Privacy policy
# Privacy Policy
This Privacy Policy describes how SA FitFoodz (Pty) Ltd ("FitFoodz", "we", "us", "our"), operating fitfoodz.co.za (the "Site"), collects, uses, and discloses your Personal Information when you visit or make a purchase from the Site. This policy is governed by the Protection of Personal Information Act, 2013 ("POPIA").
Last updated: 10 May 2026
## Contact
If you have questions about this policy, want more information about our privacy practices, or would like to exercise any of your rights under POPIA (including access, correction, deletion, or objection), please contact our Information Officer:
**Email:** info@fitfoodz.co.za
**Postal address:** SA FitFoodz (Pty) Ltd, 77 Walter Sisulu Street, Potchefstroom, North West, 2531, South Africa
## Information We Collect
When you visit the Site or make a purchase, we collect the following categories of Personal Information:
**Device and browsing information.** Collected automatically via cookies, pixels, tags, and similar technologies. Includes your IP address, browser type and version, operating system, device identifiers, time zone, referring URLs, pages viewed, search terms, and how you interact with the Site.
**Order and account information.** Collected directly from you when you place an order or create an account. Includes your name, email address, telephone number, billing address, shipping address, dietary preferences and goals (where you provide these via our calorie quiz or meal plan selection), order history, and payment information. Payment card details are processed directly by our payment processor (PayFast) and are not stored on our systems.
**Customer support information.** Information you provide when you contact us via email, WhatsApp, or other channels for support, feedback, or enquiries.
**Marketing and advertising information.** Hashed identifiers (such as hashed email addresses) used for advertising matching and audience building, as described in the "Advertising and Marketing" section below.
## How We Use Your Personal Information
We use your Personal Information to:
- Process and fulfil your orders, including payment processing, courier dispatch, and order communication
- Provide customer support and respond to your enquiries
- Send you transactional messages (order confirmations, delivery updates, account notifications) via email and WhatsApp
- Send you marketing communications about our products, promotions, and loyalty programme, where you have consented or where permitted by law (you can opt out at any time)
- Personalise our Site, recommend relevant meal plans, and improve your experience
- Measure and optimise the performance of our advertising campaigns across Meta (Facebook and Instagram), TikTok, and Google
- Detect, prevent, and respond to fraud, abuse, security issues, and unlawful activity
- Comply with our legal and regulatory obligations
- Conduct analytics to understand and improve our business
## How We Share Your Personal Information
We share your Personal Information with the following categories of service providers, each of whom processes data on our behalf for the purposes described:
**E-commerce platform**
- Shopify Inc. β operates our online store, processes orders, and stores customer records. https://www.shopify.com/legal/privacy
**Payment processing**
- PayFast (DPO Payments) β processes payment card transactions. We do not store full card numbers on our systems.
**Shipping and fulfilment**
- Aramex South Africa β courier and delivery services. We share your name, delivery address, and contact number to enable delivery.
**Email and SMS marketing**
- Omnisend β sends transactional and marketing emails on our behalf
**WhatsApp messaging**
- Meta Platforms (WhatsApp Business Platform) β used to send transactional and marketing messages to customers who have engaged with us via WhatsApp
**Advertising and analytics**
- Meta Platforms (Facebook Pixel and Conversions API) β measures advertising performance and matches you to advertisements
- TikTok Pixel and Events API (operated by TikTok / ByteDance) β measures advertising performance and matches you to advertisements
- Google Ads and Google Analytics β measures advertising performance, conversions, and Site usage analytics
We may also disclose your Personal Information:
- To comply with applicable laws, regulations, court orders, subpoenas, or other lawful requests by public authorities
- To enforce our terms of service or protect our rights, property, or safety, or that of our customers or others
- In connection with a corporate transaction such as a merger, acquisition, financing, or sale of assets, in which case the recipient will be required to honour this Privacy Policy
## Advertising and Marketing
We use the Meta Pixel, TikTok Pixel, and Google Ads tags to measure advertising effectiveness and to show you advertisements that may be relevant to you, including on Facebook, Instagram, TikTok, YouTube, and across the Google Display Network.
