PRIVACY POLICY
Privacy Policy | GetPrice
Last updated: 16 May 2026
This Privacy Policy explains how GetPrice (Pty) Ltd ("GetPrice", "we", "us", or "our") collects, uses, stores, shares, and protects your personal information in compliance with the Protection of Personal Information Act 4 of 2013 ("POPIA") and other applicable South African legislation.
This Privacy Policy applies to all users of the GetPrice platform, including our website, dashboard, and related services (collectively, the "Service"), and to visitors and prospects who interact with our marketing website at getprice.ai.
1. Responsible Party
In terms of POPIA, the responsible party for the processing of your personal information is:
GetPrice (Pty) Ltd
Registration Number: 2025/671182/07
Registered Address: Unit 10, Bolt Park, Bolt Avenue, Montague Gardens, Cape Town, Western Cape, South Africa
Email: privacy@getprice.ai
Website: https://www.getprice.ai
Information Officer
Byron Matthew van Rooyen (CEO), designated Information Officer in terms of POPIA s56(a).
Daniel Roberts (CTO), designated deputy Information Officer.
Email: informationofficer@getprice.ai
2. Information We Collect
2.1 Account Information
When you register for the Service, we collect:
- Full name and surname
- Email address
- Company name
- Contact telephone number (where provided)
- Job title or role (optional)
- Marketing communication preference (default: opt-out)
2.2 Usage Data
When you use the Service, we automatically collect:
- Dashboard access and activity logs
- Feature usage patterns (pages visited, actions taken)
- Session duration and frequency
2.3 Technical Data
We collect technical information including:
- IP address
- Browser type and version (from User-Agent header)
- Operating system (from User-Agent header)
- Device class (e.g. mobile / tablet / desktop, derived from User-Agent header)
We do not perform device fingerprinting.
2.4 Communications
We retain records of communications between you and GetPrice, including support requests, feedback, and billing enquiries.
2.5 Payment Information
GetPrice bills via manual EFT invoicing in South African Rand. We do not store credit card numbers or bank account details. We retain transaction records (invoice numbers, amounts, dates, references) for billing and tax compliance.
2.6 Marketing Website Visitors and Leads
When you submit a form on getprice.ai (lead capture, demo request, contact form), we collect the information you provide (typically name, email, company name, message) and a record of your submission. This information is personal information under POPIA. See clause 5 for how it is shared with our CRM subprocessor (HubSpot) and clause 6 for the cross-border-transfer mechanism.
2.7 What We Do NOT Collect
GetPrice does not scrape or collect personal information from retail websites. Our data collection from retailer websites is limited to publicly available, factual product information: product names, prices, images, and product page URLs. This product data does not constitute personal information as defined in POPIA.
3. Purpose of Processing
| Purpose | Description | Lawful Basis (POPIA) |
|---|---|---|
| Service Delivery | Providing access to the platform, delivering pricing data | Contractual necessity (s 11(1)(b)) |
| Account Management | Creating and managing your account, authentication | Contractual necessity (s 11(1)(b)) |
| Billing | Processing payments, issuing invoices | Contractual necessity (s 11(1)(b)) + Tax Administration Act (s 11(1)(c)) |
| Support | Responding to enquiries and troubleshooting | Contractual necessity (s 11(1)(b)) |
| Service Improvement | Analysing usage to improve features and performance | Legitimate interest (s 11(1)(f)) |
| Security | Detecting and preventing fraud and security incidents | Legitimate interest (s 11(1)(f)) + legal compliance (s 11(1)(c)) |
| Legal Compliance | Meeting statutory obligations (tax, regulatory) | Legal obligation (s 11(1)(c)) |
| Marketing | Product updates and promotional communications | Consent (s 11(1)(a) read with s 69), opt-out available |
| Lead Processing | Following up on marketing-site enquiries | Legitimate interest (s 11(1)(f)) for initial response; consent (s 11(1)(a)) for ongoing marketing |
4. Consent and Marketing Communications
Marketing communications (product updates, newsletters, promotional emails) are sent only where you have opted in. The opt-in mechanism is a default-off checkbox at signup and at lead capture. We record the consent timestamp and IP address for audit purposes.
You may withdraw consent at any time by:
- Clicking "unsubscribe" in any marketing email
- Emailing privacy@getprice.ai
- Updating communication preferences in your account settings
Withdrawal of consent does not affect the lawfulness of processing before withdrawal.
In limited circumstances permitted by POPIA s69(3), we may send marketing communications about similar GetPrice services to existing customers without fresh consent. We provide an opt-out opportunity at the point of collection of contact details from existing customers, and an opt-out link on every subsequent marketing communication.
5. Data Sharing
5.1 Service Providers (Subprocessors)
We use a limited number of service providers to operate the Service. The current, authoritative list, including each subprocessor's purpose, data category, region, and applicable data-processing agreement, is published at https://www.getprice.ai/subprocessors. We commit to giving Customers at least 30 days' notice of changes to material subprocessors handling personal information.
Categories of subprocessor currently in use:
| Category | Region | Personal Information Involved |
|---|---|---|
| Cloud Infrastructure (Google Cloud Platform) | africa-south1 (Johannesburg, South Africa) | All Customer account data; all dashboard activity |
| Transactional Email Service (Resend) | See Subprocessors page | Email recipient address; email content |
| Marketing CRM (HubSpot) | United States | Lead capture form data (name, email, company, message) |
| Frontend Hosting (Vercel) | United States (global edge POPs) | Request logs (IP, user agent); no personal data at rest |
| LLM Extraction (DeepSeek, OpenAI) | See Subprocessors page; OpenAI is United States | No personal information. Only HTML scraped from retailer websites is sent. |
| Proxy Rotation (GoProxies) | South African exit IPs | No personal information. Used for retailer-bound HTTP requests only. |
| Marketing Site Analytics (ContentSquare, consent-gated) | See Subprocessors page | Pseudonymous session and interaction data |
All service providers are contractually bound by Data Processing Agreements (or equivalent terms) to process personal information only on our instructions and in accordance with POPIA.
5.2 No Sale of Personal Information
GetPrice does not sell, rent, or trade your personal information to any third party.
5.3 Legal Disclosure
We may disclose personal information where required by law, including in response to valid court orders, to protect rights and safety, or in connection with a merger or acquisition.
6. Cross-Border Transfers
Your personal information is primarily stored in South Africa (GCP africa-south1, Johannesburg). Two categories of cross-border transfer occur:
6.1 HubSpot (United States)
Lead-capture data submitted via getprice.ai is transferred to HubSpot, Inc., in the United States. This transfer complies with POPIA s72(1)(a) on the basis of HubSpot's published Data Processing Addendum incorporating Standard Contractual Clauses, which we have executed. A reference copy of the executed DPA is available on request to privacy@getprice.ai.
6.2 Transactional Email and Frontend Hosting
Email delivery and frontend hosting are operated by subprocessors located outside South Africa. Personal information transferred is limited to that necessary to deliver an email (recipient address, content) or serve a webpage (request logs). Each subprocessor is bound by its standard Data Processing Agreement, which we treat as the s72(1)(a) compliance mechanism.
We do not transfer scraped product data or proxy traffic across borders for any purpose involving personal information. These flows do not contain personal information.
7. Data Retention
| Data Category | Retention Period | Basis |
|---|---|---|
| Account Information | Active subscription + 2 years | Contractual + claims limitation. The 2-year tail addresses potential claims within the 3-year general prescription period under the Prescription Act 68 of 1969. |
| Usage and Technical Logs | 12 months | Security, debugging |
| Billing Records | 5 years from transaction | Tax Administration Act |
| Communications | Active subscription + 2 years | Contractual + claims limitation |
| Marketing-Site Leads (HubSpot) | 3 years from last interaction | Legitimate interest |
| Scraped Product Data | Indefinite (non-personal information) | Not subject to POPIA retention rules |
Upon account closure, data may be exported on written request to support@getprice.ai (per Terms of Service clause 7.4); the export is delivered within 5 business days and remains available for 30 days from delivery. Following the export window, personal information is deleted within 90 days, except where retention is legally required (e.g. billing records under the Tax Administration Act). Subject access and other rights requests under POPIA are made to privacy@getprice.ai (see clause 8).
8. Your Rights
Under POPIA, you have the right to:
- Access (s 23): request confirmation and copies of your personal information
- Correction (s 24): request correction of inaccurate information
- Deletion (s 24): request deletion when no longer necessary
- Object (s 11(3)): object to processing on reasonable grounds
- Object to direct marketing (s 69): opt out of marketing at any time
- Complain (s 74): lodge a complaint with the Information Regulator
8.1 How to Exercise Your Rights
To exercise your rights, email privacy@getprice.ai with the subject "DSAR". To protect your information against impersonation, requests must come from the email address registered on your GetPrice account; for non-account holders, we may request additional verification (e.g. a copy of identification) before disclosing personal information.
We will:
- Acknowledge your request within 5 business days.
- Verify your identity.
- Respond substantively within 30 calendar days of acknowledgement.
We do not currently charge a fee for DSAR requests. If your request is refused or you are dissatisfied with our response, you may complain to the Information Regulator.
8.2 Information Regulator (South Africa)
Address: JD House, 27 Stiemens Street, Braamfontein, Johannesburg, 2001
Email: complaints.IR@inforegulator.org.za
Website: https://inforegulator.org.za
9. Security
We implement reasonable technical and organisational measures, including:
- Encryption in transit (TLS 1.2+) for all access to the Service
- Encryption at rest (GCP-managed AES-256) for the Cloud SQL database, Cloud Storage objects (including product images), and GCP-managed backups
- Access on a need-to-know basis among GetPrice personnel, with administrative access restricted to a small number of authorised individuals; role-based access controls for the platform are being progressively enforced as the team grows
- Audit logging of database changes and external service calls; ongoing improvements to read-access audit
- Documented incident-response procedures (internal runbook maintained by the Information Officer)
No method of electronic storage is completely secure. We cannot guarantee absolute security and we describe our control posture honestly so that you can make an informed decision.
10. Data Breach Notification
In accordance with POPIA section 22, if personal information is accessed by an unauthorised person, we will notify the Information Regulator and affected data subjects as soon as reasonably possible, with a target of within 72 hours of confirmation of the breach. In line with POPIA s22(5), our notification will include:
- a description of the breach;
- the possible consequences of the breach for the affected data subjects;
- the measures we have taken or intend to take to address the breach;
- recommendations for data subjects to mitigate possible adverse consequences; and
- the identity of the unauthorised person, if known.
The internal breach-response procedure is maintained by the Information Officer and is regularly reviewed.
11. Cookies and Similar Technologies
The GetPrice website and Service use cookies and similar technologies in three categories:
- Strictly Necessary: session management, authentication, security. These are required for the Service to function and are set without consent on the basis of contractual necessity (POPIA s 11(1)(b)).
- Analytics (consent-gated): marketing-site analytics, including session-level behavioural analytics. These cookies are set only after you give consent via the cookie banner. You can withdraw consent at any time via the cookie settings link in the website footer.
- Marketing: not currently used.
We do not allow third-party advertising cookies.
12. Changes to This Policy
We will provide at least 30 days' notice of material changes by email to account holders and by publishing the updated Privacy Policy on the Service. Continued use after the effective date constitutes acceptance. For visitors who are not account holders, the version of this Privacy Policy published at https://www.getprice.ai/privacy at the time of your visit governs.
13. Contact
GetPrice (Pty) Ltd
Privacy enquiries: privacy@getprice.ai
Information Officer: informationofficer@getprice.ai (Byron Matthew van Rooyen, CEO and sole director)
Deputy Information Officer: Daniel Roberts (CTO)
Registered Address: Unit 10, Bolt Park, Bolt Avenue, Montague Gardens, Cape Town, Western Cape, South Africa