Tumbo App Privacy Policy

1. Introduction

Tumbo App ("we," "us," or "our") is a community data collection and engagement mobile application designed to serve African communities. This Privacy Policy explains how we collect, use, disclose, and protect your personal information when you use our mobile application.

Our Commitment: We are committed to protecting your privacy and ensuring transparent data practices that comply with South African law, including the Protection of Personal Information Act (POPIA), and international standards including GDPR.

2. Information We Collect

2.1 Personal Information You Provide

When you register and use Tumbo App, we collect:

Registration and Profile Information:

• Full name and preferred name
• South African ID number or passport number (for non-SA citizens)
• Date of birth and gender
• Phone number and email address
• Physical address, ward, and municipality
• Profile photograph
• Emergency contact information

Category-Specific Information:

Depending on your selected category, we may collect additional information:

• Job Seekers: Employment history, skills assessment results, educational qualifications, CV and supporting documents, job preferences
• Students: Institution name, course details, academic year, funding source (NSFAS, bursary, private), support needs
• Local Informal Businesses: Business name and type, monthly revenue brackets, number of employees, operating hours and location
• Registered Businesses: Company registration number (CIPC validation), industry sector, compliance status, CSI projects, local hiring statistics, BEE certificates
• Community Organizations: Organization name and registration number, type (NGO, NPO, faith-based), areas of focus, current programs
• Other Categories: Relevant professional, agricultural, artistic, or mining information, skills, equipment, and resource details

2.2 Information Collected Automatically

Device Information:

• Device type, model, and operating system
• Unique device identifiers
• Mobile network information
• Screen resolution and app version

Usage Information:

• App features used and frequency
• Training video completion status
• Time spent in different sections
• Click patterns and navigation paths

Location Information (with your permission):

• GPS coordinates
• Network-based location data
• Address verification through IEC systems

Technical Information:

• IP address and network connection details
• Log files and error reports
• Performance metrics and crash data

2.3 Information from Third Parties

Government Verification Services:

• ID verification from Department of Home Affairs (DHA)
• Address validation from Independent Electoral Commission (IEC)
• Business verification from Companies and Intellectual Property Commission (CIPC)

Community Validation:

• Verification status from Community Chiefs and traditional authorities
• Peer verification from community members

3. How We Use Your Information

3.1 Primary Uses

• Platform Operation: Provide app access, enable category-specific dashboard functionality, support community data collection and validation
• Recommendations: Generate personalized opportunity recommendations, provide community trend insights
• Community Services: Match users with relevant opportunities, programs, and services; facilitate connections between community members
• Verification: Verify identity through government systems, enable community-based validation processes, maintain data quality
• Training: Track training video completion, send training reminders and deadlines

3.2 Communication

• Send notifications about opportunities and updates
• Provide customer support and troubleshooting
• Share community announcements
• Deliver system updates and important information

4. App Permissions

Tumbo App may request the following permissions:

• Camera: To capture profile photos and upload supporting documents
• Storage: To save and access uploaded documents and photos
• Location: To verify your address and connect you with local opportunities
• Internet: To sync data and access community services

We only access these features when necessary for app functionality. You can manage permissions in your device settings.

5. Information Sharing and Disclosure

5.1 Community and Stakeholder Sharing

• Field Agents: Access assigned user data for support and assistance
• Validators: See relevant verification information for community validation
• Aggregated Data: Government agencies and development organizations receive anonymized community trend data and demographics (no personal information)

5.2 Government Integration

• Identity verification data with Department of Home Affairs
• Address validation with Independent Electoral Commission
• Business information with Companies and Intellectual Property Commission
• Municipal service data with relevant local authorities

5.3 Legal Requirements

We may disclose personal information when required by law, including:

• Compliance with legal processes and court orders
• Protection of rights, property, and safety
• Investigation of fraud or security incidents

5.4 Third-Party Service Providers

We use trusted service providers who assist in app operation:

• Microsoft Azure cloud services for data hosting (South Africa)
• SMS and email service providers for communications
• Analytics providers for performance monitoring

All third-party providers are bound by strict data protection agreements and must comply with applicable privacy laws.

6. Third-Party Services

Tumbo App may use the following third-party services:

• Google Play Services: For app distribution and updates
• Firebase Analytics: For app performance and usage analytics
• Microsoft Azure: For cloud hosting and data storage

These services have their own privacy policies governing how they use data. We encourage you to review their policies.

7. Data Storage and Security

7.1 Data Storage Location

• Data is stored on Microsoft Azure servers located in South Africa
• Backup systems maintain copies within South African borders
• Data residency complies with POPIA requirements

7.2 Security Measures

• End-to-end encryption for data in transit (TLS 1.3)
• Advanced encryption for data at rest (AES-256)
• Multi-factor authentication for access controls
• Regular security audits and monitoring
• Secure data centers with 24/7 monitoring

Note: While we take reasonable measures to protect your data, no method of transmission over the internet is 100% secure.

7.3 Data Retention

• Personal Profile Data: Retained while account is active plus 7 years for compliance
• Training Records: Retained for 5 years for certification verification
• Analytics Data: Anonymized data retained indefinitely for research
• Communication Records: Retained for 2 years for support purposes

8. Your Privacy Rights

8.1 Access and Control Rights

• Right to Access: Request copies of all personal information we hold about you
• Right to Correction: Update incorrect or incomplete personal information
• Right to Deletion: Request deletion of personal information (with certain legal exceptions)
• Right to Restriction: Limit how we process your personal information
• Right to Data Portability: Download your personal profile information and export data

8.2 How to Exercise Your Rights

To exercise any of these rights, please contact us at info@emadevelopment.co.za with your request. We will respond within 30 days.

9. Children's Privacy

• Minimum age for account creation is 16 years
• Users under 18 require parental/guardian consent
• Parents can request access to minor's account information
• Guardians can manage privacy settings for dependents

We do not knowingly collect personal data from children under 16 without parental consent.

10. International Data Transfers

Your data is primarily stored and processed in South Africa. Limited data processing may occur outside South Africa for:

• Technical support and system maintenance
• Security monitoring and threat detection

When data is transferred outside South Africa, we ensure adequate protection through legal agreements and compliance with international privacy standards.

11. Cultural Sensitivity and Community Context

11.1 Traditional Authority Respect

• Recognition of customary law and traditional governance
• Community Chief involvement in data validation processes
• Respect for traditional decision-making structures

11.2 Language and Accessibility

This Privacy Policy is available in the following languages:

• English (primary legal version)
• isiZulu, isiXhosa, Afrikaans
• Sepedi, Setswana, Sesotho
• isiNdebele, siSwati, Tshivenda, Xitsonga
• Audio versions available in all supported languages

12. Security Breach Notification

In the event of a security breach affecting your personal data:

• You will be notified within 72 hours of confirmed breach
• Regulatory authorities will be informed as required by law
• We will provide clear communication about affected data and risks
• Guidance on protective actions you can take will be provided

13. Policy Updates and Changes

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements.

13.1 How We Notify You

• 30-day advance notice for significant policy changes
• Email notification to all active users
• In-app notifications and alerts
• Updated effective date and version number on this page

13.2 Your Acceptance

Continued use of Tumbo App after changes constitutes acceptance of the updated policy. You have the right to close your account if you disagree with changes.

14. Contact Information

15. Governing Law

This Privacy Policy is governed by the laws of the Republic of South Africa, including the Protection of Personal Information Act (POPIA) and other applicable privacy and data protection legislation.

16. Your Consent

By using the Tumbo App mobile application, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy.