Privacy Policy

Last updated: 27 March 2026

1. Introduction

RubyCheck is a product of Rubynet (Pty) Ltd ("we", "us", "our"), a company registered in the Republic of South Africa. We are committed to protecting your personal information in accordance with the Protection of Personal Information Act 4 of 2013 (POPIA) and other applicable South African legislation.

This Privacy Policy explains what personal information we collect, why we collect it, how we use and protect it, and what rights you have as a data subject.

2. Information Officer

In terms of POPIA, our designated Information Officer is responsible for ensuring compliance with this policy:

Organisation: Rubynet (Pty) Ltd

Email: [email protected]

Postal Address: Rubynet (Pty) Ltd, South Africa

3. Personal Information We Collect

We collect and process the following categories of personal information:

3.1 Account Information

  • Full name
  • Email address
  • Phone number
  • Password (stored as a one-way cryptographic hash)
  • Organisation or company name

3.2 Property and Inspection Data

  • Property addresses (street address, suburb, city, province, postal code)
  • Property type and descriptions
  • Inspection checklists, condition ratings, and notes
  • Photographs taken during inspections
  • Meter readings (electricity, water, gas)
  • Landlord and tenant names, email addresses, and phone numbers

3.3 Signature Data

  • Digital signature images
  • IP address and browser user agent at time of signing
  • Timestamp of each signature

3.4 Payment Information

  • Billing email address
  • Subscription plan and payment history
  • PayFast subscription tokens (we do not store credit card numbers, bank account details, or CVV codes)

3.5 Technical Data

  • IP address
  • Browser type and version
  • Device type
  • Pages visited and actions taken within the application

4. Purpose of Processing

We process your personal information for the following purposes:

  • To create and manage your user account
  • To provide the RubyCheck inspection management service
  • To generate inspection reports and PDF documents
  • To facilitate digital signatures between landlords and tenants
  • To process subscription payments via PayFast
  • To send transactional emails (verification, password reset, inspection notifications)
  • To send inspection reports and signing links via WhatsApp (when enabled)
  • To maintain an audit trail for legal compliance
  • To improve and maintain the security of our service
  • To comply with legal and regulatory obligations

5. Legal Basis Under POPIA

We process personal information based on the following lawful grounds as defined in Section 11 of POPIA:

  • Consent: You consent to the processing of your personal information when you register an account and accept these terms.
  • Contract: Processing is necessary to perform the service you have subscribed to.
  • Legal obligation: We may process data to comply with South African law, including the Rental Housing Act and the Electronic Communications and Transactions Act (ECTA).
  • Legitimate interest: We process certain data (e.g., usage analytics, audit logs) to maintain service quality and security.

6. How We Store and Protect Your Data

We take the security of your personal information seriously and implement appropriate technical and organisational measures:

  • All data is hosted on servers located in South Africa
  • Data is encrypted in transit using TLS/SSL (HTTPS)
  • Passwords are stored using bcrypt one-way cryptographic hashing
  • Database access is restricted and protected by firewalls
  • Uploaded files (photos, signatures) are stored in access-controlled directories
  • Session tokens and authentication data are securely managed using industry-standard practices
  • We conduct regular security reviews of our infrastructure

7. Third-Party Service Providers

We share personal information with the following third-party service providers, solely for the purposes described above:

SMTP2GO — Email delivery service

Used to send transactional emails such as account verification, password resets, and inspection notifications. Receives recipient email addresses and email content.

PayFast — Payment gateway

Used to process subscription payments in South African Rands. Receives billing email and payment details. PayFast is a South African payment provider subject to local data protection laws.

WhatsApp (via Baileys) — Messaging

Used to send inspection reports and signing links when the user opts in. Receives recipient phone numbers and message content.

We do not sell, rent, or trade your personal information to any third party for marketing purposes.

8. Your Rights as a Data Subject

Under POPIA, you have the following rights regarding your personal information:

  • Right of access: You may request confirmation of whether we hold personal information about you and request access to that information.
  • Right to correction: You may request that we correct or update any inaccurate personal information.
  • Right to deletion: You may request that we delete your personal information, subject to any legal obligations requiring retention.
  • Right to object: You may object to the processing of your personal information on reasonable grounds.
  • Right to data portability: You may request that your inspection data be exported in a standard format.
  • Right to withdraw consent: You may withdraw your consent to processing at any time, although this may affect your ability to use the service.

To exercise any of these rights, please contact our Information Officer at [email protected]. We will respond to your request within 30 days.

9. Cookies and Tracking

RubyCheck uses the following cookies, which are essential for the service to function:

  • Session cookies: Used to maintain your authentication state while you are logged in.
  • Security cookies: Used to prevent cross-site request forgery (CSRF) attacks.

We do not use third-party tracking cookies, advertising cookies, or analytics cookies that track you across other websites.

10. Data Retention

We retain personal information for the following periods:

  • Account data: Retained for the duration of your account, plus 12 months after account deletion to allow for reactivation.
  • Inspection reports and photos: Retained for 5 years after creation, in line with the Rental Housing Act requirements for record keeping.
  • Signature data: Retained for 5 years after creation, as required for legal evidentiary purposes under ECTA.
  • Payment records: Retained for 5 years as required by the Tax Administration Act.
  • Audit logs: Retained for 3 years.
  • Technical logs: Retained for 90 days.

After the retention period expires, data is permanently deleted or anonymised.

11. Complaints

If you believe that we have not handled your personal information in accordance with POPIA, you have the right to lodge a complaint with:

The Information Regulator (South Africa)

JD House, 27 Stiemens Street, Braamfontein, Johannesburg, 2001

P.O. Box 31533, Braamfontein, Johannesburg, 2017

Email: [email protected]

Tel: 010 023 5207

We encourage you to contact us first at [email protected] so that we can attempt to resolve your concern directly.

12. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable law. We will notify you of any material changes by email or by posting a prominent notice on our website. Your continued use of RubyCheck after such changes constitutes acceptance of the updated policy.

13. Contact Us

If you have any questions about this Privacy Policy or how we handle your personal information, please contact us:

Rubynet (Pty) Ltd

Email: [email protected]

General enquiries: [email protected]

← Back to home