1. Introduction & Our Commitment
NameShame.co.za is owned and operated by Getron SA PTY Ltd (Registration No. 2018/034826/07), a company registered in the Republic of South Africa, trading as NameShame.co.za, a division of Getron SA PTY Ltd. We are committed to protecting your personal information in accordance with the Protection of Personal Information Act 4 of 2013 ("POPIA"). This Privacy Policy explains how we collect, use, store, and protect your personal information when you use our Platform.
Our commitment: We will never sell your personal information to advertisers, data brokers, or third parties for commercial gain. Your data exists solely to operate this platform and protect South African consumers.
2. Responsible Party
Under POPIA, Getron SA PTY Ltd is the "Responsible Party" — the entity that determines the purpose and means of processing your personal information.
- Registered company: Getron SA PTY Ltd (Reg. No. 2018/034826/07)
- Trading name: NameShame.co.za, a division of Getron SA PTY Ltd
- Website: www.nameshame.co.za
- General contact: info@nameshame.co.za
- Legal contact: legal@nameshame.co.za
- Country of incorporation: Republic of South Africa
3. What We Collect
3.1 Information You Give Us
- Your name and email address when registering
- Your username and display name
- Your province (for location context)
- The content of complaints you submit, including uploaded evidence files
- Your comments, Me Too reports, and votes
- Communications you send to us (support emails, takedown requests)
3.2 Information We Collect Automatically
- IP address and approximate geographic location
- Browser type and device type
- Pages visited and time spent on the Platform
- Referral source (how you found us)
3.3 Information About Third Parties in Complaints
When you submit a complaint, you may include personal information about individuals associated with a business — such as a sole trader, private individual, or business representative acting in a commercial capacity. By submitting this, you warrant that this information relates to the person's commercial conduct, not their purely personal life, and that you have a lawful basis to share it.
4. Why We Collect Your Information
Under POPIA, we may only process your information for specific, legitimate purposes. We use your data to:
- Create and manage your user account
- Process and moderate complaint submissions
- Notify you about the status of your complaint
- Respond to your queries and support requests
- Comply with legal obligations, including court orders requiring user identification
- Detect and prevent fraud, abuse, and misuse of the Platform
- Improve the Platform through aggregated, anonymised analytics
- Send you service notifications (not marketing, unless you opt in separately)
5. Sharing Your Information
We do not sell your personal information. We will never sell or rent your data to advertisers or data brokers under any circumstances.
We may share your information only in these limited circumstances:
- With service providers who help us operate the Platform (e.g. Supabase for database hosting) — these providers are bound by confidentiality agreements and GDPR-equivalent protections
- If required by law, court order, or valid legal process under South African law
- If we reasonably believe disclosure is necessary to prevent fraud, illegal activity, or harm to a person
- In anonymised, aggregated form for statistical reporting — no individual can be identified
6. How Long We Keep Your Information
- Account information: for as long as your account is active, plus 3 years after closure
- Published complaints: indefinitely, as they serve the Platform's public interest purpose
- Unpublished / rejected complaints: deleted within 30 days of rejection
- Server logs (IP addresses, access logs): 12 months
- Legal correspondence and takedown records: 5 years
7. Your Rights Under POPIA
As a data subject under POPIA, you have the following rights:
- Right of access — request a copy of the personal information we hold about you
- Right to correction — request correction of inaccurate or outdated information
- Right to deletion — request deletion of your personal information, subject to legal retention requirements
- Right to object — object to the processing of your information for specific purposes
- Right to lodge a complaint — if you believe we have violated POPIA, you may lodge a complaint with the Information Regulator of South Africa
To exercise any of these rights, contact us at info@nameshame.co.za.
8. Information Regulator
The Information Regulator (South Africa) is the supervisory authority for POPIA. If you believe we have not handled your personal information correctly, you may lodge a complaint with them:
9. Cookies & Tracking
We use only essential cookies necessary for the Platform to function — such as keeping you logged in between sessions. We do not use advertising cookies, third-party tracking pixels, or analytics cookies that identify you personally.
You can disable cookies in your browser settings, but some features of the Platform may not work correctly if you do.
10. Security
We take reasonable technical and organisational measures to protect your personal information:
- Encrypted database storage via Supabase (AES-256 encryption at rest)
- HTTPS encryption for all data in transit (TLS)
- Password hashing — we never store passwords in plain text
- Access controls — only authorised personnel can access the database
- Row Level Security (RLS) — users can only access data they are authorised to see
No system is 100% secure. In the event of a data breach that poses a risk to your rights, we will notify you and the Information Regulator as required by POPIA within 72 hours of becoming aware of the breach.
11. Children
NameShame.co.za is not intended for use by persons under the age of 18. We do not knowingly collect personal information from minors. If you believe a minor has registered on our Platform, please contact us at info@nameshame.co.za and we will delete the account immediately.
12. Cross-Border Data Transfers
Our database infrastructure is hosted by Supabase on servers located in Stockholm, Sweden (European Union). The EU has data protection standards under GDPR that are considered adequate and equivalent to POPIA. By using the Platform, you consent to your data being stored in the EU under these equivalent protections.
13. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify registered users by email of any material changes. The effective date at the top of this document indicates when it was last updated. Continued use of the Platform after notification constitutes acceptance of the updated Policy.