Privacy Policy

SPS Software is a South African software development and technology consultancy. We build websites, mobile applications, AI-powered tools, and cloud infrastructure for businesses across South Africa and beyond. Our principal place of business is in South Africa and we operate primarily at sps-software.co.za.

For any privacy-related enquiries, contact us at contact@sps-software.co.za.

We collect information in the following ways:

Information you provide directly

• Contact forms — name, email address, and the message you submit.
• Consultation bookings — name, email address, phone number (if provided), and preferred appointment details.
• Account registration — username, email address, and password (stored as a secure hash by WordPress).
• Profile updates — display name, profile picture, and role information you add to your account.

Information collected automatically

• Usage data — pages visited, time on site, and referral source, collected via Vercel Analytics in an anonymised, cookie-free manner.
• Authentication tokens — a JWT access token and a refresh token are stored in your browser's localStorage and in an httpOnly cookie to keep you logged in. These expire after the session period and are cleared on logout.

Third-party services

• Google Calendar — consultation bookings are created as calendar events. Google processes this data under their own Privacy Policy.
• Resend — used to send confirmation emails for bookings and contact form submissions.
• Vercel — our hosting provider may collect request logs (IP address, user agent) for infrastructure purposes.

We use the information we collect to:

• Schedule and confirm consultation appointments.
• Respond to contact form enquiries.
• Maintain and authenticate your account.
• Send transactional emails (booking confirmations, password resets).
• Improve the performance and user experience of our website.
• Comply with legal obligations applicable under South African law.

We do not sell, rent, or trade your personal information to third parties for marketing purposes.

We process your personal information under the Protection of Personal Information Act, 4 of 2013 (POPIA). Our processing is based on:

• Contractual necessity — to deliver services you request, such as consultations.
• Legitimate interest — to operate, maintain, and improve our website securely.
• Consent — where you have explicitly provided it (e.g. submitting a contact form).
• Legal obligation — where we are required to retain certain records.

We retain your personal information only for as long as necessary to fulfil the purposes described in this Policy or as required by law:

• Contact form submissions — up to 12 months.
• Consultation booking records (Google Calendar events) — as long as the event exists in our calendar, typically 24 months.
• Account data — for the duration of your account and up to 30 days after deletion is requested.

We use browser storage mechanisms for authentication purposes only, not for advertising or behavioural tracking:

• httpOnly cookie (wp-auth-token) — stores your authentication state. Expires after 7 days.
• localStorage — stores your JWT token and refresh token client-side for seamless session management.

Our analytics provider (Vercel Analytics) is cookieless and does not fingerprint individual users. No third-party advertising cookies are set by SPS Software.

As a data subject under POPIA, you have the right to:

• Access the personal information we hold about you.
• Request correction of inaccurate or incomplete information.
• Request deletion of your personal information (subject to legal obligations).
• Object to or restrict processing in certain circumstances.
• Lodge a complaint with the Information Regulator of South Africa.

To exercise any of these rights, email us at contact@sps-software.co.za. We will respond within 30 days.

We implement appropriate technical and organisational measures to protect your personal information against unauthorised access, disclosure, alteration, and destruction. These include:

• HTTPS encryption for all data in transit.
• httpOnly cookies to prevent client-side token theft.
• Hashed password storage via WordPress.
• Restricted access to production systems on a need-to-know basis.

No method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security but we take reasonable precautions.

Our website may contain links to third-party websites (e.g. LinkedIn, GitHub). We are not responsible for the privacy practices of those sites. We encourage you to review their privacy policies before providing them with personal information.

Our services are not directed at individuals under the age of 18. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us so we can delete it promptly.

We may update this Privacy Policy from time to time. When we do, we will revise the effective date at the top of this page. We encourage you to review this Policy periodically. Continued use of our website after changes are posted constitutes your acceptance of the updated Policy.

If you have questions, concerns, or requests regarding this Privacy Policy or how we handle your personal information, please contact us: