Privacy Policy

Effective date: 13 October 2025

1. Who we are / scope

Hustlefella (the “Site”, “we”, “us” or “our”) operates https://hustlefella.com (the “Website”), a community marketplace and directory for local skills, services and goods. This Privacy Policy explains how we collect, use, share and protect personal information and the rights you have under applicable laws including South Africa’s Protection of Personal Information Act (POPIA) and, where applicable, the EU General Data Protection Regulation (GDPR) and other global privacy laws.

Data controller / operator: Owen Siebert
Address: Margate, KwaZulu-Natal, South Africa
Contact / Privacy enquiries: grind@hustlefella.com
Information Officer / Data Protection Contact (POPIA): Owen Siebert (or: contact via grind@hustlefella.com)

If you are a vendor on our marketplace, you are both a data subject and — in some circumstances — a controller of personal data you collect from your customers. This policy explains which data we control and which data vendors control.

2. Summary — in plain language

  • We collect personal information you give us to sign up, buy, sell, communicate, apply for work, or list in our directory.
  • We use that information to run the marketplace, process payments, keep people safe, and improve our services.
  • We share data with service providers (payment processors, hosting, analytics), and with vendors for fulfilment.
  • You have rights to access, correct, delete and restrict processing of your personal information — and specific rights under POPIA and GDPR.
  • We keep data only as long as needed and secure it with appropriate safeguards.

3. What personal information we collect

We group personal information into categories. Not all categories apply to every user.

  • Account & identity data

Name, username, email address, phone number, profile photo, profile biography, business details you add as a vendor.

  • Contact & transactional data

Postal and billing/shipping addresses, order history, invoices, refund records.

  • Authentication & security

Password hashes, password reset tokens, two-factor info if enabled, account verification records.

  • Payment & billing

Payment card / bank details are processed by third-party payment providers (we do not store full payment card numbers on our servers unless you use a saved card option through a PCI-compliant provider). We store proof of payment, payer name and transaction metadata.

  • Communications

Messages between members and vendors, messages to our support team, newsletter subscriptions, marketing preferences.

  • Device & usage

IP address, browser and device type, operating system, cookies, page views, referring/exit pages, and analytics data.

  • User-generated content

Reviews, photos, listings, service descriptions and any files you upload.

  • Special categories / children

We do not intentionally collect special category data (e.g., health, race) or personal data of children under 13 / under applicable local age without parental consent. If you believe we hold such data inadvertently, please contact us.

(If you are a vendor you may collect additional customer data required for fulfilment — shipping address, contact phone number etc. — and you must handle that data in line with this policy and POPIA/GDPR.)

4. How we collect personal data

  • You give it to us: when you register, create a vendor stall, purchase, message others, upload listings, apply for jobs, contact support, or subscribe.
  • Automatically: via cookies, server logs and analytics tools while you browse.
  • From third parties: payment processors, social login providers (if you use them), shipping partners, or public directories.
  • From vendors: if you are a buyer, vendors may provide us with additional information to fulfil orders.

5. Why we process personal data — lawful bases & POPIA justification

We process personal data for the following purposes and legal grounds:

Operating the marketplace & providing services — to create and manage accounts, enable buying/selling, process orders and payouts, deliver messages and listings. (Legal basis: performance of contract / legitimate interest).

Payment processing & fraud prevention — to process payments and detect / prevent fraud. (Performance of contract; legitimate interest).

Communications & customer support — to respond to enquiries, send transactional emails, and provide support. (Performance of contract / legitimate interest).

Marketing (if you consent / unless you opt out) — to send promotional communications and newsletters. (Consent; you may withdraw consent at any time.)

Legal obligations — to comply with laws, tax, or to respond to lawful requests. (Legal obligation).

Safety & dispute resolution — to investigate disputes, enforce terms, and protect users and the community. (Legitimate interest).

Under POPIA, we also rely on the Act’s conditions for lawful processing (e.g., accountability; processing limitation; purpose specification; further processing; information quality; security safeguards; and data subject participation). We only process personal information where a lawful basis exists and we have documented the reasons and safeguards.

6. Sharing & third parties

We do not sell your personal information. We share personal data only as necessary and with appropriate safeguards:

Service providers & sub-processors (examples): web hosting, payment processors (e.g., Yoco, PayPal, Payfast, etc), email services, analytics (e.g., Google Analytics), content delivery networks, customer support platforms. These providers process data on our instruction and we require them to maintain confidentiality and security.

Market vendors: when you order from a vendor, we share order and shipping details with them so they can fulfil the order.

Legal / safety: where required to comply with law, respond to lawful requests, protect rights, or investigate fraud or abuse.

Business transfers: in the event of a merger, acquisition or sale of assets, personal data may be transferred subject to confidentiality arrangements and notice to affected users.

7. Cookies & similar technologies

We use cookies and similar technologies to operate the site and improve your experience (session cookies, functional cookies for login and cart, analytics cookies, and optional advertising/targeting cookies). On first visit you will see a cookie banner allowing you to accept or manage preferences. You can also block most cookies through your browser settings (this may affect site functionality).

For details about cookie categories and third-party cookies (analytics / advertising), see our separate Cookie Policy.

8. Data retention

We retain personal data only for as long as necessary to fulfil the purpose(s) it was collected for, to meet legal and tax retention obligations, to resolve disputes, and to enforce agreements. Typical retention examples:

  • Account data: while account is active + up to 5 years after deactivation for legal / business purposes.
  • Transaction records & invoices: as required by tax law (commonly 5–7 years depending on jurisdiction).
  • Support tickets & communications: retained for 5 years to resolve related issues.

You can request deletion or restriction of processing (see Section 11). Deletion may be subject to legal or operational retention requirements.

9. Security

We implement industry-standard technical and organisational measures to protect personal data (encrypted connections (HTTPS), access controls, principle of least privilege, periodic backups, secure hosting). However, no system is 100% secure. If we become aware of a data breach that creates a real risk of harm, we will follow our incident response plan, notify affected data subjects and regulators as required by law (POPIA & GDPR obligations where applicable).

10. International transfers

Because we use global third-party services (hosting, analytics, payment processors), personal data may be processed or stored in other countries. When data is transferred outside South Africa or the EU/EEA, we ensure appropriate safeguards (e.g., standard contractual clauses, binding corporate rules or adequate protection under local law).

11. Your rights — GDPR & POPIA

Depending on where you live, you have the following rights. To exercise any right, contact grind@hustlefella.com. We will respond within the timeframes required by law.

Common rights:

  • Access: request a copy of personal data we hold about you.
  • Correction: ask us to correct inaccurate or incomplete information.
  • Deletion / Erasure: request deletion where lawful (subject to retention obligations).
  • Restrict processing: ask us to limit processing in certain circumstances.
  • Object: object to processing based on legitimate interest (including profiling).
  • Data portability: obtain a machine-readable copy of data you provided to us.
  • Withdraw consent: where processing is based on consent, you can withdraw it (this will not affect processing prior to withdrawal).

POPIA-specific: you also have rights to be provided with the record of processing, to be notified of the reason for processing, and to submit complaints to the Information Regulator of South Africa.
GDPR-specific: if you are in the EU you can lodge a complaint with your local supervisory authority.

To make a request we will usually require proof of identity. We aim to respond without undue delay and within legal timeframes. If we deny a request we will explain why.

12. Vendors & marketplace responsibilities (for vendors & buyers)

  • Vendors: when you join as a vendor you are responsible for how you collect and process personal data from your customers (shipping info, contact numbers). Vendors must comply with POPIA/GDPR and must not misuse customer data. Hustlefella may, where required, cooperate with regulators in enforcement actions.
  • Buyers: when you place orders, we share necessary data with vendors to fulfil the order. If you have concerns about vendor handling of your personal data, contact us at grind@hustlefella.com.

13. Children

The Website is not intended for children under 13. If you believe we have collected personal data from a child under the applicable minimum age without parental consent, contact us and we will delete it.

14. Marketing & newsletters

If you opt-in we may send newsletters, offers and updates. You can opt out at any time by following the “unsubscribe” link in our emails or by contacting grind@hustlefella.com. For direct marketing where consent is required by law, we rely on your consent. For marketing based on legitimate interest we provide a simple opt-out.

15. How to complain

If you are in South Africa and believe we have not complied with POPIA, you may lodge a complaint with the Information Regulator (South Africa). Links and procedures are available at the Information Regulator’s website. If you are in the EU you may also contact your local supervisory authority.

Contact us first: grind@hustlefella.com
Information Regulator (South Africa): https://inforegulator.org.za/ (or see popia.co.za for the Act).

16. Changes to this policy

We may update the policy to reflect changes to our practices, legal requirements, or new products. Substantial changes will be notified on the Website and, where appropriate, via email. The “Effective date” at the top is the latest version date.

17. Additional legal notes & country specifics

POPIA (South Africa) — We comply with POPIA’s processing conditions (accountability, processing limitation, purpose, further processing limitation, information quality, security safeguards, and data subject participation) and have appointed an Information Officer as required by the Act. You have the right to complain to the Information Regulator if you believe your rights have been infringed.

GDPR (EU/EEA residents) — If you are an EU/EEA resident, you have additional rights (data portability, supervisory authority complaint). Where we process EU residents’ data and no other legal ground applies, we rely on consent or contractual necessity. We will provide additional transfer safeguards when exporting data outside the EU/EEA.

Other international laws — We acknowledge and respect obligations in other regions (e.g., CCPA-style rights in some U.S. states). If a particular law applies to you, contact us and we will explain how that law affects you.

18. Practical commitments: what we do every day

  • Keep data minimal and only collect what we need.
  • Use secure hosting and encrypted connections (HTTPS).
  • Keep your account controllable — close, correct or delete it on request (subject to legal retention).
  • Maintain DPAs with processors, and vet partners for privacy and security.
  • Regularly review and update privacy practices.

19. Contact information

For privacy enquiries, to exercise rights, for DPA requests, or to request our processor list:
Email: grind@hustlefella.com
Address / Company: Margate, KwaZulu-Natal, South Africa
Information Officer (POPIA): Owen Siebert

20. Appendix — technical & service provider examples

The Website may use:

  • WordPress, WooCommerce (shop functionality), Dokan (multi-vendor marketplace). These platforms involve processing of vendor/purchase information and may store order metadata on your site and in service provider logs. See Dokan & WooCommerce privacy resources for details.
  • Analytics: Google Analytics and similar (opt-outs available).
  • Payment processors (e.g., Yoco, PayFast, PayPal, etc).
  • Email & marketing platforms (Mailchimp / SendGrid etc.).

Back to Policies & Legal Information

Product Categories