Privacy Policy

Gaia Kreativ Agency (Pty) Ltd
Effective date: 11 July 2026
Last updated: 11 July 2026

Gaia Kreativ Agency (Pty) Ltd (“Gaïa”, “we”, “us”, “our”) respects your privacy and is committed to protecting your personal information. This Privacy Policy explains what personal information we collect, how we use it, who we share it with, and the rights you have in relation to it.

This policy covers:

  1. Our websitegaiakreativ.co.za (the “Website”);
  2. The Gaïa OS web application — our internal operations platform for staff and invited collaborators (the “Web App”); and
  3. The Gaïa iOS application — our companion mobile app (the “iOS App”).

Together, the Web App and iOS App are referred to as the “Apps”, and the Website and the Apps together as the “Services”.

We process personal information in accordance with the Protection of Personal Information Act 4 of 2013 (POPIA) of South Africa. Where users are located in the European Economic Area or the United Kingdom, we also aim to meet the standards of the GDPR / UK GDPR.

1. Who we are (Responsible Party / Data Controller)

Gaia Kreativ Agency (Pty) Ltd
5 Anton Van Niekerk Dr, Faerie Glen, Pretoria, South Africa
Email: hi@gaiakreativ.co.za
Phone: +27 72 322 5235

For the purposes of POPIA, Gaia Kreativ Agency (Pty) Ltd is the responsible party.

Information Officer: Marco Inward — marco@gaiakreativ.co.za

2. Who this policy applies to

3. Information we collect

3.1 Website (gaiakreativ.co.za)

When you browse the Website we may collect:

3.2 Account and profile information (Apps)

When an account is created in the Apps, we collect:

3.3 Workspace and operational data (Apps)

In the course of using the Apps, the following data linked to your account is created and stored:

3.4 Client and vendor contact information

As a creative agency, we hold business contact information for our clients and vendors in the Apps, including names, email addresses, phone numbers, job titles, billing addresses, and VAT numbers. We process this information for legitimate business purposes — managing projects, communication, and invoicing.

3.5 Invitations

When a workspace administrator invites someone to the Apps, we process the invitee’s email address, intended role and account type, and (where applicable) the project they are invited to. Invitation emails are sent through our email delivery provider.

3.6 iOS App — device permissions and on-device data

The iOS App requests the following permissions, all of which are optional:

The iOS App stores the following data locally on your device:

The iOS App does not request access to your location, contacts, microphone, or health data, and does not use Apple’s App Tracking Transparency framework because it performs no cross-app tracking.

3.7 Information we do not collect

4. How we use your information

We use personal information for the following purposes:

Where we rely on consent (for example, iOS camera, photo library, or calendar permissions), you may withdraw that consent at any time via your device settings or in-app settings, without affecting the lawfulness of processing before withdrawal.

We do not use your personal information for automated decision-making or profiling that produces legal or similarly significant effects.

5. Who we share your information with

We do not sell or rent personal information. We share it only with:

5.1 Service providers (operators / processors)

We use a small number of trusted service providers to run the Services. Each processes personal information only on our instructions:

5.2 Other users of your workspace

The Apps are collaborative. Your name, avatar, job title, and your activity within the workspace (tasks, comments, time entries, calendar events, files you upload) are visible to other members of the same workspace in accordance with their access permissions. Financial fields such as hourly cost and rate are visible only to workspace administrators.

5.3 Shared links

Some features generate shareable links (for example, sharing a project document with a client). Anyone who has such a link can view the shared content without signing in. Share links use long, unguessable tokens, and access can be revoked by disabling the share. Similarly, files uploaded to the Apps (such as avatars and attachments) are served from storage URLs that are accessible to anyone in possession of the exact URL. Please treat shared links as confidential and only send them to intended recipients.

5.4 Legal disclosures

We may disclose personal information where required by law, regulation, court order, or a lawful request by a public authority, or where necessary to protect our rights, safety, or property or those of others.

5.5 Business transfers

If Gaia Kreativ Agency (Pty) Ltd is involved in a merger, acquisition, or sale of assets, personal information may be transferred as part of that transaction. We will notify affected users of any change in ownership or use of their personal information.

6. International transfers

We are based in South Africa. Our application backend (Supabase), including our database and file storage, is hosted in the European Union (EU North region — Stockholm, Sweden). Our other service providers (including Resend, Vercel, and Webflow) may store or process data on servers located outside South Africa, including in the European Union and the United States.

Where personal information is transferred across borders, we do so in accordance with section 72 of POPIA — relying on providers that are subject to laws or binding agreements providing an adequate level of protection substantially similar to POPIA (such as the GDPR, which applies to our EU-hosted infrastructure), or standard contractual protections in our agreements with them.

7. How long we keep your information

We keep personal information only as long as necessary for the purposes described in this policy:

You may request deletion of your personal information as described in section 10; we will delete it unless we are legally required or entitled to retain it.

8. Cookies and local storage

8.1 Website

The Website is hosted on Webflow and may set cookies necessary for its operation and basic functionality. If we introduce analytics or marketing cookies on the Website in future, we will update this policy and, where required, ask for your consent.

8.2 Web App

The Web App uses only strictly necessary cookies — session cookies set by our authentication provider (Supabase) to keep you signed in securely. These cookies are essential for the Web App to function and cannot be switched off within the App. We do not use advertising or third-party analytics cookies in the Web App.

The Web App also stores your interface preferences (such as light/dark theme) in your browser’s local storage. This data never leaves your browser.

8.3 iOS App

The iOS App does not use cookies. Local data storage on your device is described in section 3.6.

9. How we protect your information

We take reasonable, appropriate technical and organisational measures to secure personal information against loss, damage, unauthorised access, and unlawful processing, including:

No system is completely secure. If we become aware of a data breach affecting your personal information, we will notify the Information Regulator and affected individuals as required by section 22 of POPIA.

10. Your rights

Under POPIA (and, where applicable, the GDPR) you have the right to:

The Information Regulator (South Africa)
JD House, 27 Stiemens Street, Braamfontein, Johannesburg, 2001
Email: POPIAComplaints@inforegulator.org.za
Website: inforegulator.org.za

To exercise any of these rights, contact us at hi@gaiakreativ.co.za. We may need to verify your identity before acting on a request. We will respond within a reasonable time and in any event within the timeframes required by applicable law.

If you are a collaborator invited into our workspace by a client or another organisation, some requests may need to be coordinated with the workspace administrator.

11. Children

The Services are business tools intended for people aged 18 and over. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us and we will delete it.

12. Third-party links

The Website and Apps may contain links to third-party websites and services (for example, links opened in your browser). We are not responsible for the privacy practices of third parties. We encourage you to read the privacy policies of any third-party services you visit.

13. Changes to this policy

We may update this Privacy Policy from time to time. The “Last updated” date at the top of this page shows when it was last revised. For material changes, we will provide notice through the Services or by email. Your continued use of the Services after changes take effect constitutes acceptance of the updated policy.

14. Contact us

If you have any questions about this Privacy Policy or how we handle your personal information:

Gaia Kreativ Agency (Pty) Ltd
5 Anton Van Niekerk Dr, Faerie Glen, Pretoria, South Africa
Email: hi@gaiakreativ.co.za
Phone: +27 72 322 5235

Information Officer: Marco Inward — marco@gaiakreativ.co.za