Legal
Privacy Policy
Last updated: January 2026. Effective immediately.
1. Introduction
KneadIt, a product of the Kgusiame Group, is committed to protecting your personal information. We process personal data in accordance with the Protection of Personal Information Act, 2013 (POPIA, Act 4 of 2013) and all applicable South African data protection legislation.
By using KneadIt, you consent to the collection and use of your personal information as described in this policy. This policy applies to all users — clients, therapists, parlour owners, and visitors.
2. Information We Collect
For Clients
- Full name, email address, phone number
- South African ID number (for verification)
- Gender and date of birth
- Booking history and service preferences
- Payment records (processed by Paystack — we do not store card details)
- Location information provided for bookings
For Therapists
- Full name, email address, phone number
- South African ID number and verification documents
- Professional qualifications and AMTSA membership details
- Banking details (for payouts only)
- Operating location and service areas
- Earnings history and booking records
- GPS location during safety check-ins and SOS events
3. Special Note on Safety Data
Location data captured during check-ins and SOS events is used solely for therapist safety. This data is not shared with third parties and is accessible only to the therapist and KneadIt administrators. Safety data is retained for 12 months for safety audit purposes, after which it is permanently deleted.
4. Purpose of Processing
We collect and use your personal information for the following purposes:
- Facilitating bookings between clients and therapists
- Verifying identities and qualifications for safety and trust
- Processing payments and disbursing earnings via Paystack
- Sending booking confirmations, reminders, and service communications
- Protecting therapist safety through check-in monitoring
- Improving our platform and resolving disputes
- Complying with legal obligations
5. Your Data Subject Rights
Under POPIA, you have the right to:
- Access: Request a copy of the personal information we hold about you
- Correction: Request correction of inaccurate or incomplete information
- Deletion: Request deletion of your information (subject to legal retention requirements)
- Objection: Object to processing of your information for specific purposes
- Withdrawal of consent: Withdraw consent where processing is based on consent
To exercise these rights, contact our Information Officer at info@kneadit.co.za.
6. Retention Periods
| Data Type | Retention Period |
|---|---|
| Active account data | While account is active |
| Closed account data | Anonymised after 30 days |
| Safety data (SOS, check-ins) | 12 months |
| Financial records | 5 years (statutory requirement) |
| Booking records | 3 years |
7. Third Party Processors
We use the following third-party processors, all of whom are bound by appropriate data processing agreements:
- Supabase — database, authentication, and file storage
- Paystack — payment processing and subscription billing
- Resend — transactional email delivery
- Google Maps — location and mapping services
- Vercel — application hosting and delivery
8. Information Officer
Our designated Information Officer can be reached at info@kneadit.co.za or by post at Kgusiame Group, South Africa.
9. Complaints and the Information Regulator
If you are not satisfied with how we have handled your personal information, you may lodge a complaint with: