Jols

DISCLAIMER — NOT LEGAL ADVICE. This document is a drafted template prepared as a starting point only. It is not legal advice and has not been reviewed by a lawyer. It must be reviewed, completed, and approved by a qualified South African attorney (ideally one experienced in POPIA and consumer/tech law) before it is published or relied upon. Placeholders in [SQUARE BRACKETS] must be completed before publishing.

Jols Privacy Policy

Effective date: [DATE]

This Privacy Policy explains how [LEGAL ENTITY NAME] ("Jols", "we", "us", or "our") collects, uses, shares, and protects your personal information when you use the Jols mobile application and related services (the "App" or "Service").

Jols is a South African social event-discovery app that helps you find parties and events ("jols"), discover venues, and connect with friends on a live map.

We are committed to protecting your privacy and to processing your personal information lawfully, fairly, and transparently in accordance with the Protection of Personal Information Act, 2013 ("POPIA") of South Africa. Where the General Data Protection Regulation ("GDPR") or similar laws apply to you, this Policy is also intended to support those rights (see Section 12).

By creating an account or using the App, you confirm that you have read and understood this Policy. Where we rely on your consent, we will ask for it separately and clearly.

1. Who we are (Responsible Party / Controller)

For the purposes of POPIA, the Responsible Party for your personal information is:

  • Legal entity: [LEGAL ENTITY NAME]
  • Registered address: [REGISTERED ADDRESS]
  • Information Officer: [INFORMATION OFFICER NAME]
  • Privacy contact email: privacy@jols.co.za (placeholder — confirm this mailbox is monitored before launch)
  • General support email: support@jols.co.za (placeholder — confirm before launch)

Our Information Officer is responsible for ensuring our compliance with POPIA, handling your requests, and engaging with the Information Regulator. You may contact the Information Officer using the details above.

Founder note: Under POPIA, the Information Officer must be registered with the Information Regulator before processing begins. Confirm registration is complete.

2. The personal information we collect

We only collect personal information that we need to provide and improve the Service. The categories below describe what we collect and why.

2.1 Information you give us directly

InformationWhy we collect it
Email addressTo create and secure your account, log you in, and send essential service communications.
Phone numberFor account setup and to help you find friends already on Jols. Your phone number is hashed (irreversibly transformed) before it is used for contact matching, so we do not store readable copies for matching purposes (see Section 2.3).
Profile informationThe name, username, and profile photo you choose.
User-generated contentEvents ("jols") you create, photos you upload to events, chat messages, photo tags, friend requests, and ratings or "vibe tags" you add.

2.2 Precise location information

With your permission, we collect your precise device location so we can:

  • show nearby jols, venues, and friends on a live map; and
  • show your approximate location to your friends on the map.

You control this:

  • Location is only collected if you grant the App location permission in your device settings.
  • Ghost Mode: you can switch on Ghost Mode in the App at any time to hide your live location from other users.
  • You can revoke location permission entirely at any time through your device settings; some map features will not work without it.

2.3 Device contacts ("Find Friends")

If you choose to use the Find Friends from Contacts feature, the App will access your device's contacts so we can tell you which of your contacts already use Jols.

  • We process contact phone numbers in hashed form to perform the matching, via a secure server function.
  • We use this only to suggest friend connections — we do not sell your contacts, message your contacts on your behalf, or use them for advertising.
  • This feature is optional. You can decline contacts access and still use Jols.

Founder note: Confirm with your attorney whether contacts belonging to people who are not Jols users must be deleted immediately after matching, and document the retention behaviour of the find-contacts function accordingly.

2.4 Information we collect automatically

InformationWhy
Push notification tokenA device identifier (via Expo) that lets us send you notifications such as friend requests, chat messages, and event reminders.
Device and usage informationDevice type, operating system, app version, and basic interaction/diagnostic data to keep the App working, secure, and stable.
Authentication dataSession and login security data managed by our authentication provider.

2.5 Information from third-party sign-in (where offered)

If you sign in using Google or Apple Sign-In (where available), we receive basic profile information (such as your name and email) from that provider, in line with the permissions you grant during sign-in. We do not receive your password for those accounts.

We do not intentionally collect special categories of personal information (such as health, religion, or political views). Please do not post such information in your content.

3. How we use your personal information (Purpose)

We process your personal information for the following purposes:

  1. To provide the core service — create your account, show jols, venues, and friends on the map, let you create and join events, chat, tag photos, and rate venues.
  2. To connect you with friends — process friend requests, contact matching, and "going out" nudges.
  3. To send notifications — friend requests, messages, event updates, and other service notifications via push.
  4. To keep the Service safe and secure — prevent fraud, abuse, spam, and unauthorised access, and enforce our Terms of Service.
  5. To improve the Service — understand how features are used and fix problems.
  6. To comply with the law — meet our legal and regulatory obligations.

We will not use your personal information for a new, incompatible purpose without informing you and, where required, obtaining your consent.

4. Lawful basis for processing (POPIA)

We process your personal information only where we have a lawful basis to do so under POPIA. Depending on the activity, we rely on:

  • Your consent — for optional features such as access to your location, contacts, and push notifications, and where otherwise required. You may withdraw consent at any time (see Section 10).
  • Performance of a contract — to deliver the Service you sign up for (for example, your account and the App's core features).
  • Our legitimate interests — to keep the Service secure, prevent abuse, and improve our features, balanced against your rights.
  • Legal obligation — where the law requires us to process or retain information.

When you record your acceptance of our Terms of Service (for example, the consent we capture at onboarding), we keep a timestamped record that you accepted them, as evidence of your agreement.

We also follow the eight conditions for lawful processing under POPIA: accountability; processing limitation; purpose specification; further-processing limitation; information quality; openness; security safeguards; and data-subject participation. This Policy is designed to give effect to those conditions.

5. How we share your information

We do not sell your personal information. We share it only as described below.

5.1 With other users

Some information is shared with other users as part of how the App works:

  • Your profile (name, username, photo) is visible to other users.
  • Your content (events you create, chat messages, photo tags, ratings/vibe tags) is visible to the relevant audiences within the App.
  • Your live location is visible to your friends on the map unless Ghost Mode is on.

5.2 With our service providers (Operators / Processors)

We use trusted third parties to run the Service. They process personal information on our behalf and under our instructions:

ProviderRoleWhat they process
SupabaseDatabase, authentication, and file storage hostingAccount data, content, uploaded photos, and authentication data.
ExpoApp infrastructure and push notificationsPush notification tokens and delivery of notifications.
MapboxMaps and location displayMap rendering and location-related requests.

Founder note: Confirm where each provider stores data (data residency / cross-border transfers — see Section 7) and ensure you have an Operator agreement / data-processing addendum in place with each, as POPIA requires.

5.3 For legal and safety reasons

We may disclose information where we reasonably believe it is necessary to comply with the law, respond to lawful requests, enforce our Terms, or protect the rights, safety, and property of users, the public, or Jols.

5.4 Business transfers

If Jols is involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any change in the Responsible Party.

6. User content and photos

Photos and other content you upload are stored using our hosting provider (Supabase Storage). Please be thoughtful about what you post: content shared in the App may be seen by other users. Do not upload photos of other people without their consent, and follow our Terms of Service rules on content.

7. Cross-border transfers

Some of our service providers may store or process personal information outside South Africa. Where this happens, we will take reasonable steps to ensure the information receives a level of protection consistent with POPIA — for example, by relying on providers that are subject to laws or binding agreements offering adequate protection, or with your consent where required.

Founder note: Confirm the actual hosting regions of Supabase, Expo, and Mapbox and complete the cross-border-transfer basis with your attorney.

8. How long we keep your information (Retention)

We keep personal information only for as long as necessary for the purposes set out in this Policy, or as required by law.

  • Account information is kept while your account is active.
  • Content (events, messages, photos) is kept while relevant to the Service.
  • When you delete your account (see Section 9), we delete or de-identify your personal information within a reasonable period, except where we are required to keep certain records (for example, for legal, security, or fraud-prevention reasons), in which case we keep only what is necessary and for no longer than required.
  • Hashed phone numbers used for contact matching are retained only as long as needed for that feature.

