Privacy Policy

1. Introduction

BlyNet (Pty) Ltd (Registration No. pending) (“BlyNet”, “we”, “us”, or “our”) operates the online accommodation marketplace accessible at blynet.io (the “Platform”). This Privacy Policy explains how we collect, use, store, share, and protect your personal information in compliance with the Protection of Personal Information Act 4 of 2013 (“POPIA”) and other applicable South African legislation.

By accessing or using the Platform, you acknowledge that you have read, understood, and agree to the practices described in this Privacy Policy. If you do not agree, please discontinue use of the Platform immediately.

2. Responsible Party

For the purposes of POPIA, the responsible party is:

3. Personal Information We Collect

We collect the following categories of personal information:

3.1 Information You Provide Directly

• Account registration: full name, email address, telephone number, and password.
• Host profile: display name, contact details, identity verification documents (where required), banking details for payouts, and property listing information.
• Booking information: check-in and check-out dates, number of guests, special requests, and payment details.
• Communications: messages exchanged between guests and hosts via the Platform, support tickets, and feedback.
• Verification documents: proof of address, identity documents, or other documents uploaded for verification purposes.

3.2 Information Collected Automatically

• Device and usage data: IP address, browser type, operating system, referring URLs, pages visited, time spent on pages, and click patterns.
• Cookies and similar technologies: session identifiers, preference cookies, and analytics cookies. See our Cookie Policy for details.
• Location data: approximate geographic location derived from your IP address.

3.3 Information from Third Parties

• Authentication providers: if you sign in using Google or another third-party provider, we receive your name, email address, and profile image as authorised by that provider.
• Payment processors: transaction confirmation data from PayFast, Ozow, or Stripe (we do not store full card numbers).

4. Purpose and Legal Basis for Processing

We process your personal information for the following purposes and on the following legal grounds under POPIA:

5. Sharing of Personal Information

We do not sell your personal information. We share personal information only in the following circumstances:

• Between guests and hosts: to facilitate bookings, we share relevant guest details with hosts and property details with guests.
• Payment processors: PayFast, Ozow, and Stripe process payments on our behalf under their own privacy policies.
• Service providers: we engage trusted third-party service providers for hosting (cloud infrastructure), email delivery, error monitoring, and analytics. These providers process data only on our instruction and under appropriate data-processing agreements.
• Legal requirements: we may disclose personal information if required by law, court order, or regulatory authority, or to protect the rights, property, or safety of BlyNet, its users, or the public.
• Business transfers: in the event of a merger, acquisition, or sale of assets, personal information may be transferred to the successor entity.

6. Cross-Border Transfers

Your personal information may be transferred to and processed in countries outside of South Africa where our service providers operate (e.g., cloud hosting providers). Where such transfers occur, we ensure that adequate safeguards are in place in accordance with section 72 of POPIA, including contractual protections and ensuring the recipient country provides an adequate level of data protection.

7. Data Retention

We retain personal information only for as long as necessary to fulfil the purposes for which it was collected, unless a longer retention period is required by law. Specifically:

• Active accounts: retained for the duration of your account and for 12 months following account closure or deletion.
• Booking and transaction records: retained for a minimum of 5 years to comply with South African tax legislation (Tax Administration Act 28 of 2011).
• Communications: retained for 3 years following the last interaction.
• Verification documents: retained for the duration of the host relationship plus 12 months.

Upon expiry of the applicable retention period, personal information is securely deleted or irreversibly anonymised.

8. Security Measures

We implement reasonable technical and organisational measures to protect your personal information, including:

• Encryption of data in transit (TLS/HTTPS) and sensitive data at rest.
• Secure authentication mechanisms including hashed passwords and optional two-factor authentication.
• Role-based access controls limiting data access to authorised personnel only.
• Regular security reviews and monitoring for unauthorised access.
• Secure storage of payment credentials by PCI-DSS compliant payment processors.

No method of electronic storage or transmission is 100% secure. While we strive to protect your personal information, we cannot guarantee absolute security.

9. Your Rights Under POPIA

As a data subject under POPIA, you have the right to:

• Access: request confirmation of whether we hold personal information about you and request a copy of such information.
• Correction: request correction or updating of inaccurate, incomplete, or misleading personal information.
• Deletion: request deletion or destruction of personal information that is no longer necessary for the purpose for which it was collected.
• Objection: object to the processing of your personal information on reasonable grounds.
• Restrict processing: request that we restrict the processing of your personal information in certain circumstances.
• Withdraw consent: where processing is based on consent, withdraw your consent at any time without affecting the lawfulness of prior processing.
• Data portability: request your personal information in a structured, commonly used format.
• Lodge a complaint: lodge a complaint with the Information Regulator (South Africa) if you believe your rights have been infringed.

To exercise any of these rights, please contact us at support@blynet.io. We will respond to your request within 30 days.

10. Children’s Privacy

The Platform is not intended for use by persons under the age of 18. We do not knowingly collect personal information from children. If we become aware that a child under 18 has provided personal information, we will take steps to delete such information promptly.

11. Cookies

We use cookies and similar tracking technologies to operate and improve the Platform. For comprehensive information about the cookies we use and how to manage your preferences, please refer to our Cookie Policy.

12. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will post the updated policy on this page and update the effective date. Where material changes are made, we will notify you by email or through a notice on the Platform. Your continued use of the Platform following the posting of changes constitutes your acceptance of such changes.

13. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

You may also lodge a complaint with the Information Regulator (South Africa):