Skhokho Labs (“we”, “our”, “us”) operates the skhokho.app platform and associated services. This Privacy Policy explains how we collect, use, and protect your personal information when you use our services. By using our platform, you agree to the practices described in this policy.

We collect the following categories of information:

• Business information: trading name, address, business type, operating hours
• Contact details: name, phone number, email address
• WhatsApp messages you send during onboarding and support interactions
• App usage data: bookings, sales records, menu items, inventory entries
• Authentication data: email address used for login (via Supabase Auth)
• Device and browser information for analytics and error reporting

• To build and configure your branded business app
• To process bookings, sales, and loyalty transactions
• To provide AI-powered features (WhatsApp bot, voice bookkeeping) via Claude AI (Anthropic)
• To send transactional messages (booking confirmations, receipts) via WhatsApp
• To improve our platform and AI models
• To communicate service updates, feature announcements, and maintenance notices
• To process payments via Ozow

Our onboarding and support run over WhatsApp via the Meta Business API. We receive your messages to provide the service. Messages are processed by our AI systems and stored in your business account. We do not sell WhatsApp message data. Meta's data practices are governed by Meta's own Privacy Policy.

Your data is stored in Supabase (PostgreSQL), hosted in the EU-West-1 region. We use row-level security (RLS) to ensure each business can only access its own data. All data is transmitted over HTTPS. API keys and secrets are stored server-side and never exposed to the browser.

We use the following third-party providers to operate the platform:

• Supabase — database and authentication
• Anthropic (Claude AI) — AI-powered features
• Meta / WhatsApp Business API — messaging
• Ozow — payment processing
• Railway — API server hosting
• Vercel — web app hosting
• n8n — workflow automation

Each provider has their own privacy policy. We share only the data necessary for each service to function.

We retain your data for as long as your account is active. If you cancel, we retain anonymised analytics data for up to 12 months. You may request full deletion of your personal data at any time by emailing nmeyiswa@gmail.com.

Under applicable South African law (POPIA), you have the right to:

• Access the personal information we hold about you
• Request correction of inaccurate data
• Request deletion of your data
• Object to processing in certain circumstances
• Lodge a complaint with the Information Regulator

To exercise these rights, email nmeyiswa@gmail.com with the subject “Privacy Request”.

We use a single session cookie for authentication purposes (managed by Supabase Auth). We do not use tracking cookies, advertising cookies, or third-party analytics cookies.

We may update this policy from time to time. Material changes will be communicated via WhatsApp or email. Continued use of the platform after changes constitutes acceptance.

For privacy-related queries: nmeyiswa@gmail.com