Simple Bru Coffee Co. ("Simple Bru", "we", "us", or "our") respects your privacy and is committed to protecting your personal information. This Privacy Policy explains what information we collect, how we use it, and your rights under the Protection of Personal Information Act, 2013 (POPIA).
1. Who We Are
Simple Bru Coffee Co. operates a coffee loyalty programme accessible via the Simple Bru mobile application (iOS and Android) and the website simplebrucoffee.co.za. We are the Responsible Party as defined under POPIA.
2. Information We Collect
2.1 Information you provide to us
- Account registration: your name, email address, and password.
- Profile: optional profile photo.
- Social login: if you sign in via Google or Facebook, we receive your name and email address from that provider.
- Payment information: card details entered during payment are processed directly by our payment provider (Yoco) and are never stored on our servers.
2.2 Information collected automatically
- Loyalty activity: QR code scans, stamps earned, rewards redeemed, in-store payment matches, and transaction history.
- Device information: device type, operating system version, and app version.
- Usage data: screens viewed, features used, and session duration.
- Location: only when you choose a store — we do not track your location continuously.
2.3 Information from AI features
If you use the in-app Brú AI assistant, your messages are sent to Google Gemini to generate a response. Messages are not stored beyond the active session and are not used to train AI models. When you match an in-store card payment, we read the payment's receipt and item details from Yoco to award your stamps.
3. How We Use Your Information
We use your personal information only for the following purposes:
- To create and manage your loyalty account.
- To process QR code scans and apply loyalty stamps and rewards.
- To match in-store card-machine payments to your account and award stamps.
- To process payments securely through our payment provider.
- To send you notifications about your loyalty progress and rewards (with your consent).
- To display news, promotions, and updates from Simple Bru stores.
- To provide customer support.
- To improve the app and fix technical issues.
- To comply with our legal obligations under South African law.
4. Sharing Your Information
We do not sell, rent, or trade your personal information. We share it only with the following trusted third parties, strictly for the purposes described above:
| Third Party | Purpose | Their Privacy Policy |
|---|---|---|
| Yoco | Payment processing & in-store payment matching | yoco.com/za/privacy-policy |
| Google Gemini (AI) | In-app AI assistant responses & receipt item matching | policies.google.com/privacy |
| Google / Facebook | Social login (optional) | policies.google.com/privacy / facebook.com/privacy |
| DigitalOcean | Cloud server hosting | digitalocean.com/legal/privacy-policy |
5. Data Retention
We retain your personal information for as long as your account is active or as required to provide services to you. If you delete your account, your personal data is permanently removed within 30 days, except where we are required by law to retain certain records (e.g. financial transaction records for 5 years under South African tax law).
6. Your Rights Under POPIA
As a data subject under POPIA, you have the right to:
- Access the personal information we hold about you.
- Request correction of inaccurate or incomplete information.
- Request deletion of your personal information (subject to legal retention requirements).
- Object to the processing of your personal information.
- Lodge a complaint with the Information Regulator of South Africa.
To exercise any of these rights, please contact us at info@simplebrucoffee.co.za. We will respond within 30 days.
Information Regulator of South Africa: inforegulator.org.za · complaints.IR@justice.gov.za
7. Security
We take appropriate technical and organisational measures to protect your personal information against unauthorised access, disclosure, alteration, or destruction. These include HTTPS encryption for all data in transit, hashed and salted passwords, and access-controlled servers. No method of transmission over the internet is 100% secure, and we cannot guarantee absolute security.
8. Children's Privacy
The Simple Bru app is not intended for children under the age of 13. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us and we will delete it promptly.
9. Push Notifications
We may send push notifications to your device to inform you of loyalty milestones, rewards, and promotions. You can opt out of push notifications at any time through your device settings or within the Simple Bru app.
10. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of significant changes via the app or by email. The effective date at the top of this page will always reflect when the policy was last updated. Continued use of the app after changes take effect constitutes acceptance of the updated policy.
11. Contact Us
If you have any questions about this Privacy Policy or how we handle your personal information, please contact us: