PlankDesigns Privacy Policy
Last updated: 2nd January 2025
Serving clients worldwide with compliance under POPIA (South Africa), GDPR (EU/UK), CCPA (California), and other global regulations
1. Who We Are
PlankDesigns is a South African-based design company operating internationally.
Data Controller:
PlankDesigns
Email: info@plankdesigns.co
2. Information We Collect
A. Directly Provided Data
- Contact Details: Name, email, phone, company
- Payment Information: Processed via Lemon Squeezy, Stripe, or Paystack (we never store raw card numbers)
- Project Details: Design briefs, file uploads, communications
B. Automatically Collected Data
- Technical: IP address, device type, browser (Google Analytics)
- Usage: Pages visited, session duration (Hotjar)
C. Special Categories
We do not intentionally collect:
- Racial/ethnic data
- Health information
- Biometric data
3. How We Use Your Data
| Purpose | Legal Basis (GDPR) | POPIA Section | Retention Period |
|---|---|---|---|
| Service delivery | Contract (Art 6(1)(b)) | 11(1)(a) | 5 years post-project |
| Payment processing | Legal obligation (Art 6(1)(c)) | 11(1)(d) | 7 years (tax) |
| Marketing (opt-in) | Consent (Art 6(1)(a)) | 11(1)(b) | Until withdrawal |
4. International Data Transfers
Safeguards Implemented:
- EU/UK: Standard Contractual Clauses (SCCs 2021)
- Africa: Paystack's CBPR certification for cross-border transfers
- APAC: Singapore DPTM-certified partners
Payment Processor Locations:
- Lemon Squeezy: USA (Privacy Shield)
- Stripe: Global (SCCs)
- Paystack: Nigeria (POPIA-aligned)
5. Your Rights
Global Rights Summary
| Right | How to Exercise | Response Time |
|---|---|---|
| Access | Email with "Subject Access Request" | 30 days |
| Deletion | Submit via Webform | 45 days |
| Portability | Request in writing | 60 days |
Region-Specific Additions:
- California (CCPA): Opt-out via "Do Not Sell/Share My Info" link
- South Africa (POPIA): Complaints to Information Regulator
- EU (GDPR): Lodge complaints with your DPA
6. Payment & Tax Compliance
Processor Details
| Provider | Data Collected | Security Certifications |
|---|---|---|
| Lemon Squeezy | Billing address, payment method | PCI DSS Level 1 |
| Stripe | Card token, transaction history | ISO 27001, SOC 2 |
| Paystack | Bank details (Africa) | NDIC insured |
Tax Handling:
Automatic VAT/GST calculation for:
- EU (via Lemon Squeezy OSS)
- South Africa (VAT # [Insert])
- USA (Sales tax where applicable)
7. Security Measures
Technical Protections
- Encryption: TLS 1.3, AES-256 at rest
- Access Control: Role-based permissions, 2FA enforcement
Organizational Protections
- Staff training: Annual POPIA/GDPR certification
- Vendor audits: Quarterly security assessments
8. Breach Notification
We will notify you within:
- 72 hours (EU GDPR)
- ASAP (South Africa POPIA)
- 45 days (California CCPA)
9. Policy Updates
Change Log:
- v3.0: Added payment processor details, global compliance matrix
- v2.1: Incorporated EU representative details
Notification Method:
Material changes emailed 30 days in advance
10. Contact Us
If you have any questions about this privacy policy, contact us at info@plankdesigns.co
By using PlankDesigns, you acknowledge that you have read, understood, and agree to the terms of this Privacy Policy.