Privacy Policy

Sputnik Devs (Pty) Ltd is a software development company based at 292 Surrey Avenue, Randburg, Johannesburg, South Africa. We provide the following services:

• E-Commerce Platform — Fully managed, auto-deployed e-commerce storefronts hosted on DigitalOcean.
• Hostel Management System — A cloud-based hostel administration platform hosted on Microsoft Azure, deployed after a manual quotation and contract process.
• Custom Software Development — Bespoke web, mobile, desktop, and AI-powered applications built to your specifications.

For the purposes of the Protection of Personal Information Act (POPIA), Sputnik Devs is the responsible party for the personal information we collect through this website and our platforms.

2.1 Information You Provide

• Account registration: Full name, email address, company name (optional), phone number, and password.
• E-Commerce subscription checkout: Store name, preferred domain, server region selection, and billing information.
• Hostel Management quotation requests: Institution/university name, contact person, email, phone, number of beds, number of residences, and additional details.
• Custom development enquiries: Name, email, company, inquiry type, project description, and budget range.
• Contact forms: Name, email, subject, and message content when you reach out to us.
• Admin demo requests: Name, email, and company details when requesting a product demonstration.

2.2 Information Collected Automatically

• Session data: Authentication tokens and session identifiers to keep you logged in.
• Usage data: Pages visited, features used, and interaction patterns with the platform.
• Device information: Browser type, operating system, screen resolution, and IP address.
• reCAPTCHA data: We use Google reCAPTCHA Enterprise to protect forms from abuse, which may collect device and interaction data.

2.3 Information from Third Parties

• Payment processor (Paystack): Transaction status, customer codes, subscription status, and payment confirmation — but not your full card details.

We use your personal information for the following purposes:

We will not use your personal information for purposes unrelated to those listed above without obtaining your prior consent.

We store the following payment-related information:

• Paystack customer and subscription reference codes
• Transaction references and payment status
• Billing cycle and amounts charged
• Payment failure and retry records for subscription management

We do not sell, trade, or rent your personal information. We share data only with the following categories of service providers, strictly for the purposes of delivering our services:

• Paystack — Payment processing and subscription management (e-commerce platform).
• DigitalOcean — Cloud infrastructure for hosting e-commerce stores.
• Microsoft Azure — Cloud infrastructure for hosting hostel management systems (South Africa data centre), including Azure SQL for database services.
• GitHub — Automated deployment pipelines (CI/CD) for provisioning and managing stores and applications.
• Google (reCAPTCHA Enterprise) — Bot protection and abuse prevention on forms.
• Email service providers — Transactional emails (payment confirmations, credentials, quotations, retention communications).

We may also disclose your information if required by law, court order, or to protect the rights, property, or safety of Sputnik Devs, our users, or the public.

• Your account data is stored on secure, managed database services.
• Your e-commerce store data is hosted on dedicated DigitalOcean servers in your selected region.
• Hostel management system data is hosted on Microsoft Azure in South Africa, with Azure SQL automatic backups and geo-redundant storage.
• Custom software projects are hosted according to the hosting arrangement specified in your project contract.
• All data in transit is encrypted using SSL/TLS (HTTPS).
• Passwords are hashed and never stored in plain text.
• We implement account lockout protection to prevent brute-force attacks.
• Session tokens are used for authentication and are securely managed.

While we take reasonable steps to protect your data, no method of electronic storage or transmission is 100% secure. We cannot guarantee absolute security.

We use the following types of cookies and local storage:

• Essential cookies: Required for session management, authentication, and core functionality.
• Preference cookies: Store your display preferences such as dark/light theme selection.
• Security cookies: Google reCAPTCHA Enterprise cookies for bot protection.

We do not use advertising cookies or third-party tracking cookies for marketing purposes.

Under the Protection of Personal Information Act (POPIA) of South Africa, you have the right to:

• Access — Request a copy of the personal information we hold about you.
• Correction — Request that inaccurate or incomplete information be corrected or updated.
• Deletion — Request deletion of your personal information, subject to legal retention requirements.
• Objection — Object to the processing of your personal information for specific purposes.
• Restriction — Request that we restrict the processing of your data in certain circumstances.
• Data portability — Request your data in a structured, commonly used format.
• Withdraw consent — Withdraw your consent to data processing at any time (this will not affect the lawfulness of processing prior to withdrawal).

To exercise any of these rights, please contact us at sputnikdevs@sputnikdevs.com. We will respond within 30 days of receiving your request.

If you are not satisfied with our response, you may lodge a complaint with the Information Regulator of South Africa:

• Active subscriptions (E-Commerce): Your data is retained for the duration of your subscription.
• Active contracts (Hostel Management): Your data is retained for the duration of your service agreement, including daily backups maintained by Microsoft Azure.
• Custom software projects: Project data is retained as specified in your project contract. Source code and deliverables are handed over upon project completion.
• After cancellation (E-Commerce): Store data is retained for 30 days to allow reactivation, then permanently deleted.
• After contract termination (Hostel): Data is retained for a reasonable period as agreed upon in your contract, then securely deleted.
• After payment failure (E-Commerce): A 7-day grace period followed by a 30-day retention period (37 days total), after which all data is permanently deleted.
• Account data: Basic account information may be retained for a reasonable period for legal, tax, and auditing purposes.
• Communication records: Support, contact form submissions, and quotation requests may be retained for up to 24 months.

For full details on the subscription lifecycle and data deletion timeline, please see our Terms of Service.

Our Platform is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from minors. If we become aware that we have collected data from a child under 18, we will take steps to delete that information promptly.

We may update this Privacy Policy from time to time. Material changes will be communicated via email or a prominent notice on our website. The "Last updated" date at the top of this page indicates when the policy was last revised.

If you have questions about this Privacy Policy or wish to exercise your data protection rights, please contact our designated Information Officer:

You may also lodge a complaint with the Information Regulator (South Africa) if you believe your personal information has been mishandled: