Privacy Policy
Last updated: · Governed by South Africa's Protection of Personal Information Act (POPIA).
specs/06-nonfunctional-security-popia.md and
specs/15-compliance-automation.md, and reviewed by a South African privacy-law specialist
before go-live (see specs/MASTER-BUILD-RUNBOOK.md, Week 1–2 lean-launch path).
1. Who we are
Vendla ("we", "us") operates a WhatsApp commerce platform for South African retail businesses ("tenants") and their customers.
2. What we collect
Business account details; WhatsApp Business Account and phone number metadata; conversation, order, and consent records processed on behalf of a tenant; site analytics (first-party, consent-gated for anything beyond strictly-necessary funnel measurement).
3. Consent & marketing
No marketing message is sent to a contact without a recorded, timestamped opt-in ("Consent Counter"). Opt-out ("STOP") is honoured immediately.
4. Your rights
Under POPIA you may request access to, correction of, or deletion of your personal information. Contact our Information Officer at privacy@vendla.co.za.
5. Data processing & sub-processors
We use Supabase (database/auth), AWS (infrastructure, af-south-1 where available), and Meta (WhatsApp Cloud API) as sub-processors. A full data-processing annexure will be published before general availability.
Questions? Chat to us on WhatsApp or email privacy@vendla.co.za.