HAP

Help A Plumber

Privacy Policy

Last updated: 13 May 2026 · Terms of Use

POPIA Notice:HAP processes personal information in accordance with the Protection of Personal Information Act 4 of 2013 (“POPIA”). You have the right to access, correct, and request deletion of your personal information. Contact us at info@hapsa.co.za.

1. Who We Are

HAP (Help A Plumber) is operated by Justin Deacon, Gqeberha (Port Elizabeth), Eastern Cape, South Africa (“HAP”, “we”, “us”). We are the responsible party for your personal information as defined under POPIA.

Contact: info@hapsa.co.za

2. What We Collect

For plumbing contractors (registered users):

  • Full name, mobile number, and email address (for account creation and OTP login)
  • Business name, address, registration number, and IOPSA/PIRB number
  • Bank account details (stored encrypted, used only for displaying on your invoices)
  • Profile photo and business logo
  • Job, quote, invoice, and customer data that you enter into the platform
  • Device and session information for security purposes

For homeowners and customers:

  • Name and contact details when a plumber adds you as a customer
  • Job and quote information associated with work done at your property

Automatically collected:

  • IP address and browser/device type (for security and fraud prevention)
  • Pages visited and features used (to improve the platform)

3. Why We Collect It

We process your personal information only for the following lawful purposes:

  • To create and manage your account, and authenticate your identity via OTP
  • To provide the core platform features: quotes, invoices, job management, COC issuance
  • To send you important service notifications (login codes, invoice reminders)
  • To improve platform features and fix technical issues
  • To comply with our legal obligations under South African law
  • To protect HAP and its users from fraud, abuse, and security threats

We will never use your personal information for unsolicited marketing without your explicit consent, and we will never sell or rent your personal information to third parties.

4. Who We Share It With

We share your personal information only where necessary to operate the platform:

  • Supabase (database hosting) — your data is stored on Supabase servers in the EU (eu-west-1). Supabase is GDPR-compliant and contractually bound to protect your data.
  • Twilio — your mobile number is shared with Twilio to deliver OTP login codes via WhatsApp. Twilio does not use your number for any other purpose.
  • Resend — your email address is shared with Resend to deliver OTP login codes and optional invoice notifications.
  • Vercel — the platform is hosted on Vercel infrastructure. Request metadata passes through Vercel servers.
  • Anthropic — if you use the AI assistant feature, your query and relevant job context is sent to Anthropic's API. No personally identifiable information is deliberately included in AI queries.

We do not share your data with any other third parties. All service providers are contractually required to process your data only as instructed by us and to maintain appropriate security.

5. How We Protect Your Data

  • All data is transmitted over HTTPS with TLS encryption
  • Bank account details are stored in encrypted form
  • Authentication uses one-time passwords (OTPs) — no passwords stored
  • Sessions use HttpOnly, Secure cookies with HMAC-SHA256 signing
  • Access to production data is restricted to authorised personnel only
  • Security headers are applied to all responses (HSTS, X-Frame-Options, CSP)
  • Database access is protected by row-level security and connection pooling

6. How Long We Keep It

We retain your personal information for as long as your account is active and for a reasonable period after deletion to comply with legal obligations (typically 5 years for financial records as required by South African tax law).

You may request deletion of your account and associated data at any time by emailing us at info@hapsa.co.za. We will action deletion requests within 21 days, subject to legal retention obligations.

7. Your Rights Under POPIA

You have the right to:

  • Access a copy of the personal information we hold about you
  • Request correction of inaccurate or incomplete information
  • Request deletion of your personal information (subject to legal retention requirements)
  • Object to the processing of your personal information
  • Lodge a complaint with the Information Regulator of South Africa (inforegulator.org.za)

To exercise any of these rights, contact us at info@hapsa.co.za. We will respond within 30 days.

8. Cookies

HAP uses the following cookies:

  • hap_session — an HttpOnly session cookie that keeps you logged in for 7 days. Essential for the platform to function.
  • hap_maint_bypass — set if you use a maintenance bypass token. Only present if maintenance mode is active.

We do not use advertising cookies, tracking pixels, or any third-party analytics cookies.

9. Children

HAP is a business tool intended for adults. We do not knowingly collect personal information from anyone under the age of 18. If you believe we have inadvertently collected such information, please contact us immediately.

10. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via the platform or by email. Continued use of HAP after changes are posted constitutes acceptance of the updated policy.

11. Contact & Complaints

For privacy enquiries or complaints: info@hapsa.co.za

If you are not satisfied with our response, you may contact the Information Regulator of South Africa.

Terms of Use →|← Back to HAP