Effective Date: 11 March 2026
1. Introduction
Marks397 Solution ("Marks397," "we," "our," or "us") operates the Marks397 Community mobile application ("the App"). This Privacy Policy explains how we collect, use, store, disclose, and protect your personal information in compliance with the Protection of Personal Information Act 4 of 2013 (POPIA) and applicable South African law.
By downloading, installing, or using the App, you consent to the collection and processing of your personal information as described in this Privacy Policy.
2. Responsible Party
3. Information We Collect
3.1 Information You Provide Directly
- Display name when posting comments on newsletters
- Donor name and phone number when making donations through fundraising campaigns
- Newsletter content preferences (categories, languages, location scope)
- Accessibility settings (font size, high contrast mode)
3.2 Information Collected Automatically
- Device Identifiers: We generate anonymous device identifiers stored locally on your device for analytics and newsletter personalisation purposes. These are randomly generated strings and are not linked to your device's hardware identifiers.
- Push Notification Tokens: When you grant notification permission, we receive a Firebase Cloud Messaging (FCM) token to deliver push notifications. We store this token on our servers alongside your device platform (Android) and app type.
- Location Data: With your permission, we use your device's geolocation to determine your South African province (Gauteng, Western Cape, KwaZulu-Natal, Eastern Cape, Free State, Limpopo, Mpumalanga, North West, or Northern Cape). This data is cached locally on your device for up to 7 days and is used solely for regional content relevance and aggregated analytics. We do not store your precise GPS coordinates on our servers.
- Usage Analytics: We collect anonymised usage data including pages viewed, scroll depth, time spent on pages, advertisement impressions and clicks, and general engagement events. This data is transmitted in batches to our servers for service improvement.
- Session Data: A temporary session identifier is generated each time you open the App. This is not stored permanently.
3.3 Information We Do Not Collect
- We do not collect your real name, surname, email address, or ID number unless you voluntarily provide it (e.g., when making a donation).
- We do not access your contacts, call logs, SMS messages, or files.
- We do not record audio or video.
- We do not track your location continuously or in the background.
4. Permissions
The App requests the following device permissions:
| Permission | Purpose | Required |
| Internet | To load content, newsletters, and communicate with our servers | Yes |
| Camera | To scan QR codes for worker/staff verification | Optional |
| Notifications | To receive community alerts, event reminders, safety notifications, and newsletter updates | Optional |
| Location | To determine your province for relevant content delivery | Optional |
You may deny any optional permission. The App will continue to function with reduced functionality. You can change permission settings at any time through your device's Settings > Apps > Marks397 Community.
5. How We Use Your Information
We process your personal information for the following lawful purposes:
- Service Delivery — To provide newsletters, community information, event listings, safety alerts, company directories, and worker verification services.
- Personalisation — To display content relevant to your province and preferred categories and languages.
- Notifications — To send push notifications about new newsletters, events, safety alerts, and donation confirmations.
- Analytics and Improvement — To understand how the App is used, identify popular content, and improve the user experience. All analytics data is aggregated and anonymised.
- Fundraising — To process and record donations, generate blockchain-verified receipts, and facilitate accountability in school fundraising campaigns.
- Security — To verify field workers and service providers through QR code scanning and maintain the integrity of our platform.
6. Legal Basis for Processing (POPIA)
We process your personal information on the following grounds under POPIA:
- Consent (Section 11(1)(a)): You consent to processing when you use the App and grant optional permissions.
- Legitimate Interest (Section 11(1)(f)): We process anonymised analytics data to improve our services.
- Contractual Necessity (Section 11(1)(b)): Processing donation data is necessary to fulfil the fundraising transaction.
7. Data Storage and Security
- Your data is stored on secure servers protected by HTTPS/TLS encryption in transit.
- Certain transaction records (e.g., donations) are secured using blockchain technology, providing tamper-proof verification.
- Local data stored on your device (preferences, device identifiers, notification history) is kept in your device's application storage and is deleted when you uninstall the App.
- We implement industry-standard technical and organisational measures to protect your information against unauthorised access, alteration, disclosure, or destruction, including:
- Encryption of data in transit (TLS/SSL)
- Content Security Policy (CSP) headers
- Access controls limiting personnel who can view personal data
- Regular security assessments
8. Data Retention
| Data Type | Retention Period |
| Analytics events | 12 months, then aggregated/anonymised |
| Push notification tokens | Until you uninstall the App or revoke permission |
| Donation records | 5 years (legal/financial compliance) |
| Newsletter comments | Indefinitely, or until you request deletion |
| Location (province) cache | 7 days on device only |
| Device identifiers | Until you clear app data or uninstall |
9. Sharing and Disclosure
We do not sell, rent, or trade your personal information.
We may share information with:
- Firebase (Google): Push notification delivery tokens are processed through Google Firebase Cloud Messaging. Google's privacy policy applies: https://policies.google.com/privacy
- Partner Organisations: Aggregated, non-identifying analytics may be shared with content partners (e.g., schools, community organisations) to measure content reach.
- Law Enforcement: We may disclose information if required by South African law, court order, or to protect the safety of our users.
We do not transfer personal information outside the Republic of South Africa unless adequate safeguards are in place as required by Section 72 of POPIA.
10. Third-Party Services
| Service | Provider | Purpose | Privacy Policy |
| Firebase Cloud Messaging | Google LLC | Push notifications | Link |
| Firebase Installations | Google LLC | App instance identification | Link |
11. Children's Privacy
The App is not directed at children under the age of 18. We do not knowingly collect personal information from children. The App may be used by parents and guardians on behalf of their children for school-related activities. If we become aware that we have collected personal information from a child without parental consent, we will take steps to delete that information.
12. Your Rights Under POPIA
As a data subject under the Protection of Personal Information Act, you have the right to:
- Access — Request confirmation of whether we hold your personal information and request a copy thereof (Section 23).
- Correction — Request correction or deletion of inaccurate, irrelevant, excessive, out-of-date, incomplete, misleading, or unlawfully obtained personal information (Section 24).
- Deletion — Request destruction or deletion of your personal information if it is no longer necessary for the purpose for which it was collected (Section 24).
- Object — Object to the processing of your personal information on reasonable grounds (Section 11(3)).
- Withdraw Consent — Withdraw your consent to processing at any time. This will not affect the lawfulness of processing prior to withdrawal.
- Lodge a Complaint — Lodge a complaint with the Information Regulator of South Africa:
To exercise any of these rights, contact us at support@marks397.co.za. We will respond within 30 days.
13. How to Delete Your Data
To delete all data associated with your device:
- Uninstall the App from your device (removes all local data, preferences, and device identifiers).
- Email support@marks397.co.za with "Data Deletion Request" in the subject line to request removal of server-side data associated with your device.
We will process deletion requests within 30 days and confirm completion by email.
14. Cookies and Local Storage
The App uses local storage (not browser cookies) to store:
- Anonymous device identifiers for analytics
- Your newsletter preferences and reading history
- Notification inbox
- Event reminders
- Display settings (font size, contrast)
This data is stored exclusively on your device and is not accessible by third parties.
15. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. Material changes will be communicated through an in-app notification. The "Effective Date" at the top will be updated accordingly. Continued use of the App after changes constitutes acceptance of the updated policy.
16. Contact Us
For questions, concerns, or requests regarding this Privacy Policy or your personal information: