Privacy Policy

CrecheBooks (Pty) Ltd ("CrecheBooks", "we", "us", or "our") is committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our services in compliance with the Protection of Personal Information Act 4 of 2013 ("POPIA").

1. Information We Collect

1.1 Personal Information

We may collect the following personal information:

• Contact Information: Name, email address, phone number, physical address
• Business Information: Creche name, registration number, number of children enrolled
• Account Information: Username, password (encrypted), account preferences
• Financial Information: Bank account details for payment processing, transaction history
• Child Information: Names, dates of birth, guardian details, attendance records (as entered by you)
• Staff Information: Employee names, contact details, payroll information (as entered by you)

1.2 Usage Data

We automatically collect certain information when you use our services:

• Device information (browser type, operating system)
• IP address and location data
• Pages visited and features used
• Time spent on the platform
• Error logs and performance data

1.3 Cookies and Tracking Technologies

We use cookies and similar technologies to enhance your experience. Please see our Cookie Policy for more details.

2. How We Use Your Information

We use your personal information for the following purposes:

• To provide and maintain our services
• To process payments and manage subscriptions
• To send important service-related communications
• To provide customer support
• To improve and personalise our services
• To ensure compliance with SARS requirements
• To generate financial reports and analytics
• To prevent fraud and ensure security
• To send marketing communications (with your consent, which you can withdraw at any time)
• To comply with legal obligations

3. Data Sharing and Disclosure

We may share your information with:

• Service Providers: Third-party vendors who help us operate our platform (e.g., cloud hosting, payment processors, email services)
• Legal Requirements: When required by law, court order, or government authority
• Business Transfers: In connection with a merger, acquisition, or sale of assets
• With Your Consent: For any other purpose with your explicit permission

We do not sell, rent, or trade your personal information to third parties for marketing purposes.

4. Data Security

We implement appropriate technical and organisational measures to protect your personal information:

• Encryption: All data is encrypted in transit (TLS/SSL) and at rest (AES-256)
• Access Controls: Strict role-based access to personal data
• Regular Audits: Periodic security assessments and penetration testing
• Secure Infrastructure: Data hosted on enterprise-grade, SOC 2 compliant servers
• Employee Training: Regular privacy and security training for all staff
• Incident Response: Established procedures for handling data breaches

5. Your Rights Under POPIA

As a data subject under POPIA, you have the following rights:

• Right of Access: Request confirmation of what personal information we hold about you
• Right to Correction: Request correction of inaccurate or incomplete personal information
• Right to Deletion: Request deletion of your personal information in certain circumstances
• Right to Object: Object to the processing of your personal information for direct marketing
• Right to Data Portability: Request a copy of your personal information in a structured, commonly used format
• Right to Lodge a Complaint: Lodge a complaint with the Information Regulator if you believe your rights have been violated

To exercise any of these rights, please contact our Information Officer using the details provided below.

6. Data Retention

We retain your personal information for as long as necessary to fulfil the purposes outlined in this policy, unless a longer retention period is required or permitted by law:

• Account Data: Retained while your account is active and for 7 years after closure (for tax compliance)
• Financial Records: Retained for 7 years as required by SARS
• Marketing Data: Until you withdraw consent or unsubscribe
• Usage Data: Typically retained for 2 years for analytics purposes

7. Children's Privacy

CrecheBooks processes information about children only as entered by authorised creche administrators for the purpose of managing childcare operations. We do not knowingly collect personal information directly from children. The information processed includes names, ages, and attendance records necessary for invoicing and reporting purposes.

If you believe we have inadvertently collected information from a child without proper authorisation, please contact us immediately.

8. International Transfers

Your data may be transferred to and processed in countries outside South Africa. When this occurs, we ensure appropriate safeguards are in place:

• Standard contractual clauses approved by the Information Regulator
• Transfers only to countries with adequate data protection laws
• Encryption and access controls during transfer

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by:

• Posting the updated policy on our website
• Sending an email notification to registered users
• Displaying a prominent notice within the application

We encourage you to review this policy periodically for any changes.

10. Information Officer Contact

For any questions, concerns, or requests regarding this Privacy Policy or your personal information, please contact our Information Officer:

You may also lodge a complaint with the Information Regulator of South Africa at www.justice.gov.za/inforeg