Privacy Policy
Last updated: 13 July 2026
1. Who we are
Crypto 4 Rands ("we", "us", "our") operates the website at crypto4rands.co.za and provides a South African rand (ZAR) on/off-ramp for buying and selling Bitcoin (BTC), Ethereum (ETH) and Tether (USDT). This policy explains what personal information we collect, why we collect it, and your rights under the Protection of Personal Information Act, 2013 (POPIA).
2. Information we collect
- Account details: name, email address, password (hashed).
- Identity & compliance (KYC): ID number, ID/passport image, proof of address, selfie — collected when required by our compliance policy or by South African financial regulations.
- Transaction data: deposit references, bank account details, crypto wallet addresses, order history, amounts.
- Support data: messages you send us, attachments, ticket history.
- Device & usage data: IP address, browser type, device identifiers, push-notification tokens (if you install our mobile app), pages visited, referrer URL.
- Cookies & analytics: see section 8 below.
3. How we use your information
- To create and secure your account.
- To process your buy/sell orders and settle payments.
- To meet our legal obligations (AML/CFT, tax, FSCA CASP requirements).
- To send transactional emails (order updates, deposit confirmations, security notices).
- To answer support tickets and improve the service.
- To detect and prevent fraud, abuse and unauthorised access.
- With your consent, to show relevant marketing and measure ad performance.
4. Legal basis
We process your information under one or more of: your consent, performance of a contract with you, compliance with a legal obligation, and our legitimate interests in operating a secure exchange.
5. Sharing with third parties
We do not sell your personal information. We share it only with service providers who help us run the platform, under written agreements:
- Cloud hosting, database and authentication provider (Lovable Cloud / Supabase).
- Email delivery provider (for transactional and support email).
- Push-notification provider (Firebase Cloud Messaging / APNs) for the mobile app.
- Analytics and advertising providers (Google Analytics, Google Ads) — only if you consent to non-essential cookies.
- Banks and payment partners for EFT settlement.
- Regulators, law enforcement or courts where legally required.
6. Data retention
We keep account and transaction records for as long as your account is active and for at least five (5) years after closure, as required by South African financial-services record-keeping rules. Support conversations and marketing preferences are kept while relevant and then deleted or anonymised.
7. Security
We use encryption in transit (HTTPS), encrypted storage, row-level security on our database, hashed passwords, and access controls. No system is 100% secure — please use a strong, unique password and enable device security.
9. Your rights (POPIA)
- Access — request a copy of the personal information we hold about you.
- Correction — ask us to fix inaccurate information.
- Deletion — ask us to delete information we are not legally required to keep.
- Objection / withdrawal of consent — you can withdraw marketing consent at any time.
- Complaint — you can lodge a complaint with the Information Regulator (South Africa) at inforegulator.org.za.
10. Children
Our service is not intended for anyone under 18. We do not knowingly collect information from children.
11. Changes to this policy
We may update this policy from time to time. Material changes will be posted here and, where appropriate, notified by email.
12. Contact us
Questions or requests: support@crypto4rands.co.za — or open a ticket from the Support tab in your account.