Founder note: Define concrete retention periods (e.g. "30 days after deletion request") with your attorney and align them to what the backend actually does.

9. Deleting your account and data

You can delete your Jols account at any time. To do so:

  • Use the account deletion option in the App (confirm this is available in-app at: Profile → Settings → Delete Account); or
  • Email privacy@jols.co.za (or support@jols.co.za) and request deletion.

When you delete your account, we will delete or de-identify your personal information as described in Section 8. Some information may be retained where the law requires, or in backups that are overwritten on our normal cycle. Content you shared with others (for example, group chat messages) may remain visible to those users.

Apple App Store note: Apple requires apps that let users create accounts to also let users initiate deletion from within the app. Ensure an in-app deletion path exists and that this section accurately describes it before submission.

10. Your rights (POPIA)

As a data subject under POPIA, you have the right to:

  • Be informed about how we process your personal information (this Policy).
  • Access the personal information we hold about you.
  • Correct or update information that is inaccurate, irrelevant, excessive, out of date, incomplete, misleading, or unlawfully obtained.
  • Delete or destroy your personal information in the circumstances allowed by law (see Section 9).
  • Object to processing in certain circumstances, including for direct marketing.
  • Withdraw consent at any time, where we rely on consent (for example, by turning off location/contacts permissions, disabling notifications, or contacting us). Withdrawal does not affect processing already carried out.
  • Complain to the Information Regulator (see Section 14).

To exercise any of these rights, contact our Information Officer at privacy@jols.co.za. We may need to verify your identity before acting. We will respond within the timeframes required by law.

11. Children and minimum age

Jols is intended for adults. You must be at least 18 years old to use Jols.

We have chosen 18+ because Jols facilitates discovery of and attendance at real-world parties and nightlife events, which may take place at licensed venues and may not be appropriate for minors.

We do not knowingly collect personal information from anyone under 18. Under POPIA, the personal information of children (anyone under 18) may generally only be processed with the consent of a competent person (such as a parent or guardian) and within strict limits. If we learn that we have collected information from a person under 18 without the required consent, we will delete it. If you believe a minor has provided us with personal information, contact us at privacy@jols.co.za.

Founder note: 18+ is recommended given the nightlife nature of the app and because it avoids POPIA's stricter children's-data regime entirely. If you instead choose 16+, your attorney must advise on the additional consent and safeguarding obligations that apply to users aged 16–17.

12. Visitors outside South Africa (GDPR and similar laws)

If you use Jols from the European Union, United Kingdom, or another region with similar data-protection laws, you may have additional or equivalent rights, including the rights of access, rectification, erasure, restriction, objection, and data portability, and the right to lodge a complaint with your local supervisory authority. We aim to honour these rights in line with the principles set out in this Policy. Contact privacy@jols.co.za to exercise them.

13. Security

We take reasonable and appropriate technical and organisational measures to protect your personal information against loss, unauthorised access, and misuse — including secure hosting, access controls, and encryption of data in transit. Hashing is used for phone numbers used in contact matching.

No system is perfectly secure. If we become aware of a security compromise affecting your personal information, we will notify you and the Information Regulator where the law requires us to do so.

14. Complaints and the Information Regulator

If you have a concern about how we handle your personal information, please contact our Information Officer first at privacy@jols.co.za so we can try to resolve it.

You also have the right to complain to the Information Regulator of South Africa:

15. Changes to this Policy

We may update this Policy from time to time. If we make material changes, we will notify you through the App or by other reasonable means and update the "Effective date" above. Your continued use of the App after changes take effect means you accept the updated Policy.

16. Contact us

  • Privacy / data requests: privacy@jols.co.za
  • General support: support@jols.co.za
  • Information Officer: [INFORMATION OFFICER NAME]
  • Responsible Party: [LEGAL ENTITY NAME], [REGISTERED ADDRESS]