🔐 Privacy

Privacy Policy

Your trust matters. Here's exactly what we collect, why we collect it, and the control you have over your information — in plain English.

Last updated: May 2026 · POPIA-compliant · Registered in South Africa

🇿🇦POPIA-compliantSA data protection law
🔒SSL encryption256-bit on every page
🚫We never sell dataYour info stays yours
💳No stored cardsPayFast handles payments

01 Introduction

Doodlebot™ ("we", "us", "our") respects your privacy and is committed to protecting your personal information. This Privacy Policy explains how we collect, use, store, and share information when you visit doodlebot.co.za or place an order with us.

This policy is compliant with the South African Protection of Personal Information Act (POPIA) No. 4 of 2013. By using our website or placing an order, you consent to the practices described in this policy.

02 What information we collect

We collect different types of information depending on how you interact with us:

Information you give us directly

  • Order information: name, delivery address, billing address, email, phone number
  • Account information: email and password if you create an account
  • Communications: emails or messages you send to support
  • Marketing preferences: opt-in status for newsletters and offers

Information collected automatically

  • Device & browser info: IP address, browser type, operating system, screen resolution
  • Usage data: pages visited, time on site, products viewed, referring URL
  • Cookies: see Section 4 for full details

What we do NOT collect

We do not store credit card numbers, CVV codes, or banking details. All payment processing is handled directly by PayFast, a PCI-DSS compliant payment gateway.

03 How we use your information

We use the information we collect for specific, lawful purposes only:

  • Order fulfilment: processing your order, arranging delivery, sending tracking updates
  • Customer service: responding to your questions, processing returns or refunds
  • Account management: creating and securing your account if you have one
  • Marketing (only with your consent): sending newsletters, product launches, and special offers — you can unsubscribe at any time
  • Site improvement: understanding how visitors use the site so we can make it better
  • Legal compliance: meeting our obligations under South African law (CPA, POPIA, tax law)
  • Fraud prevention: identifying and stopping fraudulent orders or activity

04 Cookies & tracking technologies

Cookies are small text files stored on your device. We use them to make the site work, to remember your preferences, and to understand how visitors use the site.

Types of cookies we use

  • Essential cookies: required for the site to function (e.g. keeping your cart contents). These cannot be disabled.
  • Analytics cookies: help us count visitors, measure traffic sources, and improve performance (Shopify Analytics, Google Analytics)
  • Marketing cookies: used to show you relevant ads on other sites (Meta Pixel)

Managing cookies

You can control or delete cookies through your browser settings at any time. Disabling essential cookies may break certain features (like the shopping cart).

05 Who we share information with

We never sell your personal information. We only share information with trusted service providers who need it to help us run the business:

  • Shopify — our e-commerce platform (order data, account details)
  • PayFast — payment processing (card details handled directly by PayFast, not us)
  • Courier partners — delivery (name, address, phone, order number)
  • Email service providers — sending order updates and (with your consent) marketing emails
  • Analytics providers — Google Analytics, Meta (aggregated, anonymised data)

All third parties are bound by data protection agreements and are not permitted to use your information for any purpose other than the service they provide to us.

We may also disclose information when required by law, court order, or to protect our rights, property, or safety.

06 How long we keep your information

We retain personal information only as long as necessary for the purposes set out in this policy, or as required by law:

  • Order records: at least 5 years (required by South African tax law)
  • Customer accounts: until you request deletion
  • Marketing preferences: until you unsubscribe
  • Analytics data: typically 26 months (Google Analytics default)

07 Your rights under POPIA

As a South African data subject, you have the following rights regarding your personal information:

  • Right of access: request a copy of the information we hold about you
  • Right to correction: ask us to fix any inaccurate or outdated information
  • Right to deletion: ask us to delete your information (subject to legal retention obligations)
  • Right to object: object to specific uses of your information, including direct marketing
  • Right to withdraw consent: withdraw consent for marketing or other consent-based processing at any time
  • Right to lodge a complaint: contact the Information Regulator if you believe we've mishandled your data

To exercise any of these rights, email us at support@doodlebot.co.za. We'll respond within 30 days.

You can also contact the Information Regulator at inforegulator.org.za.

08 How we protect your information

We take security seriously and use industry-standard measures to protect your personal information:

  • 256-bit SSL encryption on every page of the site
  • PCI-DSS compliant payment processing via PayFast — your card details never touch our servers
  • Restricted internal access — only employees who need information to do their jobs can access it
  • Regular security reviews of our systems and processes

While we use best-practice safeguards, no system is 100% secure. We cannot guarantee absolute security, but we will notify affected customers and the Information Regulator if a security breach affects personal information, as required by POPIA.

09 Children's privacy

Our products are designed for children, but the site is intended for use by adults (parents, guardians, gift-givers). We do not knowingly collect personal information from children under the age of 18.

If we discover that we've collected information from a child under 18 without parental consent, we will delete it immediately. Parents who believe their child has provided us with personal information should contact us at support@doodlebot.co.za.

10 International transfers

Some of our service providers (e.g. Shopify, Google Analytics) are based outside South Africa and may process your information internationally. When we transfer information across borders, we ensure these providers offer protection equivalent to POPIA through their own data protection commitments.

11 Changes to this policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. The "Last updated" date at the top of this page reflects the most recent revision.

For significant changes, we'll let you know via email (if you have an account) or a banner on the site. Continued use of the site after changes are posted constitutes acceptance of the updated policy.

12 Contact us

Questions, concerns, or requests about your personal information? Get in touch:

📧 support@doodlebot.co.za
🕗 Mon–Fri, 8am–6pm SAST
🇿🇦 Doodlebot™ · South Africa

Information Officer: queries regarding POPIA compliance can be sent to the same email — please include "POPIA request" in the subject line for faster routing.

🛡️
Your information is safe with us.

We never sell your data. We never spam. We use only what we need to fulfil your order and improve your experience.

Questions about your data?

Email us and we'll respond within 24 hours, Monday to Friday.

📧 Email Us