MyStudStats ("we", "us", "our") is committed to protecting your personal information in accordance with the Protection of Personal Information Act 4 of 2013 ("POPIA") and the South African Constitution.

1. Information We Collect

We collect the following categories of personal information:

Account information: Full name, email address, phone number, password (hashed).
Farm details: Farm/stud name, province, primary species.
Billing information: Company name, VAT number, billing address. Payment card details are processed directly by PayFast and never stored on our servers.
Animal records: All animal, breeding, health, feed, weight, and financial data you enter into the platform.
Usage data: Browser type, IP address, pages visited, and feature usage for platform improvement.

2. How We Use Your Information

Your personal information is processed for the following purposes:

Providing and maintaining the MyStudStats platform and your account.
Processing subscription payments via PayFast.
Sending transactional emails (invoices, password resets, billing notifications).
Sending notification reminders you have opted into (breeding, health, feed alerts).
Improving platform functionality and user experience.
Complying with South African legal obligations (VAT Act, Animal Identification Act).

3. Legal Basis for Processing

We process your personal information under the following POPIA conditions:

Consent: You consent to processing when you create an account and accept our Terms of Service.
Contract: Processing is necessary to provide the services you have subscribed to.
Legal obligation: We are required to retain billing records under the VAT Act and Income Tax Act.
Legitimate interest: Platform analytics and security monitoring.

4. Data Sharing

We do not sell your personal information. We share data only with:

PayFast: Payment processing (South African payment gateway).
Supabase: Database hosting and authentication (data stored in secure cloud infrastructure).
Resend: Transactional email delivery.
Law enforcement: Only when required by a valid court order or South African legislation.

5. Data Retention

Your animal and farm data is retained for as long as your account is active. After account cancellation, we retain your data for 30 days to allow for reactivation, after which an administrator may permanently delete it. Billing records are retained for 5 years as required by the VAT Act.

6. Your Rights Under POPIA

As a data subject, you have the right to:

Access your personal information held by us.
Request correction of inaccurate information.
Request deletion of your personal information (subject to legal retention requirements).
Object to the processing of your personal information.
Lodge a complaint with the Information Regulator of South Africa.

7. Data Security

All data is transmitted over HTTPS (TLS 1.3). Passwords are hashed using bcrypt. Database access is controlled through row-level security policies. We conduct regular security reviews.

8. Cookies

We use a small number of cookies. Essential cookies are used for authentication and session management (you cannot log in without these). Analytics cookies are used by Google Analytics — see section 9 below. We do not use advertising or retargeting cookies.

9. Third Party Services

We use the following third-party services to operate the platform. Each provider processes a limited set of data as described:

Supabase (authentication and database hosting) — stores your account credentials, farm data and animal records. Data is held on infrastructure that meets international security standards.
Railway (application hosting) — hosts the API that serves your requests. No personal data is stored by Railway directly.
Vercel (website hosting) — serves the public website and member dashboard. No personal data is stored by Vercel directly.
PayFast (payment processing) — processes your subscription payments. Card details are entered on PayFast's own secure pages and never touch our servers.
Resend (email delivery) — sends transactional emails (verification, invoices, notifications) on our behalf.
Google Analytics 4 — we use GA4 to understand how visitors use our website. GA4 collects pseudonymous usage data (pages visited, device type, approximate location derived from IP) using cookies. IP addresses are anonymised before storage. We do not use Google Signals, advertising features, or retargeting. You can opt out at any time using your browser's do-not-track setting or the official Google Analytics opt-out browser add-on.

10. Information Officer

For any privacy-related enquiries or to exercise your POPIA rights, contact our Information Officer at info@mystudstats.co.za.

Privacy Policy