Privacy

Privacy Policy

Last Updated: May 2026

1. Information We Collect

We collect information to provide, secure, and improve our services, including the Creator OS, Event OS, and Financial Intelligence Hub. This includes:

  • Account Data: Name, email, phone number, and KYC verification documents.
  • Financial Data: Bank details, transaction histories, and wallet balances.
  • Physical Event Data: When using the Event OS, we track physical movement and purchasing patterns via NFC wristband scans at vendor terminals.
  • Device & Usage Data: IP addresses, browser types, and interaction metrics.

2. The Institutional Intelligence Layer

Sponzar utilizes advanced programmatic tracking to build "Cross-Platform Identity Graphs" and perform Multi-Touch Attribution. This means we track conversion journeys across different platforms (e.g., tracking a user from an external social media link click to a final purchase on Sponzar) to provide accurate marketing data to Creators and Brands.

3. SDK & Smart Links

When interacting with Sponzar's embedded SDKs on third-party websites, or when clicking Sponzar "Smart Links", we collect conditional routing data (device type, location, referral source) to optimize traffic and measure campaign ROI.

4. How We Use Your Data

  • To facilitate payments, settlements, and escrow services.
  • To aggregate earnings, retention, and repayment data in order to generate the public "Sponzar Score" and monitor financial risk.
  • To share necessary transaction and engagement metrics with Creators, Event Organizers, and Brands you interact with.

5. Data Sharing

We do not sell your personal data. We share data only with:

  • Event Organizers & Creators: For whom you are a customer, subscriber, or attendee (sharing names, email addresses, and purchase history).
  • Service Providers: Payment gateways (e.g., Paystack, Stripe, Ozow) and cloud infrastructure providers.
  • Legal Authorities: When required by law or to protect against fraud and legal liability.

Biometric Data and Identity Documents

When you apply for elevated Creator Verification, we collect highly sensitive personal information, including:

  • Government-issued identification documents (e.g., South African ID cards).
  • Biometric data (e.g., live selfie photographs and facial recognition mapping).
  • Heuristic device and behavioral data (used for fraud scoring).

Purpose of Processing: This data is processed strictly for Know Your Customer (KYC) and Anti-Money Laundering (AML) compliance; validating that the person creating the account matches the identity document provided; and preventing identity theft, financial fraud, and money laundering.

Data Sharing and Sub-Processors: Your biometric and identity data is transmitted via secure, encrypted API to our accredited identity verification partners (such as Datanamix/PBVerify). They act as our sub-processors and are legally bound by strict data protection agreements. We do not sell your biometric data, nor do we use it for marketing purposes.

Data Retention and Destruction (POPIA Compliance)

In accordance with the Protection of Personal Information Act (POPIA) and financial regulations:

  • Active Accounts: We retain your verification status and audit logs for as long as your account remains active to fulfill our continuous compliance obligations.
  • Raw Biometric Data: Raw biometric imagery (such as selfie photos) and ID document scans are securely retained only for the duration necessary to complete the verification audit or resolve disputes.
  • Regulatory Retention: If your account is flagged for severe fraud or financial crimes, your verification data and associated risk flags may be retained for up to 5 years as required by South African financial intelligence laws, even if you request account deletion.
  • Security Measures: All verification data is stored using AES-256 encryption at rest, and accessed only by authorized compliance personnel on a strict need-to-know basis.