Legal

Privacy Policy

Last updated: April 2026

1. Who we are

Stori operates this marketplace platform. We are committed to protecting your personal information in accordance with the Protection of Personal Information Act 4 of 2013 (POPIA) and all applicable South African privacy legislation. Our Information Officer can be reached at privacy@thestori.co.za.

2. Information we collect

2.1 Account information

When you create an account, we collect your name, email address, and a hashed version of your password. We never store your password in plain text.

2.2 Order information

When you place an order, we collect your shipping address and order details. Payment is processed by PayFast — we do not store your card details.

2.3 Vendor information

Vendors additionally provide banking details for settlement purposes. This information is stored securely and is only accessible to the Stori admin team.

2.4 Usage data

We collect analytics data (via PostHog) about how you use the platform, including pages visited and actions taken. This data is anonymised and used only to improve the platform.

3. How we use your information

We use your personal information to:

  • Process and fulfil your orders
  • Send transactional emails (order confirmations, shipping updates)
  • Process vendor settlements
  • Improve the platform through anonymised analytics
  • Comply with legal obligations

We do not sell your personal information to third parties. We do not send marketing emails without your explicit consent.

4. Who we share your information with

We share your information only with:

  • PayFast — to process payments
  • Resend — to send transactional emails
  • Cloudflare — for image storage (R2)
  • PostHog — for anonymised analytics
  • Vendors — your name and shipping address are shared with the vendor fulfilling your order

All third-party providers are required to handle your data in accordance with applicable privacy law.

5. Your rights under POPIA

You have the right to:

  • Request access to the personal information we hold about you
  • Request correction of inaccurate information
  • Request deletion of your account and associated data
  • Object to the processing of your personal information
  • Lodge a complaint with the Information Regulator of South Africa

To exercise any of these rights, contact us at privacy@thestori.co.za. We will respond within 30 days.

6. Data retention

We retain your account data for as long as your account is active. Order records are retained for 5 years for legal and accounting purposes. You may request deletion of your account at any time; however, we may retain certain records where required by law.

7. Security

We use industry-standard security measures including encrypted connections (HTTPS), hashed passwords, and restricted access to sensitive data. No system is completely secure; in the event of a data breach affecting your rights, we will notify you as required by POPIA.

8. Cookies

We use essential cookies to keep you logged in and to maintain your shopping basket. We also use analytics cookies (PostHog) to understand how the platform is used. You can disable non-essential cookies in your browser settings.

9. Contact

For privacy-related queries, contact our Information Officer at privacy@thestori.co.za.