Privacy Policy

Effective date: 4 March 2026 · Last updated: 4 March 2026

At a Glance

Connex Digital (Pty) Ltd (Registration No. 2026/189508/07) ("Connex", "we", "us", or "our") is committed to protecting your privacy and personal information. This Privacy Policy explains what data we collect, why we collect it, how we use it, who we share it with, and what rights you have. This policy is designed to comply with the Protection of Personal Information Act, 2013 (POPIA) and other applicable data protection laws.

1. Who We Are

Connex Digital (Pty) Ltd is a technology company that operates the Connex mobile application, available on Android and iOS. Connex provides messaging, community alert, education, and safety services to users across Africa.

Responsible Party (Information Officer):
Connex Digital (Pty) Ltd (Reg. No. 2026/189508/07)
Email: privacy@connexsa.co.za
Website: connexsa.co.za

2. Information We Collect

We collect personal information that is necessary to provide, maintain, and improve our services. We collect the following categories of information:

2.1 Information You Provide

Account information: Your full name, mobile phone number, and password. Your password is stored using industry-standard one-way cryptographic hashing and is never stored or visible in plain text.
Profile information: Your profile photograph and area/location preferences, used to personalise your experience and display relevant local alerts.
Messages and content: Text messages, media files, and other content you send and receive through the Chat feature. This data is stored to deliver and maintain the messaging service.
Community alerts: Reports and alerts you create and publish through the Alerts feature, including the category, description, and associated location.
SOS contacts: The identities of contacts you designate as emergency contacts through the SOS feature. SOS contact relationships are established only through mutual consent.

2.2 Information Collected Automatically

Device information: Your device type, operating system version, unique device identifiers, and push notification tokens used to deliver notifications to your device.
Usage data: Information about how you interact with the App, including features accessed, session duration, and error reports, collected for the purpose of improving our services.
Log data: Server logs that may include your IP address, request timestamps, and request metadata, retained for security monitoring and abuse prevention.

2.3 Information We Do Not Collect

We do not collect or store:

Financial or payment information (no payment features in the current version).
Biometric data (fingerprints, facial recognition data, etc.).
Contacts from your phone's address book (we do not upload your contact list).

3. How We Use Your Information

We use your personal information solely for the following purposes:

Providing the service: Creating and managing your account, delivering messages, displaying alerts, providing access to educational content, and operating the SOS emergency feature.
Notifications: Sending push notifications for new messages, SOS alerts, community alerts, and important service updates.
Personalisation: Displaying alerts and content relevant to your area based on your location preferences.
Service improvement: Analysing usage patterns and error reports to identify issues, improve performance, and develop new features.
Safety and security: Detecting, investigating, and preventing fraud, abuse, security incidents, and violations of our Terms of Service.
Legal compliance: Complying with applicable laws, regulations, legal processes, or enforceable governmental requests.

4. Legal Basis for Processing

Under POPIA, we process your personal information on one or more of the following lawful bases:

Contractual necessity: Processing that is necessary to provide the services you have requested (e.g., delivering messages, displaying alerts).
Consent: Where you have given specific, informed consent for a particular processing activity (e.g., establishing SOS contact relationships).
Legitimate interests: Where our legitimate business interests do not override your rights and freedoms (e.g., improving application performance, preventing abuse).
Legal obligation: Where processing is necessary to comply with applicable law or a court order.

5. How We Share Your Information

We do not sell your personal information. We will never sell, rent, or trade your data with third parties for marketing purposes.

We may share your information in the following limited circumstances:

Cloud infrastructure providers: We use enterprise-grade cloud service providers to host our database, server infrastructure, and data storage. These providers are contractually bound to protect your data and process it only on our instructions.
Notification service providers: We use trusted third-party services to deliver push notifications to your device. Only the minimum data necessary to deliver notifications is shared with these providers.
Other users: Your display name, profile photograph, messages, and alert posts are visible to the users you communicate with and, in the case of public alerts, to other users in your area. This is inherent to the nature of a messaging and community platform.
SOS contacts: When you trigger an SOS alert, your identity, alert status, and location are shared with your pre-approved emergency contacts.
Law enforcement and legal obligations: We may disclose your information if required to do so by law, subpoena, court order, or other legal process, or if we believe in good faith that disclosure is necessary to protect the safety of our users, the public, or our rights.

6. Data Retention

We retain your personal information for as long as reasonably necessary to fulfil the purposes for which it was collected:

Account data: Retained for the duration of your active account.
Messages: Retained to deliver the messaging service. You may delete individual messages at any time within the App.
Community alerts: Retained for as long as they remain relevant, after which they may be archived or removed.
Log and security data: Retained for a period of up to 12 months for security monitoring and abuse prevention.
Upon account deletion: We will delete or irreversibly anonymise your personal data within thirty (30) days of account deletion, except where retention is required by law or necessary to resolve disputes or enforce our agreements.

7. Cross-Border Data Transfers

Some of our cloud infrastructure providers may store or process data in locations outside of your country or region. Where data is transferred internationally, we ensure that adequate safeguards are in place, including:

Contractual obligations that provide a level of data protection equivalent to POPIA.
Ensuring that the receiving jurisdiction has adequate data protection legislation.
Obtaining your consent where required.

8. Your Rights Under POPIA

As a data subject under the Protection of Personal Information Act, you have the following rights:

Right of access: You may request confirmation of whether we hold personal information about you and request a copy of that information.
Right to correction: You may request the correction or updating of personal information that is inaccurate, incomplete, or misleading.
Right to deletion: You may request the deletion of your personal information, subject to any legal obligation to retain certain data.
Right to object: You may object to the processing of your personal information on grounds relating to your particular situation.
Right to restrict processing: You may request that we restrict the processing of your personal information in certain circumstances.
Right to lodge a complaint: You may lodge a complaint with your relevant data protection regulator if you believe that your rights under applicable law have been violated.

To exercise any of these rights, please contact our Information Officer at privacy@connexsa.co.za. We will respond to your request within a reasonable time and in accordance with POPIA requirements.

9. Children's Privacy

Connex is not directed at children under the age of 13. We do not knowingly collect personal information from children under 13 years of age. If you are a parent or guardian and you believe your child has provided us with personal information without your consent, please contact us at privacy@connexsa.co.za and we will take steps to delete that information promptly.

Users between the ages of 13 and 18 must have the consent of a parent or legal guardian to use Connex.

10. Security Measures

We implement appropriate technical and organisational measures to protect your personal information against unauthorised access, alteration, disclosure, or destruction. These measures include, but are not limited to:

All data transmitted between your device and our servers is encrypted using TLS (Transport Layer Security).
Data at rest is encrypted using industry-standard AES-256 encryption.
Passwords are stored using irreversible cryptographic hashing. We never store or have access to your plain-text password.
Authentication tokens are securely generated, have limited validity periods, and are rotated regularly.
Sensitive API endpoints are protected by rate limiting to prevent brute-force attacks.
Access to production systems is restricted to authorised personnel and governed by the principle of least privilege.

While we take every reasonable precaution to protect your data, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security, but we are committed to promptly addressing any security incidents that may occur.

11. Cookies and Website Tracking

The Connex website (connexsa.co.za) is a static informational website. We do not use cookies, tracking pixels, or third-party analytics services on our website. No personal data is collected through the website.

12. Third-Party Links and Services

The App and website may contain links to or references to third-party services, including data providers for loadshedding schedules. These third-party services have their own privacy policies and practices, which we do not control. We encourage you to review the privacy policies of any third-party services you interact with. Connex is not responsible for the privacy practices of third-party services.

13. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or the services we offer. When we make material changes, we will:

Update the "Last updated" date at the top of this page.
Notify you through the App, by email, or by other reasonable means.
Where required by law, seek your consent before implementing changes that affect how your data is processed.

Your continued use of Connex after changes to this Privacy Policy have been communicated to you constitutes your acceptance of those changes. If you do not agree with the updated policy, you should stop using the App and delete your account.

14. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or how we handle your personal information, please contact us:

Information Officer
Connex Digital (Pty) Ltd
Email: privacy@connexsa.co.za
General enquiries: hello@connexsa.co.za
Website: connexsa.co.za

15. Complaints and Regulators

If you are not satisfied with our response to any privacy concern, you have the right to lodge a complaint with your local data protection authority in your country or region.