Back to Zeko

Privacy Policy

Last updated: May 2026

Zeko (“we”, “us”, or “our”) is committed to protecting your personal information in accordance with the Protection of Personal Information Act, 4 of 2013 (“POPIA”). This Privacy Policy explains what information we collect, why we collect it, and how you can exercise your rights.

1. Information We Collect

1.1 Account Information

When you register, we collect your email address, username, and a hashed version of your password. We do not store your password in plain text.

1.2 Seller Information

If you open a shop, we also collect your shop name, bio, profile picture, banner image, product listings, and banking details needed to process payouts.

1.3 Transaction Information

We collect order details, shipping addresses, and payment references. We use a third-party payment provider (Peach Payments) and do not store full card details ourselves.

1.4 Usage Information

We may collect information about how you use the Platform, including products viewed, saved, or purchased, in order to personalise your experience.

1.5 Communications

If you contact us or communicate with other users through the Platform (e.g., order messages), we collect the content of those communications.

2. How We Use Your Information

  • To create and manage your account.
  • To process orders, payments, and payouts.
  • To send transactional emails (order confirmations, shipping updates, verification codes).
  • To personalise your product feed and recommendations.
  • To send marketing communications, if you have opted in.
  • To detect and prevent fraud, abuse, and violations of our Terms.
  • To comply with legal obligations under South African law.

3. Legal Basis for Processing

We process your personal information on the following bases:

  • Contractual necessity — processing required to fulfil an order or provide the Platform.
  • Consent — marketing communications (you can withdraw at any time).
  • Legitimate interest — fraud prevention, security, and service improvement.
  • Legal obligation — compliance with South African law.

4. Sharing Your Information

We do not sell your personal information. We may share it with:

  • Sellers — your name and shipping address when you place an order.
  • Couriers — shipping details required to fulfil delivery.
  • Payment processors — Peach Payments, for processing payments.
  • Email service providers — Resend, for transactional and marketing emails.
  • Hosting and infrastructure — Vercel, Neon (database), and Cloudflare (file storage).
  • Regulators and law enforcement — when required by law.

All third-party providers are contractually bound to process your data only as instructed by us and in compliance with applicable privacy law.

5. Cookies and Tracking

We use session cookies to keep you logged in and to maintain your shopping cart. We do not currently use third-party advertising trackers. If this changes, we will update this policy and seek your consent where required.

6. Data Retention

We retain your personal information for as long as your account is active or as needed to provide services. Order and transaction records are kept for at least five years in accordance with South African financial record-keeping requirements. You may request deletion of your account at any time (see Section 8).

7. Security

We implement technical and organisational measures to protect your personal information, including password hashing, HTTPS encryption, and role-based access controls. No method of transmission over the internet is 100% secure; we cannot guarantee absolute security.

8. Your Rights Under POPIA

As a data subject, you have the right to:

  • Be notified that your information is being collected and processed.
  • Access the personal information we hold about you.
  • Correct inaccurate or outdated information.
  • Request deletion of your personal information (subject to legal retention requirements).
  • Object to the processing of your information for marketing purposes.
  • Lodge a complaint with the Information Regulator of South Africa.

To exercise any of these rights, please submit a request via our Help Centre. We will respond within 30 days.

9. Children's Privacy

Our Platform is not directed at children under the age of 18. We do not knowingly collect personal information from minors. If you believe a minor has provided us with personal information, please contact us and we will delete it promptly.

10. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you by email or via an in-app notice. The “Last updated” date at the top of this page reflects the most recent revision.

11. Contact and Information Officer

For any privacy-related queries or to exercise your POPIA rights, please reach out via our Help Centre.

Terms & ConditionsSeller TermsPrivacy PolicyShipping PolicyDelivery PolicyRefund Policy