Privacy notice
Effective 6 July 2026 · This notice describes how PropertyDealIQ processes personal information under the Protection of Personal Information Act (POPIA).
1. What we collect
Account details you provide (email address, full name, phone number, password — stored as a salted hash, never in plain text); investment profile inputs (target city/suburb, budget, deposit, financing assumptions); usage data tied to your account (properties viewed/saved/compared, subscription and checkout events); and standard request metadata (IP address, used only for rate-limiting and abuse prevention).
2. Why we process it
To operate your account and session; to personalise property screening and analysis to your stated assumptions; to process subscription payments and enforce plan limits; to prevent abuse (rate limiting); and to maintain an audit trail of decisions you make inside the investor workflow (see below). Phone number is collected at signup for account-recovery and support purposes; it is not used for marketing.
3. Retention
Account and profile data is retained for as long as your account exists. Audit-trail entries (who changed what, when, and why, inside the deal/underwriting workflow) are retained even after account deletion, but are anonymised rather than deleted — see the deletion section below — so that the historical record of decisions already made remains intact without identifying you.
4. Your rights and how to exercise them
You may access, correct or delete your personal information at any time. Log in and visit Account to change your password or delete your account entirely — deletion removes your profile, saved properties, subscriptions, sessions and workflow data, and anonymises (rather than deletes) your entries in the append-only audit trail. If you cannot access your account, contact us using the details on this site.
5. Sharing
We do not sell personal information. Subscription payments are processed by PayFast (South Africa); Google Maps is used for map display (your browser communicates with Google directly when a map is shown). No other third parties receive your personal information.
6. Security
Passwords are hashed with scrypt and never stored or logged in plain text. Sessions are authenticated with signed tokens, not stored as plain bearer tokens. All connections use HTTPS.