Privacy Policy
How we collect, use, and protect your personal information
Table of Contents
- Introduction
- Information We Collect
- How We Use Your Information
- Legal Basis for Processing (POPIA)
- Information Sharing & Disclosure
- Data Storage & Security
- Cookies, Tracking & Advertising
- Your Rights Under POPIA
- Children’s Privacy
- Data Retention
- Third-Party Links
- Changes to This Policy
- Information Officer & Contact
1 Introduction
TributePoint (“we”, “us”, “our”) is committed to protecting your personal information. This Privacy Policy explains how we collect, use, store, and share information when you use our website at tributepoint.co.za and related services.
We process personal information in accordance with the Protection of Personal Information Act 4 of 2013 (POPIA) and other applicable South African legislation. By using TributePoint, you consent to the practices described in this policy.
2 Information We Collect
2.1 Information You Provide
| Category | Details |
|---|---|
| Account Information | First name, last name, email address, password (hashed) |
| Tribute Content | Deceased’s name, dates (birth/death), obituary text, funeral details (times, addresses), cemetery locations, funeral programme, extra info, donation links |
| Photos | Portrait and gallery images uploaded for tribute pages |
| Company Information | Company name, company email, phone, website, address, branding assets (for professional accounts) |
| Contact Form | Name, email, subject, and message when you contact us |
2.2 Information Collected Automatically
| Category | Details |
|---|---|
| Log Data | IP address, browser type, operating system, referring URL, pages visited, timestamps |
| Session Data | PHP session identifiers used to maintain login state |
| Cookies | Session cookies and optional “remember me” cookies (see Section 7) |
2.3 Special Personal Information
Tribute pages may include information about deceased persons, including religious symbols, dates, and biographical details. Under POPIA, information about deceased persons is generally not considered “personal information.” However, we treat all tribute content with respect and dignity.
3 How We Use Your Information
We use the information we collect for the following purposes:
- Providing the Service: Creating accounts, building tribute pages, displaying memorial content, enabling photo uploads, and generating shareable links
- Account Management: Email verification, password resets, login authentication, and session management
- Communication: Sending verification emails, responding to contact form enquiries, and sending service-related notices
- Company Features: Managing team invitations, company branding, and professional account functionality
- Security: Detecting and preventing fraudulent, unauthorised, or illegal activity
- Improvement: Understanding how the Service is used to improve features, performance, and user experience
We do not use your personal information for marketing purposes without your explicit consent. We do not sell your personal information to third parties.
4 Legal Basis for Processing (POPIA)
Under POPIA, we process your personal information based on the following lawful grounds:
- Consent: By registering and using the Service, you consent to the processing described in this policy
- Contract: Processing necessary to provide the Service you requested (e.g., creating your tribute page)
- Legitimate Interest: Maintaining security, preventing abuse, and improving the Service
- Legal Obligation: Compliance with applicable South African law where required
5 Information Sharing & Disclosure
We do not sell, rent, or trade your personal information. We may share information only in the following circumstances:
- Public Tributes: If you set a tribute to “public,” the tribute content (name, dates, obituary, photos, funeral details) is publicly visible to anyone with the link or who finds it via search engines.
- Company Accounts: If you are part of a company on TributePoint, the company owner and authorised team members may view tributes created under the company account.
- Service Providers: We may use third-party services for email delivery, hosting, and infrastructure. These providers process data on our behalf under strict confidentiality agreements.
- Legal Requirements: We may disclose information if required by law, court order, or government regulation in South Africa.
- Safety: We may disclose information to protect the safety, rights, or property of TributePoint, our users, or the public.
6 Data Storage & Security
Storage
Your data is stored on servers located in South Africa or with hosting providers who comply with adequate data protection standards. We use MySQL databases with UTF-8 encoding for structured data and secure file storage for uploaded photos.
Security Measures
We implement reasonable technical and organisational measures to protect your information, including:
- Passwords are hashed using bcrypt (never stored in plain text)
- HTTPS/TLS encryption for all data in transit
- Session-based authentication with secure cookie flags
- Email verification tokens are stored as SHA-256 hashes
- Security headers (Content Security Policy, X-Frame-Options, HSTS, etc.)
- Access controls limiting data access to authorised personnel
While we take data security seriously, no system is 100% secure. In the event of a data breach, we will notify affected users and the Information Regulator as required by POPIA.
7 Cookies, Tracking & Advertising
7.1 First-Party Cookies We Use
| Cookie | Purpose | Duration |
|---|---|---|
| PHPSESSID | Session management — maintains your login state | Session (expires when browser closes) |
| remember_me | Optional “Remember Me” functionality on login | 30 days |
7.2 Google AdSense & Advertising Cookies
TributePoint displays advertisements on certain pages through Google AdSense, a third-party advertising service operated by Google LLC. When advertisements are shown, Google may set cookies on your device to:
- Serve relevant, interest-based advertisements
- Limit the number of times you see a particular ad
- Measure the effectiveness of advertising campaigns
- Prevent the display of ads you have previously dismissed
| Cookie / Technology | Provider | Purpose |
|---|---|---|
| DoubleClick / NID | Google LLC | Interest-based advertising, ad frequency capping, and conversion tracking |
| IDE | Google LLC (doubleclick.net) | Registers and reports user actions after viewing or clicking an ad |
| ANID / DSID | Google LLC | Targeting and personalisation of Google ads |
Google's use of advertising cookies is governed by the Google Privacy Policy and Google's advertising data practices. By using TributePoint, you acknowledge that Google may collect and use data as described in those policies.
7.3 Ads Are Not Shown to All Users
Advertisements are not shown in the following situations:
- Users on a paid premium plan (ad-free experience)
- Tributes created by professional funeral home accounts (company tributes)
- Admin panel and account management pages
7.4 How to Opt Out of Interest-Based Advertising
You have the following options to opt out of personalised advertising:
- Google Ad Settings: adssettings.google.com
- Network Advertising Initiative: optout.networkadvertising.org
- Your Ad Choices: optout.aboutads.info
- Browser settings: Block or delete cookies through your browser preferences (note: this may affect site functionality)
Opting out of personalised ads does not mean you will no longer see advertisements — it means the ads shown may not be tailored to your interests.
7.5 Cookie Control
You can control cookies through your browser settings. Disabling all cookies may affect the functionality of the login system and other interactive features of TributePoint.
8 Your Rights Under POPIA
As a data subject under POPIA, you have the following rights:
- Right of Access: Request confirmation of whether we hold your personal information and obtain a copy of it
- Right to Correction: Request correction or deletion of inaccurate, irrelevant, or outdated personal information
- Right to Deletion: Request deletion of your personal information where it is no longer necessary for the purpose it was collected
- Right to Object: Object to the processing of your personal information on reasonable grounds
- Right to Withdraw Consent: Withdraw your consent to processing at any time (which may affect your ability to use the Service)
- Right to Lodge a Complaint: Lodge a complaint with the Information Regulator of South Africa
To exercise any of these rights, please contact us at info@tributepoint.co.za. We will respond within a reasonable time, and no later than 30 days as required by POPIA.
9 Children’s Privacy
TributePoint is not directed at children under 18 years of age. We do not knowingly collect personal information from minors. If you believe a child under 18 has created an account, please contact us and we will promptly delete the account and associated data.
Tribute pages may be created for deceased persons of any age by an adult account holder.
10 Data Retention
We retain your personal information for as long as it is necessary for the purposes described in this policy:
- Active Accounts: Account data and tributes are retained for as long as your account is active
- Closed Accounts: Upon account closure, we may retain data for up to 90 days before permanent deletion, unless a longer period is required by law
- Public Tributes: Tribute pages for deceased persons may remain accessible after account closure, as they serve as memorials. Contact us to request removal.
- Log Data: Server logs are retained for up to 12 months for security purposes
- Email Verification Tokens: Expired tokens are periodically purged
11 Third-Party Links
Tribute pages may contain links to external websites, including donation/crowdfunding platforms, Google Maps, and social media. We are not responsible for the privacy practices of these third-party sites. We encourage you to review their privacy policies before providing personal information.
12 Changes to This Policy
We may update this Privacy Policy from time to time. When we make changes, we will update the “Last Updated” date at the top of this page. Continued use of the Service after changes are posted constitutes acceptance of the updated policy.
For significant changes that materially affect how we handle your personal information, we will make reasonable efforts to notify you via email or a notice on our website.
13 Information Officer & Contact
For any questions, concerns, or requests regarding this Privacy Policy or your personal information, please contact our designated Information Officer:
- Information Officer: Samuel Mkhawane
- Address: 3335 Ext 1, Kanana, Hammanskraal, 0407
- Email: info@tributepoint.co.za
- Phone: 068 752 2262
- Website: tributepoint.co.za
You may also contact the Information Regulator of South Africa if you believe your personal information has been mishandled: