and location history are erased
- You may create a new account freely
Tier 2: Accounts with Moderation History
If your account has been subject to moderation actions (reports, warnings, suspensions, bans):
- Profile is anonymized: Name, photos, and identifying information are removed or anonymized
- Chat archives are retained for 6 years: Message content related to moderation violations is archived
- Moderation records are retained for 6 years: Details of reports received and actions taken
- Phone number hash may be retained: If you are currently banned or suspended, a cryptographic hash (SHA-256) of your phone number is retained to prevent re-registration
- After 6 years, archived data is automatically deleted
Legal Basis for Extended Retention:
- Defense of legal claims (GDPR Article 17(3)(e), POPIA Section 14(1))
- The 6-year period aligns with the prescription period for civil claims under South African law
- Safety and fraud prevention (legitimate interest)
What This Means:
- Archived data is put "beyond use" - it is not accessible for normal business purposes
- It is only accessed if required for legal proceedings, law enforcement requests, or safety investigations
- You will be informed at the time of deletion which tier applies to your account
8.3 Other Retention Periods
| Data Type | Retention Period | Reason |
|---|---|---|
| Transaction Records | 6-7 years | Tax and accounting compliance |
| Support Correspondence | 3 years | Service quality, dispute resolution |
| Anonymized Analytics | Indefinite | Service improvement (non-personal) |
| Backup Data | 90 days after deletion | Disaster recovery, then permanently deleted |
9. Your Rights
You have the following rights regarding your personal information:
9.1 Right of Access
You can request a copy of the personal information we hold about you. We will provide this free of charge within 30 days of your request.
9.2 Right to Rectification
You can update or correct inaccurate information in your profile settings, or contact us to request corrections.
9.3 Right to Erasure (Right to be Forgotten)
You can request deletion of your account and personal data. This right is subject to the limitations described in Section 8 (Data Retention) above.
9.4 Right to Object
You can object to processing of your personal information based on legitimate interests. We will stop processing unless we have compelling legitimate grounds that override your interests.
9.5 Right to Restrict Processing
You can request that we restrict processing of your personal information in certain circumstances.
9.6 Right to Data Portability (GDPR)
EU users can request to receive their personal data in a structured, commonly used, machine-readable format.
9.7 Right to Withdraw Consent
Where we rely on consent, you can withdraw it at any time. This does not affect the lawfulness of processing before withdrawal.
9.8 How to Exercise Your Rights
To exercise any of these rights:
- In-App: Use the Settings menu for profile updates and account deletion
- Email: Contact support@howzit.club with your request
- Verification: We may need to verify your identity before processing requests
We will respond to your request within 30 days. If we cannot comply with your request, we will explain why.
There is no fee for exercising your rights (in compliance with POPIA 2025 amendments).
10. Data Security
We implement appropriate technical and organizational measures to protect your personal information:
10.1 Technical Measures
- Encryption: Data is encrypted in transit (TLS/SSL) and at rest
- Secure Authentication: Multi-factor authentication options, secure password requirements
- Access Controls: Role-based access, principle of least privilege
- Firebase Security: We leverage Firebase's enterprise-grade security infrastructure (ISO 27001, SOC 2/3 certified)
10.2 Organizational Measures
- Staff training on data protection
- Confidentiality agreements
- Regular security assessments
- Incident response procedures
10.3 Data Breach Notification
In the event of a data breach that poses a high risk to your rights and freedoms:
- We will notify the relevant supervisory authorities within 72 hours (as required by GDPR)
- We will notify affected users without undue delay
- We will take immediate steps to mitigate the impact
No method of transmission or storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.
11. Children's Privacy
HOWZIT is not intended for use by anyone under 18 years of age.
We do not knowingly collect personal information from children under 18. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately at support@howzit.club.
If we discover that we have collected personal information from a child under 18, we will delete that information immediately and terminate the associated account.
12. Cookies and Tracking Technologies
12.1 What We Use
In our mobile app, we use:
- Firebase Analytics: To understand app usage patterns
- Firebase Crashlytics: To identify and fix crashes
- Local Storage: To store preferences and authentication tokens
12.2 Your Choices
- Analytics Opt-Out: You can opt out of analytics in the app settings
- Device Settings: You can manage app permissions and data collection through your device settings
13. Third-Party Links
The Service may contain links to third-party websites, services, or applications. This Privacy Policy does not apply to those third parties. We encourage you to review the privacy policies of any third-party services you access.
14. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by:
- Posting the updated policy in the app
- Sending you an email notification (for significant changes)
- Displaying a notice when you open the app
Your continued use of the Service after such modifications constitutes your acceptance of the updated Privacy Policy.
We encourage you to review this Privacy Policy periodically. The "Last Updated" date at the top indicates when the policy was last revised.
15. Complaints and Supervisory Authorities
15.1 Internal Complaints
If you have concerns about how we handle your personal information, please contact us first at support@howzit.club. We take all complaints seriously and will investigate and respond promptly.
15.2 Information Regulator (South Africa)
You have the right to lodge a complaint with the Information Regulator of South Africa:
- Website: https://www.justice.gov.za/inforeg/
- Email: complaints.IR@justice.gov.za
- Postal Address: P.O. Box 31533, Braamfontein, Johannesburg, 2017
15.3 EU Data Protection Authorities
If you are in the European Union, you have the right to lodge a complaint with your local Data Protection Authority. A list of EU DPAs is available at: https://edpb.europa.eu/about-edpb/about-edpb/members_en
16. Additional Information for Specific Regions
16.1 South Africa (POPIA)
This Privacy Policy complies with the Protection of Personal Information Act (POPIA). Key POPIA-specific information:
- Responsible Party: HOWZIT (Pty) Ltd
- Purpose of Processing: As detailed in Section 4
- Your Rights: As detailed in Section 9, including the right to object to processing free of charge (POPIA 2025 amendment)
- Cross-Border Transfers: As detailed in Section 7
16.2 European Union (GDPR)
For EU users, HOWZIT complies with the General Data Protection Regulation (GDPR):
- Data Controller: HOWZIT (Pty) Ltd
- EU Representative: Thomas Tait - legal@howzit.club
- Legal Basis: As detailed in Section 5
- Your Rights: Include data portability and the right to lodge complaints with EU supervisory authorities
- International Transfers: Protected by Standard Contractual Clauses and the EU-US Data Privacy Framework
17. Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:
HOWZIT (Pty) Ltd
- Privacy Inquiries: legal@howzit.club
- General Support: support@howzit.club
- Postal Address: 37 Park Ave, Hout Bay, Cape Town, South Africa, 7806
We aim to respond to all inquiries within 30 days.
This Privacy Policy was last updated on December 21, 2025.