Privacy Policy

BuildHero Privacy Policy

Effective date:

BuildHero (Pty) Ltd ("BuildHero", "we", "us", "our") operates a technology-enabled marketplace connecting customers ("Customers") with independent service providers ("Suppliers") for home-related services (the "Platform").

This Privacy Policy explains how we collect, use, store, share, and protect personal information, and sets out data subject rights, cookie practices, breach notifications, and our retention & deletion approach, in accordance with the Protection of Personal Information Act, 2013 (POPIA).

  1. 1. Roles under POPIA
    1. 1.1 Responsible Party (Controller): BuildHero acts as a Responsible Party for personal information processed to operate our Platform (accounts, website/app usage, customer support, security, fraud prevention, marketing, analytics, and marketplace operations).
    2. 1.2 Operator (Processor): For information processed on behalf of Suppliers to deliver Partner Services (e.g., routing bookings, messaging, payments, dispute workflows), BuildHero also acts as an Operator in terms of POPIA; the Supplier remains a separate Responsible Party for its off-platform processing.
  2. 2. What we collect
    1. 2.1 We collect the minimum information reasonably necessary for stated purposes:
      1. 2.1.1 Identification & contact: name, email, mobile number, addresses (service site and billing), and (for suppliers) business details.
      2. 2.1.2 Account & booking data: login credentials, profile details, quotes, bookings, messages, job cards, completion confirmations, signatures, before/after photos, ratings/reviews.
      3. 2.1.3 Payments: payment tokens/approval references from our payment processor; we do not store full card details.
      4. 2.1.4 Device/usage: IP address, device identifiers, log data, browser/app metadata, cookie identifiers, analytics events.
      5. 2.1.5 Regulatory/verification (suppliers): licensing/accreditation identifiers, insurance confirmations, limited KYC results (not underlying documents where not required).
      6. 2.1.6 Special personal information/children's information: We do not intentionally collect these. If unavoidable for a specific job (e.g., sensitive sites), the Supplier must ensure a lawful ground and, where required, obtain consent/authorisations; we will only process such data as strictly necessary.
  3. 3. How and why we use personal information
    1. 3.1 We process personal information lawfully, minimally, and for specified purposes, relying on one or more POPIA grounds: consent, performance of/steps to a contract, legal obligation, legitimate interests of BuildHero or a third party (balanced against your rights), or to protect a data subject's legitimate interests.
    2. 3.2 Typical purposes include:
      1. 3.2.1 Operating the Platform: account creation, authentication, routing requests, messaging, quoting, booking management, job documentation, reviews/ratings.
      2. 3.2.2 Payments: collecting Customer payments as limited commercial agent for Suppliers; issuing receipts; facilitating supplier settlements; fraud/abuse monitoring.
      3. 3.2.3 Customer support & disputes: assisting with records, facilitating a good-faith resolution window, and providing Platform logs. (Customer-Supplier merit disputes are handled between those parties per Customer Terms.)
      4. 3.2.4 Security & integrity: access controls, logging/monitoring, incident response, platform abuse prevention.
      5. 3.2.5 Service improvement & analytics: usage insights, quality assurance, feature development, and performance reporting (typically aggregated/de-identified where possible).
      6. 3.2.6 Legal & compliance: POPIA obligations, financial recordkeeping, tax, anti-fraud checks, responding to lawful requests.
      7. 3.2.7 Marketing (optional): service updates and offers (with opt-out controls). We do not sell personal information.
  4. 4. Sources of personal information
    1. 4.1 Directly from you (account set-up, bookings, messages, reviews).
    2. 4.2 Automatically (device, logs, cookies).
    3. 4.3 From Suppliers (job status, documentation) and our processors (payments, communications, hosting).
    4. 4.4 From lawful third-party sources (fraud checks, verification where permitted).
  5. 5. Sharing and disclosures
    1. 5.1 We share information only as necessary for the purposes above and subject to safeguards:
      1. 5.1.1 Suppliers you choose to book: to fulfil jobs, coordinate attendance, and close-out (job cards, photos, certificates, completion).
      2. 5.1.2 Operators/sub-operators (processors): cloud hosting, payments, communications, analytics, customer support - bound by written terms with appropriate security.
      3. 5.1.3 Reviews & profiles: your public reviews (first name and initial, rating, comments) may appear on Supplier profiles and the Platform.
      4. 5.1.4 Legal/compliance: courts, regulators, law enforcement where legally required or to protect rights, safety, or prevent fraud/abuse.
