Privacy Policy

Last updated: March 2026 · Version 2026-03

JetLog (Pty) Ltd ("JLog", "we", "us") is committed to protecting your personal information in accordance with the Protection of Personal Information Act, 2013 (POPIA). This policy explains what data we collect, why, how long we keep it, and your rights.

1. Information We Collect

Information you provide

Identity & contact: Name, email address, phone number, company name, registration number, VAT number
Shipping data: Sender and recipient addresses, package dimensions and weight, declared values, customs commodity descriptions
Financial data: Billing email, payment terms, invoicing details
Account credentials: Email and hashed password (we never store plaintext passwords)
Integration keys: Shopify, WooCommerce, or Takealot API credentials you provide for order sync

Information collected automatically

Technical data: IP address, browser type, device information, pages visited
Location data: GPS coordinates from delivery drivers (during active deliveries only)
Tracking lookups: When someone views a shipment tracking page

2. How We Use Your Information

To provide and manage logistics, shipping, and customs clearance services
To process quotations, bookings, and invoices
To communicate about your shipments, account, and service updates
To comply with customs regulations and SARS requirements
To improve our platform and prevent fraud
To send WhatsApp or email notifications about shipment status (with your consent)

3. Legal Basis for Processing

We process your personal information on the following grounds under POPIA:

Consent: You provide explicit consent when creating an account or submitting an onboarding application
Contract: Processing is necessary to fulfil our shipping and logistics services
Legal obligation: We are required to retain certain records for customs and tax compliance
Legitimate interest: To improve our services and prevent fraud

4. Data Sharing

We share personal information only as necessary to provide our services:

Carriers: FedEx, DHL, The Courier Guy, Bob Go, and other carriers for shipment processing
Customs authorities: SARS and international customs agencies for clearance
Payment processors: For billing and invoicing

We do not sell, rent, or trade your personal data to third parties for marketing purposes.

A complete list of our third-party processors, including their purposes and privacy policies, is available at /legal/processors.html.

4A. Data Residency & Cross-Border Transfers

Our platform is hosted on Railway (US/EU infrastructure). Your data may be processed in the United States or European Union as part of normal platform operations.

In the course of providing shipping and logistics services, personal information (sender/recipient details, shipment data) is transmitted to carrier APIs located outside South Africa:

FedEx: API servers in the United States
DHL Express: API servers in Germany

These transfers are made in accordance with POPIA Section 72 and are necessary for the performance of the contract between JLog and you (the data subject or responsible party). Both FedEx and DHL maintain comprehensive data protection programmes compliant with international standards.

Additional cross-border processing may occur through:

Sage One Accounting (ZA): Financial and invoicing data
Cartrack (ZA): Vehicle GPS tracking data
Twilio (US): WhatsApp notification delivery
Resend (US): Transactional email delivery

For details on each processor's data handling, see our third-party processors page.

5. Data Retention

We retain your data only as long as necessary:

Data Type	Retention Period	Reason
Shipment & customs records	5 years	SARS record-keeping requirement
Invoices & financial records	5 years	Tax and audit compliance
Account information	Duration of account + 1 year	Service provision
GPS / driver location data	1 year	Delivery verification
Tracking page views	90 days	Analytics
Lead & enquiry data	2 years (then flagged dormant)	Sales follow-up
Password reset tokens	7 days after expiry	Security

6. Data Security

We implement appropriate technical and organisational measures to protect personal information, including:

HTTPS encryption for all data in transit
AES-256 encryption for sensitive financial data at rest (e.g. vendor bank details)
Passwords hashed with bcrypt (never stored in plaintext)
Role-based access controls (admin, staff, merchant tiers)
Audit logging of sensitive operations
Database hosted on secure, access-controlled infrastructure

Data Breach Notification (POPIA Section 22)

In the event of a security compromise involving personal information, JLog will:

Notify the Information Regulator as soon as reasonably possible, and in any event within 72 hours of becoming aware of the breach
Notify affected data subjects unless notification would impede a criminal investigation
Provide details of the nature of the breach, categories of data affected, likely consequences, and measures taken to address the breach
Record all breach incidents in our internal audit log for compliance purposes

If you believe your personal information has been compromised, please contact our Information Officer immediately at gerrit@jlog.co.za.

7. Your Rights Under POPIA

You have the right to:

Access: Request a copy of the personal information we hold about you
Correction: Request correction of inaccurate or incomplete data
Deletion: Request deletion or anonymisation of your personal data (subject to legal retention requirements — see section 5)
Object: Object to the processing of your personal data
Withdraw consent: Withdraw your consent at any time (this does not affect prior lawful processing)

How to Request Deletion

To exercise your right to erasure (Right to Be Forgotten), email gerrit@jlog.co.za with the subject line "POPIA Data Deletion Request" and include the email address associated with your account. We will process your request within 30 days.

Please note: Shipment records, customs declarations, and financial documents may be retained in anonymised form to comply with SARS and customs regulations, but all personally identifiable information will be removed.

8. Cookies

Our platform uses essential cookies for authentication and session management. We use Google Analytics (GA4) for usage analytics — this is only loaded after you consent via our cookie banner. We do not use third-party advertising cookies.

9. Children's Data

Our services are not directed at children under the age of 18. We do not knowingly collect personal information from children.

10. Changes to This Policy

We may update this privacy policy from time to time. The "Last updated" date at the top of this page indicates when it was last revised. Continued use of our platform after changes constitutes acceptance of the updated policy.

11. Contact & Information Officer

For any privacy-related enquiries, data access requests, or complaints, contact our Information Officer:

Email: gerrit@jlog.co.za
Phone: +27 21 300 6099
Address: JetLog (Pty) Ltd, Cape Town, South Africa

If you are not satisfied with our response, you may lodge a complaint with the Information Regulator (South Africa) at inforegulator.org.za.