TheWeddingDirectorySouth Africa
Legal

Privacy Policy

Last updated POPIA Compliant10 min read

The Wedding Directory (“we”, “us”) respects your privacy and is committed to protecting your personal information in accordance with the Protection of Personal Information Act, 4 of 2013 (“POPIA”). This policy explains, in plain language, what we collect and why.

Section 01Introduction

This Privacy Policy applies to theweddingdirectory.co.za, our mobile applications, and any other services operated by The Wedding Directory (theweddingdirectory.co.za).

By using our services, you consent to the collection and use of your information as described below. If you do not agree with any part of this policy, please do not use our platform.

Section 02Information We Collect

We collect personal information in the following ways:

Information you provide

  • Account information — your name, email, password, and (for vendor accounts) business name and verification documents.
  • Wedding planning information — wedding date, guest count, budget range, location preferences, and saved vendors.
  • Communications — enquiries you send to vendors, reviews you write, and messages to our support team.
  • Payment information — for vendor subscriptions, processed securely via Stripe and PayFast (we never store full card numbers).

Information collected automatically

  • Device and browser information, IP address, approximate location.
  • Pages visited, time spent, and interactions with vendors (including click-through events on contact reveal buttons, used to measure vendor performance).
  • Referring sites and search terms.

Section 03How We Use Your Information

We use your information to:

  • Provide, operate, and improve our wedding planning platform.
  • Connect couples with relevant vendors and surface listings matched to their preferences.
  • Send transactional emails (enquiry receipts, account notices) and — only if you've opted in — our weekly newsletter.
  • Measure aggregate platform performance, including how often vendor contact details are revealed, to help vendors understand the value of their listing.
  • Detect, prevent, and respond to fraud, abuse, or violations of our terms.
  • Comply with legal obligations under South African law.
In plain English

We use your information to make the platform work, to connect you with vendors who match what you're looking for, and to send you the newsletter onlyif you've signed up for it. You can unsubscribe from our marketing at any time, and we honour opt-out requests and the National Opt-Out Registry. We don't sell your data. Ever.

Section 04Sharing & Disclosure

We share your information only in the following limited circumstances:

  • With vendors you contact — when you submit an enquiry, the relevant vendor receives your name, email, and message.
  • With our service providers — Supabase (database & auth), Vercel (hosting), Cloudinary (image delivery), Resend (email), Stripe and PayFast (payments), and Algolia (search). All are bound by data-protection agreements.
  • For legal reasons — when required by law, court order, or to protect our rights, property, or safety.
  • In a business transfer — if we are acquired or merge with another company, your information may transfer (subject to this policy continuing to apply).

We never sell, rent, or trade your personal information to third parties for their marketing purposes.

Section 05Cookies & Tracking

We use a minimal set of cookies and similar technologies:

  • Essential cookies — required for login, security, and core platform functionality.
  • Analytics cookies — we use Plausible (privacy-focused, EU-hosted, no personal data) and Google Analytics 4 to understand aggregate platform usage.
  • Vendor performance tracking — when you click to reveal a vendor's phone number or email, we record an aggregate event so vendors can measure listing performance. This is logged against the vendor, not against you.

You can disable non-essential cookies in your browser at any time without losing access to core features.

Section 06Data Security

We use industry-standard safeguards to protect your information:

  • HTTPS/TLS encryption for all data in transit.
  • Encrypted database storage (Supabase, AES-256 at rest).
  • Two-factor authentication available on all accounts.
  • Regular security audits and dependency updates.
  • Strict access controls — only personnel who need access have it, and access is logged.

While we take security seriously, no system is impenetrable. If we ever discover a security incident affecting your information, we will notify you and the Information Regulator within 72 hours, as required by POPIA.

Section 07Your Rights Under POPIA

South African law gives you the following rights over your personal information:

  • Right of access — request a copy of the information we hold about you.
  • Right to correction — request that we update incorrect or outdated information.
  • Right to deletion — request that we delete your account and associated information (subject to legal retention requirements).
  • Right to object — object to specific uses of your information, including direct marketing.
  • Right to portability — request a structured export of your information.
  • Right to lodge a complaint — with the Information Regulator of South Africa.

To exercise any of these rights, email our Information Officer at the address below. We will respond within 30 days.

Section 08Children's Privacy

Our platform is not directed at children under the age of 18 and we do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us and we will delete it promptly.

Section 09International Transfers

Some of our service providers (Vercel, Cloudinary, Stripe) process data outside South Africa. Where international transfers occur, we ensure they are protected by adequacy decisions, standard contractual clauses, or other lawful mechanisms permitted under POPIA Section 72.

Section 10Updates to this Policy

We may update this policy from time to time to reflect changes in our practices, technology, or the law. The “last updated” date at the top of this page indicates when the policy was last revised. For material changes, we will notify registered account holders via email at least 30 days before the changes take effect.

Section 11Contact & Information Officer

If you have any questions about this policy or want to exercise any of your rights, please contact our Information Officer:

Information Officer

The Wedding Directory

To lodge a complaint with the regulator, contact:

Information Regulator (South Africa)
33 Hoofd Street, Forum III, Braampark Office Park, Braamfontein, Johannesburg, 2001
complaints.IR@justice.gov.za