      5. 5.1.5 Corporate activity: during reorganisation/transaction, under confidentiality and continuity safeguards.
      6. 5.1.6 We do not sell personal information.
  6. 6. Cross-border transfers (POPIA s72)
    1. 6.1 Where services require processing/storage outside South Africa, we will ensure a lawful transfer mechanism (adequate laws, contractual safeguards, or other s72 conditions, or data subject consent where appropriate). We remain responsible for ensuring comparable protection.
  7. 7. Cookies and similar technologies
    1. 7.1 We use cookies to operate the site/app, keep you signed in, measure performance, and tailor content.
    2. 7.2 Categories: (i) Strictly necessary (security, session, fraud prevention); (ii) Performance/analytics; (iii) Functional (preferences); (iv) Advertising (limited, if enabled).
    3. 7.3 Controls: You can manage preferences in our Cookie Banner/Settings and via your browser/app. Some necessary cookies cannot be disabled as they are required for core functionality.
  8. 8. Security
    1. 8.1 We implement appropriate technical and organisational measures proportionate to risk: encryption in transit (and at rest where feasible), network/app security, monitoring and logging, secure development practices, and business continuity/disaster recovery. No system is perfect; transmission over the internet involves risk. We will continue to improve our controls in line with reasonable industry practice.
  9. 9. Data breaches (security compromises)
    1. 9.1 If we become aware of a security compromise affecting personal information we process as Responsible Party or Operator, we will notify the affected Responsible Party (if acting as Operator), the Information Regulator and/or affected data subjects as soon as reasonably possible and without undue delay, providing the nature of the incident, likely consequences, categories of data involved, and steps taken or proposed. We will cooperate on containment and notifications in good faith.
  10. 10. Your rights (data subjects)
    1. 10.1 Subject to POPIA and other laws, you may:
      1. 10.1.1 Access the personal information we hold about you;
      2. 10.1.2 Request correction of inaccurate, outdated or incomplete data;
      3. 10.1.3 Request deletion where legally permissible or object to certain processing;
      4. 10.1.4 Withdraw consent where processing relies on consent;
      5. 10.1.5 Object to direct marketing at any time (use "unsubscribe" or account settings);
      6. 10.1.6 Complain to the Information Regulator (South Africa) if you believe your rights are infringed.
    2. 10.2 We will respond within a reasonable time and may require verification of identity. Some requests may be limited by legal or contractual obligations (e.g., financial recordkeeping, fraud prevention, or ongoing dispute resolution).
  11. 11. Children and special personal information
    1. 11.1 We do not intentionally collect children's information, nor do we intentionally process special personal information in our capacity as Responsible Party. If a Supplier necessitates limited processing of such information for a specific job, the Supplier must ensure a valid ground and any required consents/authorisations; BuildHero will process only as Operator, minimally and securely.
  12. 12. Retention and deletion
    1. 12.1 We retain personal information only as long as necessary for the purposes stated, and thereafter as required or permitted by law.
  13. 13. Marketing communications
    1. 13.1 We may send service messages (e.g., booking updates, security alerts).
    2. 13.2 Promotional messages are sent with your consent or as otherwise permitted by law - you can opt out at any time using the in-message link or account settings.
  14. 14. Third-party links
    1. 14.1 The Platform may link to third-party sites/apps. Those services have their own privacy notices. We are not responsible for their practices.
  15. 15. Information Officer & contact
    1. 15.1 Information Officer: Clinton Muir
    2. 15.2 Email: info@buildhero.co.za
    3. 15.3 Postal address: Paarl, 7646, South Africa
    4. 15.4 For POPIA requests: please use in-app/web forms or email the Information Officer.
  16. 16. Changes to this Policy
    1. 16.1 We may update this Policy from time to time. Material changes will be communicated via the Platform or email, with the "Effective date" updated above. Continued use after the effective date constitutes acceptance of the updated Policy.
  17. 17. Supplier-specific note (Operator processing)
    1. 17.1 Where we act as Operator for a Supplier, our obligations are set out in the POPIA Operator Addendum (Annexure D to the Supplier Agreement). In a Customer-Supplier dispute about Partner Services, BuildHero may provide administrative assistance (platform records) without assuming responsibility for the underlying dispute.
Build Hero Logo

BuildHero is South Africa’s trusted home services marketplace — connecting homeowners with verified professionals for every project.

Quick Links

For Suppliers

Support

Peach Payments Logo