Privacy Policy

Destinos Online (Pty) Ltd operates destinos.dev ("the Website"). We are the responsible party for personal information we collect in terms of the Protection of Personal Information Act 4 of 2013 ("POPIA").

Contact: hello@destinos.dev · POPIA enquiries: popia@destinos.dev

Information you provide: When you submit a contact form, request a quote, or sign up for services, we collect your name, email address, phone number, and the content of your message.

Account information: If you use our client portal, we collect your email address and any profile information you provide.

Payment information: Payments are processed by third-party providers (Paystack, Yoco). We do not store card numbers or banking details on our servers.

Technical data: We automatically collect your IP address, browser type, pages visited, and referring URLs when you use the Website. This data is used in aggregate to improve performance.

We use your personal information to:

• Respond to enquiries and provide requested services
• Process payments and manage your account
• Send service-related communications (invoices, updates, support)
• Improve and secure our website and services
• Comply with legal obligations

We do not sell, rent or trade your personal information to third parties for marketing purposes.

We process your personal information where: (a) it is necessary to perform a contract with you; (b) you have given consent; (c) we have a legitimate interest that does not override your rights; or (d) we are required to do so by law.

We share personal information only with trusted service providers who assist us in operating our business, under strict confidentiality obligations:

• Supabase — database and file storage (EU / US servers)
• Vercel — website hosting and edge delivery (global)
• Paystack / Yoco — payment processing (South Africa)
• Email providers — for transactional and support communications

Some of our service providers process data outside South Africa (e.g. Supabase, Vercel). Where this occurs, we ensure that adequate data protection measures are in place, consistent with the requirements of POPIA.

We retain your personal information for as long as necessary to provide our services and comply with legal obligations. Contact form submissions are retained for up to 3 years. Account data is retained for the duration of your relationship with us and for a reasonable period thereafter.

Under POPIA you have the right to:

• Access the personal information we hold about you
• Request correction of inaccurate information
• Request deletion of your information (subject to legal retention requirements)
• Object to the processing of your information
• Lodge a complaint with the Information Regulator

To exercise any of these rights, email popia@destinos.dev. We will respond within 30 days.

We implement appropriate technical and organisational measures to protect your personal information against unauthorised access, loss, or disclosure. These include encrypted connections (HTTPS), access controls, and regular security reviews.

We may update this Privacy Policy periodically. The updated policy will be posted on this page with a revised date. Continued use of the Website after changes are posted constitutes acceptance.