Privacy Policy

1Introduction

The Greater Lombardy East Residents Association ("GLERA", "we", "us", "our") is committed to protecting the personal information of our community members. This Privacy Policy explains what personal information we collect, why we collect it, how long we retain it, and your rights under the Protection of Personal Information Act 4 of 2013 ("POPIA").

This policy applies to the GLERA Reporter App, the Booming Fundraiser App, the GLERA Community Policing Forum page, and all related services accessible at glera.co.za.

2What Personal Information We Collect

We collect the following categories of personal information:

Category	Examples	Purpose
Identity	Full name	Account registration and verification
Contact	Email address, phone number	Account communication, security enquiries
Address	Physical home address	Residency verification, payment reference
Verification document	Municipal account statement photo	Proof of residency verification
Location	GPS coordinates	Pinpointing reported infrastructure faults
Financial	Payment amounts, PayFast transaction IDs	Processing and recording fundraising contributions
Date of birth	Day and month of birth	Community birthday celebration emails (opt-in only)

3Lawful Basis for Processing (POPIA s11)

We process your personal information on the following lawful grounds:

Contractual necessity — Processing your name, email, address, and verification document is necessary to provide access to the Reporter and Booming apps.
Legitimate interest — GPS coordinates and report photos are processed to fulfil the core purpose of the Reporter App: identifying and escalating infrastructure faults.
Consent — Birthday data is collected only with your explicit opt-in consent. You may withdraw consent at any time via the unsubscribe link in any birthday email.
Legal obligation — Financial transaction records are retained to comply with South African financial record-keeping requirements.

4How Long We Retain Your Information

Data Category	Retention Period
Account profile (name, email, address)	Until account deletion is requested
Verification documents	Until account deletion is requested
Infrastructure reports and photos	Until account deletion is requested
Financial contribution records	5 years (South African financial record-keeping requirements)
Birthday data	Until unsubscribed or account deleted

5How We Share Your Information

We do not sell your personal information. We share it only with the following service providers who process it on our behalf:

Supabase — Database and file storage. Your data is stored on Supabase infrastructure in EU West (Ireland), which provides adequate protection under POPIA s72. SOC 2 Type II certified.
PayFast — Payment processing. Card details are handled directly by PayFast and are never stored on GLERA systems. PCI-DSS compliant.
Resend — Transactional email delivery (verification notifications, birthday emails, security enquiry forwarding).
Vercel — Application hosting. Function execution logs may contain non-sensitive operational data.

We may also share information where required by South African law or a court order.

6Your Rights Under POPIA

As a data subject under POPIA, you have the right to:

Access — Request a copy of the personal information we hold about you.
Correction — Request that inaccurate or incomplete information be corrected.
Deletion — Request that your personal information be deleted. See Section 7 below.
Objection — Object to the processing of your personal information on grounds of legitimate interest.
Withdraw consent — Withdraw consent for processing based on consent (e.g. birthday emails) at any time.
Lodge a complaint — Lodge a complaint with the Information Regulator of South Africa at inforegulator.org.za.

To exercise any of these rights, contact us at secretary@glera.co.za.

7How to Request Deletion of Your Data

You can permanently delete your account and all associated personal information directly from the platform. Once deleted, your data cannot be recovered.

To delete your account, log in and visit Dashboard → Delete Account.

Note: Financial contribution records may be retained for up to 5 years as required by South African law, even after account deletion.

8Cookies and Local Storage

The GLERA platform uses a service worker for Progressive Web App (PWA) functionality, which caches application assets locally on your device to enable offline access. We do not use tracking cookies or third-party advertising cookies.

Authentication sessions are managed via secure, HttpOnly cookies set by Supabase Auth. These are strictly necessary for the platform to function and cannot be disabled.

9Data Security

We protect your personal information through the following measures:

Row Level Security (RLS) policies on all database tables — users can only access their own data.
Verification documents stored in a private, access-controlled storage bucket.
All data transmitted over HTTPS (TLS).
Passwords are never stored — authentication is handled by Supabase Auth.
HTTP security headers (CSP, X-Frame-Options, X-Content-Type-Options) applied to all responses.

10Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will update the "Last updated" date at the top of this page. Continued use of our services after changes constitutes acceptance of the updated policy.

11Contact Us

For any privacy-related questions, requests, or complaints, please contact us at secretary@glera.co.za.