To improve advertising accuracy, we use **Advanced Matching** (also called Conversions API or Events API), which sends hashed identifiers β such as your email address transformed using SHA-256 cryptographic hashing β to these advertising platforms. This allows them to match your activity on our Site to your account on their platform without exposing your raw email address. We do this in reliance on our legitimate interest in marketing our products effectively, and you may object to this processing at any time using the contact details above.
You can opt out of interest-based advertising directly with these platforms:
- **Meta:** https://www.facebook.com/help/568137493302217
- **TikTok:** https://www.tiktok.com/legal/page/global/privacy-policy/en (see "Your Rights")
- **Google Ads:** https://adssettings.google.com
- **Google Analytics:** https://tools.google.com/dlpage/gaoptout
You can also unsubscribe from marketing emails using the unsubscribe link in any marketing email, or stop receiving WhatsApp marketing by replying STOP.
## Cookies and Similar Technologies
We use cookies and similar technologies (pixels, tags, web beacons, local storage) to operate the Site, remember your preferences, analyse Site usage, and deliver advertising. These fall into the following categories:
**Strictly necessary cookies** β required for the Site to function (cart, checkout, login, security)
**Analytics cookies** β Shopify Analytics, Google Analytics
**Advertising cookies** β Meta Pixel, TikTok Pixel, Google Ads tags
You can control cookies through your browser settings. Blocking strictly necessary cookies may prevent parts of the Site from working. For more information about controlling cookies, see https://www.allaboutcookies.org.
A list of cookies set by Shopify (the platform powering our Site) is available in the Shopify cookie reference: https://www.shopify.com/legal/cookies
## Your Rights Under POPIA
You have the following rights in respect of your Personal Information:
- **Right to access** β request a copy of the Personal Information we hold about you
- **Right to correction** β request that we correct inaccurate or incomplete information
- **Right to deletion** β request that we delete your Personal Information, subject to our legal obligations to retain certain records (e.g. tax records)
- **Right to object** β object to processing of your Personal Information for direct marketing or based on legitimate interests
- **Right to withdraw consent** β where we rely on your consent to process your Personal Information, you may withdraw that consent at any time
- **Right to lodge a complaint** β with the Information Regulator of South Africa if you believe we have not handled your Personal Information lawfully
To exercise any of these rights, contact us using the details in the **Contact** section above. We will respond within a reasonable period and in any event within 30 days.
## Data Retention
We retain your Personal Information for as long as necessary to provide our services, comply with our legal obligations (including South African tax law, which requires us to retain transactional records for at least five years), resolve disputes, and enforce our agreements. Marketing preferences are retained until you opt out.
## Data Security
We implement appropriate technical and organisational measures to protect your Personal Information against unauthorised access, alteration, disclosure, or destruction. These include encrypted connections (HTTPS), access controls, vendor due diligence, and secure server hosting. No method of internet transmission or electronic storage is 100% secure, however, and we cannot guarantee absolute security.
## International Data Transfers
Some of our service providers (including Shopify, Meta, TikTok, and Google) are located outside of South Africa, primarily in the United States, Ireland, and other jurisdictions. Where Personal Information is transferred outside South Africa, we rely on these providers' compliance with comparable data protection laws or contractual safeguards as required by POPIA.
## Children's Privacy
The Site is not directed to children under 18. We do not knowingly collect Personal Information from children under 18. If you believe we have collected Personal Information from a child, please contact us so we can delete it.
## Do Not Track
Because there is no consistent industry standard for responding to "Do Not Track" browser signals, we do not currently alter our data collection practices in response to such signals.
## Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, services, or legal obligations. The updated version will be indicated by a revised "Last updated" date and will be effective as soon as it is published.
## Complaints
If you have a complaint about how we handle your Personal Information, please contact us first using the details in the **Contact** section. If you are not satisfied with our response, you may lodge a complaint with:
**The Information Regulator (South Africa)**
JD House, 27 Stiemens Street, Braamfontein, Johannesburg, 2001
Telephone: 010 023 5200
Email (complaints): complaints.IR@justice.gov.za
Website: https://inforegulator.org.za
---
Last updated: 10 May 2026