myCOOmyCOO.chatTerms of Service β†’
πŸ‡ΏπŸ‡¦ POPIA Compliant

Privacy Policy

Effective date: 12 May 2025 Β· Last updated: 12 May 2025

myCOO.chat ("myCOO", "we", "us", or "our") is committed to protecting your personal information. This Privacy Policy explains how we collect, use, share, and protect information about you when you use our platform.

This policy is governed by and complies with the Protection of Personal Information Act, 2013 (POPIA), the Electronic Communications and Transactions Act, 2002 (ECTA), and applicable South African data protection law. By using myCOO, you acknowledge that you have read and understood this policy.

1. Responsible Party (Data Controller)

Entity: myCOO.chat (Mathematix AI)

Country: Republic of South Africa

Email: privacy@mycoo.chat

Website: https://mycoo.chat

As the responsible party, we determine the purpose and means of processing your personal information and are accountable for ensuring compliance with POPIA.

2. Personal Information We Collect

We collect the following categories of personal information:

Account Information

Full name, email address, password (encrypted), profile photo (optional).

Business Information

Business name, type, industry, country, currency, description, services offered, target customers, brand colours.

Communication & Channel Data

WhatsApp phone number, Telegram chat ID, messages sent to/from the AI assistant (processed to provide the service).

Billing Information

Subscription plan, payment status. Actual payment card data is handled exclusively by Paystack and never stored by us.

Usage & Technical Data

IP address, browser type, device information, pages visited, feature usage events, timestamps.

Consent Records

Date and time you accepted these policies (kept for legal compliance).

3. Purpose of Processing

We process your personal information only for specific, explicitly defined, and lawful purposes:

  • β–ΈTo create and manage your account
  • β–ΈTo provide the AI COO service (answering queries, generating documents, sending reminders)
  • β–ΈTo personalise the AI assistant with your business context
  • β–ΈTo process payments and manage your subscription via Paystack
  • β–ΈTo send service notifications, reminders, and updates
  • β–ΈTo improve the platform and diagnose technical issues
  • β–ΈTo comply with our legal obligations under South African law
  • β–ΈTo detect and prevent fraud, abuse, or unauthorised access

4. Legal Basis for Processing (POPIA s.11)

We rely on the following lawful grounds:

Consent

You consent to our terms and this policy at sign-up.

Contract performance

Processing is necessary to deliver the myCOO service you subscribed to.

Legal obligation

We may need to retain certain records to comply with South African tax and company law.

Legitimate interests

To prevent fraud, improve security, and maintain platform reliability β€” balanced against your rights.

5. Third-Party Service Providers

We share your information only with trusted operators who help us deliver the service. All operators are contractually bound to process your data solely for the purposes we specify.

Supabase

Database, authentication, and file storage (servers located in AWS regions).

Paystack

Payment processing and subscription management. Paystack is PCI-DSS compliant.

Anthropic (Claude AI)

AI language model powering the COO assistant. Messages are processed under Anthropic's enterprise API terms.

Meta (WhatsApp Business API)

Delivery of messages via WhatsApp. Governed by Meta's WhatsApp Business API terms.

Telegram

Delivery of messages via Telegram Bot API.

Vercel

Web hosting and CDN infrastructure.

Vercel Analytics

Anonymous page view analytics β€” no personal identifiers are stored.

We do not sell, rent, or trade your personal information to any third party for their own marketing purposes.

6. Data Retention

We retain your information only for as long as necessary:

Account and profile data

Duration of your account plus 3 years after closure (for legal compliance).

Conversation/message history

Retained while your account is active; deleted within 90 days of account closure.

Billing records

7 years as required by the South African Revenue Service (SARS) regulations.

Consent records

Indefinitely, as required to demonstrate lawful processing under POPIA.

Usage logs

Up to 12 months for security and platform improvement purposes.

7. Your Rights Under POPIA

As a data subject, you have the following rights (POPIA Chapter 3, Part A):

Right to be notified (s.18)

You must be informed when we collect your personal information.

Right of access (s.23)

You can request a copy of the personal information we hold about you.

Right to correction or deletion (s.24)

You can request we correct inaccurate information or delete it where we no longer have lawful grounds to hold it.

Right to object (s.11(3))

You can object to processing based on legitimate interests or direct marketing at any time.

Right to restrict processing

You can request we limit how we process your data in certain circumstances.

Right to data portability

You can request your data in a structured, machine-readable format.

Right to withdraw consent

Where processing is based on consent, you may withdraw it at any time without affecting prior lawful processing.

Right to lodge a complaint (s.73–74)

You may submit a complaint to the Information Regulator of South Africa.

To exercise any of these rights, email us at privacy@mycoo.chat. We will respond within 30 days.

8. Security Safeguards (POPIA s.19)

We implement appropriate technical and organisational measures to protect your personal information, including:

  • βœ“All data transmitted over TLS/HTTPS encryption
  • βœ“Passwords are never stored in plaintext (bcrypt hashing via Supabase Auth)
  • βœ“Database access controlled by Row-Level Security (RLS) policies
  • βœ“JWT-based authentication with short-lived tokens
  • βœ“Regular security reviews and vulnerability assessments
  • βœ“Access to production data restricted to authorised personnel only

In the event of a data breach that may affect your rights, we will notify you and the Information Regulator as required by POPIA section 22.

9. Cookies & Tracking

We use essential cookies to manage your authentication session. We use Vercel Analytics for anonymous aggregate analytics β€” no personally identifiable tracking. We do not use advertising or third-party tracking cookies.

10. Cross-Border Data Transfers (POPIA s.72)

Some of our service providers (Supabase, Vercel, Anthropic) process data outside South Africa. We only transfer data to countries or providers that offer an adequate level of protection comparable to POPIA, through contractual safeguards and data processing agreements.

11. Children's Privacy

myCOO is not directed at children under the age of 18. We do not knowingly collect personal information from minors. If you believe a child has provided us with personal information, please contact us immediately and we will delete it.

12. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you via email and/or a prominent notice on our platform at least 14 days before the change takes effect. Your continued use of myCOO after the effective date constitutes acceptance of the updated policy.

13. Information Regulator of South Africa

If you are not satisfied with our response to a privacy concern, you have the right to lodge a complaint with the Information Regulator:

Website: https://inforegulator.org.za

Email: complaints@inforegulator.org.za

Address: JD House, 27 Stiemens Street, Braamfontein, Johannesburg, 2001

Tel: 010 023 5207

14. Contact Us

For any questions, requests, or concerns about this Privacy Policy or how we handle your personal information, please contact our Information Officer at:

Email: privacy@mycoo.chat

Website: https://mycoo.chat/contact

Terms of ServiceCookie PolicyPOPIA Statement← Back to myCOO