Tellacity

Data Protection Policy

Last Updated: September 6, 2025

1. Our Commitment to Data Protection

Tellacity takes data privacy and security seriously. We are committed to protecting the personal data of our users—both consumers and businesses—in accordance with applicable data protection laws and best practices. This Data Protection Policy outlines the technical and organizational measures we have implemented to ensure the confidentiality, integrity, and availability of your data.

2. Applicable Laws

We strive to comply with key data protection regulations, including but not limited to:

  • General Data Protection Regulation (GDPR): For users within the European Economic Area (EEA).
  • Protection of Personal Information Act (POPIA): For users within South Africa.
  • California Consumer Privacy Act (CCPA): For users within California, USA.

3. Data Protection by Design and Default

We integrate data protection principles into our development and business processes from the outset. This includes minimizing data collection, pseudonymizing personal data where possible, and ensuring transparency about data processing activities.

4. Data Minimisation

We only collect and process personal data that is strictly necessary for the purposes for which it is processed. We do not collect excessive or irrelevant data.

5. Access Control

Access to personal data is restricted to authorized personnel who have a legitimate need to access such data for their job responsibilities.

  • Authentication: We use strong authentication mechanisms (e.g., multi-factor authentication) for administrative access.
  • Authorization: Access rights are granted based on the principle of least privilege.
  • Logging: Access to sensitive data is logged and audited.

6. Security Measures

We implement robust technical security measures to protect data against unauthorized access, alteration, disclosure, or destruction:

  • Encryption: Data is encrypted in transit (using TLS/SSL) and at rest (using industry-standard encryption algorithms).
  • Firewalls: We use firewalls to protect our network infrastructure.
  • Vulnerability Management: We regularly scan our systems for vulnerabilities and apply security patches promptly.

7. Review Proof Protection

Documents uploaded as proof of experience (e.g., receipts, invoices) are treated with high sensitivity. These documents are stored in a secure, private storage bucket with strict access controls. They are never displayed publicly and are only accessible by authorized Tellacity moderation staff for the sole purpose of verifying reviews.

8. Third-Party Processors

We engage third-party service providers (data processors) to assist us in delivering our Services (e.g., hosting, payment processing). We enter into data processing agreements with these providers to ensure they process personal data only in accordance with our instructions and maintain appropriate security measures.

9. International Transfers

If we transfer personal data to countries outside the user's jurisdiction, we ensure that appropriate safeguards are in place to protect the data, such as standard contractual clauses or adequacy decisions.

10. Data Subject Rights

We respect the rights of data subjects regarding their personal data, including:

  • Right to Access: You can request a copy of your personal data.
  • Right to Rectification: You can request correction of inaccurate data.
  • Right to Erasure: You can request deletion of your data ("right to be forgotten").
  • Right to Restriction: You can request restriction of processing.
  • Right to Data Portability: You can request your data in a structured, commonly used format.
  • Right to Object: You can object to processing based on legitimate interests or direct marketing.

11. Incident Response

We have an incident response plan in place to handle data breaches or security incidents effectively. In the event of a personal data breach likely to result in a high risk to rights and freedoms, we will notify the competent supervisory authority and affected data subjects without undue delay.

12. Retention and Disposal

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected or as required by law. When data is no longer needed, it is securely deleted or anonymized.

13. Continuous Improvement

We regularly review and update our data protection practices to adapt to changing threats, technologies, and regulations.

14. Relationship to Other Policies

This Data Protection Policy complements our Privacy Policy and Terms of Service. In the event of any conflict, the specific terms regarding data handling in this policy shall provide additional context to the general principles in the Privacy Policy.

15. Contact Us

For any inquiries regarding data protection or to exercise your rights, please contact our Data Protection Officer at privacy@tellacity.com.