DATAHUB+ (MOBILE APP) PRIVACY POLICY

Applies to: The datahub+ mobile application on iOS and Android, Castigroup (Pty) Ltd websites, services, and any related channels operated by Castigroup (Pty) Ltd; its subsidiaries and affiliates (“Castigroup”, “we”, “us”, “our”).

This policy supplements Castigroup’s standard privacy notice with mobile-specific details required by Apple App Store and Google Play. Where the app interacts with other Castigroup services or websites, this policy and the standard notice apply together.

A. Responsible Party & Contact

Castigroup is the responsible party / controller for personal information processed via datahub+.
Address: Foyer 3, 1st Floor, Colosseum Building, Century Way, Century City, Cape Town, 7441
Privacy queries: privacy@castigroup.com

B. Our Legal Bases (POPIA/GDPR-aligned)

We process personal information when one or more of the following applies:

  1. Contract performance (e.g., account creation, authentication, service delivery in the app).
  2. Legal obligation (e.g., compliance, fraud prevention, safety).
  3. Legitimate interests (e.g., app security, debugging, usage analytics to improve services) balanced against your rights.
  4. Consent (e.g., marketing notifications, device permissions not strictly necessary, cross-app tracking on iOS).
  5. Vital/public interest (rare; e.g., safety or legal claims).

We’ll only use your data for the purposes collected unless a compatible purpose applies or we obtain new consent.

C. What We Collect in the App

Categories (what may be collected depends on the features you use, your device settings/permissions, and your choices in the app):

  1. Account & Profile – name, email, employer, role/title, password hash, user IDs.
  2. Contact Details – email, phone number, business address.
  3. App Activity & Usage – feature interactions, in-app events, session timestamps, screens viewed.
  4. Device/Technical – device model, OS/version, app version, language/region, IP address, crash logs, diagnostics, performance data, mobile network.
  5. Identifiers – Castigroup internal user ID, device identifiers (e.g., Android Advertising ID (GAID), iOS Identifier for Vendors (IDFV)). If you opt-in on iOS, IDFA may be used for tracking/attribution per Apple’s ATT framework.
  6. Location (optional) – coarse or precise location only if you grant permission (used for location-aware features, e.g., site access, nearby services).
  7. Files/Media (optional) – if you choose to upload content or attach files/photos/documents within the app.
  8. Support Content – information you provide when contacting support from within the app (including logs you choose to share).

We avoid collecting special personal information (e.g., health, biometrics, religion, union membership, political views) unless strictly necessary and lawful. If such processing ever applies, we’ll use heightened safeguards and/or obtain explicit consent.

D. Device Permissions (You Control These)

Depending on usage, the app may request access to: Notifications, Camera, Photos/Media/Files, Location, Face/Touch ID (for on-device authentication only).
You can grant/deny each in your device settings at any time. Some features may not function without the relevant permission.

E. Why We Process (Purposes)

  • Account setup & authentication
  • Providing and improving services in the app (personalisation where lawful)
  • Customer support & communications (including service notices)
  • Security, fraud prevention, and debugging (e.g., crash logs, diagnostics)
  • Analytics & performance (aggregated usage trends)
  • Marketing (only with your consent; you can opt out at any time)
  • Push notifications (service and/or marketing per your settings)
  • Legal compliance and enforcement of terms

F. Third-Party Processors & SDKs

We use reputable service providers to run the app (e.g., hosting, analytics, crash reporting, push messaging, authentication, in-app updates). These providers act as processors under our instructions and may receive the data types above strictly to deliver their services to us. Examples of categories of SDKs/processors we may use:

  • Analytics & Crash Reporting (e.g., app performance, stability)
  • >Messaging & Push Notifications (e.g., Apple Push Notification service, Firebase Cloud Messaging)
  • Attribution/Measurement (subject to consent/ATT on iOS)
  • Authentication & Access Management
  • Content Delivery & Storage

We contractually require processors to implement appropriate security and not use your data for their own independent purposes. A current list or categories of SDKs/processors can be requested at privacy@castigroup.com and may also be surfaced in-app.

G. Sharing and Transfers

We may share personal information with:

  • Castigroup group entities (intra-group processing under appropriate safeguards).
  • Processors/Service Providers (see above).
  • Professional advisors (legal, compliance, auditors).
  • Authorities where legally required.
  • Corporate transactions (merger, acquisition, restructuring), subject to continuity of protections.

We may transfer data outside South Africa where necessary. We use appropriate transfer safeguards (e.g., contractual clauses or applicable adequacy mechanisms). Details are available from the Information Officer upon request.

H. Security

We apply reasonable and appropriate technical and organisational measures to protect confidentiality, integrity, and availability (including encryption in transit, access controls, least-privilege, monitoring, and secure development practices). Paper records (if any) are stored securely.

I. Retention & Deletion

We retain personal information only as long as necessary for the purposes above, and as required by law, contracts, or legitimate interests (e.g., security logs). When no longer needed, we securely delete or de-identify data in line with our records management policy.

Account deletion: Where an in-app Delete Account option is available, we will anonymise or delete your personal data (except where retention is required by law or for legal claims). You can also request deletion via privacy@castigroup.com.

J. Cookies & Mobile Equivalents

The app does not use web cookies, but SDKs may perform similar functions (e.g., analytics event storage on device). Controls are available through in-app settings, device settings, and platform-provided privacy controls (e.g., Limit Ad Tracking / Reset Advertising ID).

K. Your Rights (POPIA/GDPR)

Subject to conditions in law, you may have the right to: access, rectify, object, withdraw consent, data portability, and erasure.

To exercise rights or lodge a complaint, contact privacy@castigroup.com. You may also contact the Information Regulator (South Africa) or your local data protection authority.

Your duties: keep your details up to date; safeguard your credentials/devices; we may request reasonable identity verification to process your requests.

L. Children

datahub+ is not intended for children under 16. We do not knowingly collect personal information from children in these age ranges. If you believe a child has provided personal information, contact us so we can delete it.

M. Marketing & Notifications

  • Service notifications (e.g., updates, security alerts) are part of service delivery.
  • Marketing notifications are opt-in. You can withdraw consent in app settings or by using the unsubscribe/OS notification controls at any time.

N. Platform-Specific Disclosures

iOS (Apple App Tracking Transparency)

  • We do not track you across other companies’ apps and websites unless you expressly Allow “Track” when prompted by iOS ATT.
  • If you allow tracking, we may access the IDFA for attribution/measurement per Apple policies. You can change this anytime under Settings > Privacy > Tracking.

Android (Google Advertising ID)

  • Where advertising/attribution is enabled, we may use the Google Advertising ID (GAID) subject to your device settings. You can reset or limit ad personalization in Settings > Privacy > Ads (wording may vary by device).

O. App Store & Google Play Disclosures (Summary)

The exact combinations depend on which features you use and permissions you grant. Unless otherwise noted, the data is not sold and is not used for advertising without your consent.

Data collected and purposes

  • Contact Info (name, email, phone) – account creation, support, service notifications, security, (marketing only with consent).
  • Identifiers (internal user ID, device ID, IDFV; IDFA only if opted-in on iOS) – authentication, security, fraud prevention, analytics, diagnostics.
  • App Activity & Usage Data – analytics, product improvement, diagnostics.
  • Diagnostics & Crash Data – app stability, debugging, security.
  • Location (coarse/precise – optional) – feature enablement where necessary (e.g., location-aware services) and only with permission.
  • Files/Photos (optional, user-initiated) – to upload or attach content within the app.
  • Contacts/Calendar (optional) – only to power explicit features you choose to use.
  • Financial Info (if applicable) – to complete paid transactions via platform providers/processors.

Data sharing

  • With processors under contract; not for their independent use.
  • With Castigroup group entities under safeguards.
  • With authorities if legally required.

Security & encryption

  • Data is encrypted in transit; sensitive data protected via industry-standard controls.

Deletion

User control

  • Toggle permissions in device settings (Location, Camera, Photos, Contacts, Calendar, Bluetooth, Notifications).
  • Manage tracking/ads identifiers (ATT on iOS; GAID on Android).
  • Manage marketing preferences in-app or via unsubscribe links.

P. Social Media & Links

If the app links to Castigroup social media pages or external sites, those platforms’ own privacy policies apply.

Q. Changes to This Policy

We may update this policy from time to time. We’ll post updates in-app and/or on our website and indicate the effective date above. Significant changes may be communicated via in-app notice or email.

Contact

Questions, requests, or complaints: privacy@castigroup.com
Postal: Castigroup (Pty) Ltd, Foyer 3, 1st Floor, Colosseum Building, Century Way, Century City, Cape Town, 7441

Get in Touch

Get in Touch

We'd love to hear from you!

Your details could not be saved. Please try again.
Your submission has been successful.
When you submit your details, our Terms and Privacy Policy will apply.