Blueticked
Start free

Privacy Policy

Effective 27 April 2026

1. Who we are

Blueticked is a customer-messaging platform operated by Sinosa Trading (Pty) Ltd, a private company incorporated in the Republic of South Africa.

  • Registration No.: 2013/053370/07
  • VAT No.: 4650263488
  • Registered address: 58 Eden on the Bay, Milnerton, Cape Town, South Africa
  • Information Officer: Shaun Schoeman
  • Contact: privacy@blueticked.com

For purposes of the Protection of Personal Information Act, 2013 (POPIA), Sinosa Trading (Pty) Ltd is the responsible party. For purposes of the EU and UK General Data Protection Regulation (GDPR), it acts as data controller in respect of its own customers and as data processor in respect of end-user data customers route through the platform.

2. Information we collect

We collect personal information in three contexts:

Account holders (our customers)

  • Name, email address, mobile number
  • Business name, registration details, billing address
  • Authentication credentials (hashed)
  • Payment information (processed by our payment provider — we do not store card numbers)
  • Logs of platform usage for security, billing and support

End-user contacts (your customers)

  • Phone numbers, email addresses and Telegram identifiers you upload or that initiate conversations
  • Message content sent or received through Blueticked-connected channels (WhatsApp, SMS, email, Telegram)
  • Delivery receipts, read receipts and opt-out signals

Visitors to blueticked.com

  • IP address, browser and device information, pages visited
  • Information you submit through contact forms

3. How we use your information

  • To deliver the Blueticked service: routing messages, maintaining inboxes, sending campaigns, generating AI replies
  • To bill you and collect payment
  • To provide support, prevent abuse and improve reliability
  • To comply with legal obligations including POPIA, tax law and lawful interception requests
  • To send service announcements (you cannot opt out of essential service emails)
  • With your consent, to send product updates and marketing

4. Lawful basis (POPIA & GDPR)

We process personal information on the following bases:

  • Contract — to deliver the services you have signed up for
  • Legitimate interest — security, fraud prevention, service analytics
  • Legal obligation — tax, accounting, lawful intercept, retention requirements
  • Consent — for non-essential marketing and any optional analytics

5. Sharing with third parties

We share data only with operators (POPIA) / processors (GDPR) bound by written contracts to the same standards we are. We do not sell personal information.

  • Meta Platforms, Inc. — WhatsApp Business message delivery and webhook processing
  • BulkSMS (Celerity Systems (Pty) Ltd, South Africa) — SMS delivery
  • Resend, Inc. — transactional email delivery
  • Telegram Messenger Inc. — Telegram bot message routing
  • Anthropic PBC and OpenAI OpCo, LLC — AI model inference for AI-agent replies (only when you enable AI agents)
  • Supabase, Inc. — managed PostgreSQL hosting (EU region)
  • Vercel, Inc. — application and marketing-site hosting
  • Upstash, Inc. — Redis-backed job queue
  • Stripe, Inc. / Paystack (Pty) Ltd — payment processing
  • Sentry (Functional Software, Inc.) and PostHog, Inc. — error monitoring and product analytics
  • Professional advisers, auditors, and law-enforcement authorities where legally required

6. Cross-border transfers

Some processors are located outside South Africa, the European Economic Area, and the United Kingdom. Where personal information leaves these jurisdictions we rely on Standard Contractual Clauses and ensure the recipient is subject to laws or binding agreements that uphold equivalent protection in line with section 72 of POPIA.

7. How long we keep information

  • Active account data: for the lifetime of your subscription
  • End-user message content: 24 months from creation, or until you delete it
  • Billing and tax records: 5 years (SARS requirement)
  • Backups: rolling 30-day window, then permanently purged
  • Suppression-list entries (opt-outs): retained indefinitely to honour the opt-out

8. Your rights

You have the right to:

  • Request access to the personal information we hold about you
  • Request correction of inaccurate or incomplete information
  • Request deletion of your personal information, subject to legal retention obligations
  • Object to direct marketing
  • Withdraw consent where consent is the lawful basis
  • Lodge a complaint with the South African Information Regulator (inforegulator.org.za)

To exercise any of these rights, email privacy@blueticked.com. If you submitted your request via Meta's data-deletion flow, you can check status at /data-deletion.

9. Security

We use AES-256-GCM encryption for sensitive credentials at rest, TLS 1.2+ in transit, role-based access controls, and audit logging. We follow industry best practice but no system is impenetrable. If we become aware of a security compromise affecting your information we will notify you and the Information Regulator without unreasonable delay as required by section 22 of POPIA.

10. Cookies and similar technologies

blueticked.com uses essential cookies for session management and opt-in analytics cookies (PostHog). You can disable analytics in your browser; the site remains fully functional without them.

11. Children

Blueticked is not intended for users under 18. We do not knowingly collect personal information of children. If you believe we have, contact us and we will delete it.

12. Changes to this policy

We may update this policy. Material changes will be announced by email to account holders and posted at the top of this page. The effective date will always reflect the most recent version.

13. Contact

Sinosa Trading (Pty) Ltd
58 Eden on the Bay, Milnerton, Cape Town, South Africa
Email: privacy@blueticked.com