Legal

Privacy
Policy

Last updated: 1 April 2026

POPIA Compliant — Protection of Personal Information Act 4 of 2013

opendays.co.za is committed to protecting your privacy and handling your personal information responsibly in accordance with POPIA and all applicable South African legislation. This policy explains exactly what we collect, how we use it, and what rights you have.

Jump to section

Who We ArePersonal Information We CollectHow We Use Your InformationYour Rights Under POPIAWho We Share Your Information WithHow Long We Keep Your DataCookies & TrackingHow We Protect Your DataMinors & Learner PrivacyChanges to This Policy

1. Who We Are

opendays.co.za is operated by OpenDays (Pty) Ltd, a South African company. We provide a centralised online marketplace connecting Grade 10–12 learners with tertiary institutions hosting open days across South Africa. Contact us: • Email: hello@opendays.co.za • WhatsApp: +27 72 893 2456 • Address: South Africa (remote-first)

2. Personal Information We Collect

For Learners

  • Full name, email address, phone number
  • Province, school grade (10, 11 or 12)
  • WhatsApp opt-in status
  • Events saved, open days attended virtually
  • Application tracking data (Learner Pro)

For Institutions

  • Institution name, type and province
  • Contact person name and email
  • WhatsApp Business number
  • Website URL (optional)
  • Open day listings and event data
  • Broadcast and inbox message history

Automatically Collected

  • IP address and approximate location
  • Browser type and device information
  • Pages visited and session duration
  • QR code scan events

3. How We Use Your Information

  • Create and manage your account on opendays.co.za
  • Match learners with relevant open days based on province and grade
  • Send event reminders via email or WhatsApp (where opted in)
  • Facilitate WhatsApp connections between learners and institutions
  • Generate anonymous platform-wide analytics for institutions
  • Process payments and activate subscription plans
  • Communicate platform updates and policy changes
  • Comply with legal obligations under South African law

4. Your Rights Under POPIA

The Protection of Personal Information Act 4 of 2013 (POPIA) grants you the following rights as a data subject:

Right to Access

Request a copy of all personal information we hold about you.

Right to Correction

Ask us to correct inaccurate or incomplete personal information.

Right to Deletion

Request that we delete your personal information, subject to legal retention requirements.

Right to Object

Object to the processing of your personal information for direct marketing purposes.

Right to Withdraw Consent

Withdraw consent at any time where processing is based on your consent (e.g. WhatsApp opt-in).

Right to Lodge a Complaint

File a complaint with the Information Regulator at www.justice.gov.za/inforeg/ if you believe your rights have been violated.

To exercise any of these rights, email us at hello@opendays.co.za. We will respond within 30 calendar days.

5. Who We Share Your Information With

  • Institutions you interact with (name and WhatsApp number, when you initiate contact)
  • Supabase (our database and authentication provider, hosted in Europe)
  • Payment processors (PayFast, for processing institution subscription payments)
  • Email service providers (for transactional emails such as account confirmation)
  • Google Analytics (anonymised usage statistics — no personal identifiers)

We do not sell your personal information to any third party. We do not share your information with advertisers.

6. How Long We Keep Your Data

  • Learner accounts: retained for 3 years after last login, then automatically deleted unless you request earlier deletion
  • Institution accounts: retained for 5 years after account closure for financial record-keeping requirements
  • Event and analytics data: aggregated and anonymised after 2 years
  • WhatsApp message logs: retained for 12 months then purged
  • Payment records: retained for 7 years as required by South African tax law

7. Cookies & Tracking

We use minimal cookies on opendays.co.za:

  • Session cookies — required for login and authentication (cannot be disabled)
  • Preference cookies — remember your language and province filter settings
  • Analytics cookies — Google Analytics 4, anonymised, no personal identifiers

We do not use advertising cookies or third-party tracking pixels.

8. How We Protect Your Data

  • All data is encrypted in transit using TLS 1.3
  • Passwords are hashed using bcrypt — we cannot see your password
  • Database access is restricted via Row Level Security (RLS) policies
  • Two-factor authentication is available for all accounts
  • Regular automated backups with point-in-time recovery

9. Minors & Learner Privacy

opendays.co.za serves learners from Grade 10 (typically age 15–16) and older. We take the protection of minors' data seriously. Learners under the age of 18 are encouraged to inform a parent or guardian that they are registering on this platform. We do not knowingly collect sensitive data from users under 13 years of age. If you believe a minor under 13 has registered without parental consent, please contact us immediately at hello@opendays.co.za.

10. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or South African law. When we make material changes, we will: • Update the "Last Updated" date at the top of this page • Send a notification email to all registered users • Display a notice on the platform for 30 days Continued use of opendays.co.za after any changes constitutes acceptance of the updated policy.

Privacy Questions or Requests?

For any POPIA-related requests — access, correction, deletion or complaints — contact our Information Officer:

hello@opendays.co.za +27 72 893 2456
Terms of Service·← Back to Home
WhatsApp UsFind Open Days