1. Introduction

ForeverAfter ("we", "our", "us") is committed to protecting your privacy and personal information in accordance with the Protection of Personal Information Act, 2013 (POPIA) and other applicable South African data protection laws.

This Privacy Policy explains how we collect, use, store, and protect your personal information when you use our Platform at foreverafterapp.co.za.

2. Information We Collect

2.1 Information You Provide

• Account Information: Name, email address, phone number, password
• Profile Information: Wedding date, location, preferences, photos
• Supplier Information: Business name, registration documents, tax information, insurance certificates, bank details, ID documents
• Communications: Messages, enquiries, reviews, support requests
• Payment Information: Credit card details, billing address (processed securely through third-party payment processors)

2.2 Automatically Collected Information

• Usage Data: Pages viewed, features used, time spent on Platform
• Device Information: IP address, browser type, device type, operating system
• Location Data: Approximate location based on IP address
• Cookies & Analytics: Session cookies, preference cookies, analytics data
• Security Logs: Login attempts, security events, suspicious activity

3. How We Use Your Information

We process your personal information for the following lawful purposes:

• Service Delivery: To provide and operate the Platform, connect couples with suppliers
• Account Management: To create and manage your account, verify identity
• Communication: To respond to enquiries, send notifications, provide support
• Payment Processing: To process subscription fees and transactions
• Verification: To verify supplier credentials and business documentation
• Platform Improvement: To analyze usage patterns, improve features, fix bugs
• Security: To detect fraud, prevent abuse, ensure Platform security
• Marketing: To send promotional content (with your consent, which you may withdraw anytime)
• Legal Compliance: To comply with legal obligations, tax requirements, court orders

4. Legal Basis for Processing (POPIA)

Under POPIA, we process your personal information based on:

• Consent: You have given explicit consent for specific purposes (e.g., marketing communications)
• Contract Performance: Processing is necessary to fulfill our contract with you (e.g., providing Platform services)
• Legal Obligation: We are required by law to process certain information (e.g., tax records, identity verification)
• Legitimate Interests: Processing is necessary for our legitimate business interests (e.g., fraud prevention, platform security) while respecting your rights

5. Information Sharing & Disclosure

We do not sell your personal information. We may share information with:

• Other Users: Profile information is visible to other Platform users as intended (e.g., supplier listings, couple profiles)
• Service Providers: Third-party vendors who help us operate the Platform (e.g., hosting, payment processing, email services) under strict confidentiality agreements
• Legal Authorities: When required by law, court order, or to protect our legal rights
• Business Transfers: In the event of a merger, acquisition, or sale of assets, with notice to affected users
• With Your Consent: Any other sharing will only occur with your explicit permission

6. Data Security

We implement appropriate technical and organizational measures to protect your personal information:

• Encryption: HTTPS/TLS encryption for data in transit, bcrypt for password hashing
• Access Controls: Role-based access, authentication requirements, session management
• Security Monitoring: Automated logging, intrusion detection, suspicious activity monitoring
• Rate Limiting: Protection against brute force attacks and automated abuse
• CSRF Protection: Cross-site request forgery prevention on all forms
• Regular Updates: Security patches, vulnerability assessments, code reviews
• Data Minimization: We only collect and retain data necessary for stated purposes

7. Data Retention

We retain personal information for as long as necessary to fulfill the purposes outlined in this policy:

• Active Accounts: For the duration of your account plus applicable legal retention periods
• Closed Accounts: Deleted within 90 days, except data required for legal/tax purposes
• Financial Records: Retained for 7 years as required by South African tax law
• Security Logs: Retained for 12 months for security analysis
• Legal Disputes: Retained until resolution of any legal claims or disputes

8. Your Rights Under POPIA

As a data subject under POPIA, you have the following rights:

To exercise any of these rights, please contact our Information Officer at privacy@foreverafterapp.co.za. We will respond within 30 days as required by POPIA.

9. Cookies & Tracking

We use cookies and similar technologies to enhance your experience:

• Essential Cookies: Required for Platform functionality (authentication, security)
• Preference Cookies: Remember your settings and preferences
• Analytics Cookies: Help us understand how users interact with the Platform
• Marketing Cookies: Used for targeted advertising (with your consent)

You can control cookies through your browser settings. Note that disabling essential cookies may affect Platform functionality.

10. Children's Privacy

Our Platform is not intended for individuals under 18 years of age. We do not knowingly collect personal information from children. If we become aware that we have collected information from a child under 18, we will delete it immediately.

11. International Data Transfers

Your personal information is primarily stored and processed in South Africa. If we transfer data to countries outside South Africa, we ensure appropriate safeguards are in place as required by POPIA, including:

• Transfers to countries with adequate data protection laws
• Standard contractual clauses approved by the Information Regulator
• Your explicit consent for specific transfers

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy with a new "Last Updated" date and, where appropriate, via email. Continued use of the Platform after changes constitutes acceptance of the updated policy.

13. Contact Us

For questions about this Privacy Policy, to exercise your POPIA rights, or to contact our Information Officer: