Privacy Policy

How GreenHand collects, uses, shares and protects your personal information under POPIA.

Last updated: 18 July 2026

Table of Contents

  1. 1. Who we are
  2. 2. Information we collect
  3. 3. Special personal information
  4. 4. How we collect it
  5. 5. Why we process it
  6. 6. Lawful basis
  7. 7. Who we share it with
  8. 8. Cross-border transfers
  9. 9. How long we keep it
  10. 10. How we protect it
  11. 11. Your rights & deletion
  12. 12. Automated processing
  13. 13. Direct marketing
  14. 14. Cookies & notifications
  15. 15. Children
  16. 16. Contact & complaints

1 Who we are

GreenHand ("GreenHand", "we", "us") operates the online marketplace at www.greenhand.co.za that connects South African homeowners with independent garden service professionals. For the purposes of the Protection of Personal Information Act 4 of 2013 ("POPIA"), GreenHand is the Responsible Party for the personal information described in this policy.

This policy explains what personal information we collect, why, how we use and share it, how long we keep it, and the rights you have. It applies to everyone who uses GreenHand — homeowners ("Clients"), garden professionals ("Gardeners") and visitors.

Information Officer: privacy@greenhand.co.za

2 Information we collect

Depending on how you use GreenHand, we may collect:

CategoryExamples
Account & identityName, email address, phone number, password (stored one-way hashed), user type (Client/Gardener), and nationality status where relevant to work authorisation.
Verification documents (Clients)ID document or passport, proof of address (utility bill or bank statement not older than 3 months), and a clear photo of yourself — required before your first payment, to keep the community safe and to meet identity-verification obligations.
Verification documents (Gardeners)ID document or passport, a clear photo of yourself, proof of address, SAPS police clearance certificate, a recent bank statement confirming your payout account, and optionally a work reference. Business Gardeners: CIPC registration, business bank confirmation and optionally tax clearance. Foreign nationals: a valid work permit/visa, Section 22 asylum permit or Section 24 refugee status document.
Location & propertyHome or service address, suburb, city, province, property/garden details, approximate map coordinates used to match nearby Gardeners, and GPS check-in location (with an optional arrival photo) when a Gardener starts a job.
Banking & paymentFor Gardeners: bank account details for payouts. Card details are entered directly with our payment provider (Paystack) and are never stored by GreenHand. If you choose to save a card for faster checkout, we store only a secure token issued by Paystack — not your card number, CVV or expiry date.
Marketplace activityJob posts and photos, quotes, bookings (including recurring schedules), messages between users, reviews and ratings (Clients rate Gardeners publicly; Gardeners may rate Clients privately), work-completion photos, dispute and support-ticket information, and referral codes and reward history.
Technical & usageIP address, device and browser type, log data, and actions taken on the platform (used for security and to improve the service).

3 Special personal information

Some verification information is treated by POPIA as special personal information or otherwise carries a higher duty of care, including:

We process this information with your consent (given when you upload the documents), and because it is necessary to protect the safety of users of the platform, to verify identity in line with anti-money-laundering and identity-verification practice, and to confirm the legal right to work in South Africa. It is used only for vetting and verification — never for marketing — is visible only to our verification team, and is stored and retained as described in sections 9 and 10.

4 How we collect it

5 Why we process your information

6 Lawful basis for processing

We process your personal information where it is:

7 Who we share it with

We do not sell your personal information. We share it only as needed to run the service, with:

Operators may access personal information only as needed to deliver their service to us, strictly on our instructions, and are bound to keep it secure.

8 Cross-border transfers

Our application and database servers are located in South Africa (Johannesburg). Some Operators process limited data outside South Africa — for example, error-monitoring and email-delivery providers process technical data and email addresses on servers in the United States or Europe. Where personal information is transferred across borders, we take reasonable steps to ensure it receives a level of protection comparable to POPIA, including through the provider's contractual and security commitments (section 72 of POPIA).

9 How long we keep it

When information is no longer needed, we securely delete or de-identify it. We use soft-deletion for some records to preserve the integrity of booking and financial history; soft-deleted records are no longer visible on the platform.

10 How we protect it

No system is perfectly secure. If we become aware of a compromise of your personal information, we will notify you and the Information Regulator as required by section 22 of POPIA.

11 Your rights & account deletion

You have the right to:

Deleting your account: you can request account deletion from within the platform or by emailing our Information Officer. We will action the request within a reasonable time, retaining only what section 9 and applicable law require us to keep, and will confirm the outcome to you.

For any request we may need to verify your identity before acting on it.

12 Automated processing

We use automated processing to suggest matches (for example, showing Gardeners jobs within their chosen service radius) and to route notifications. Decisions that significantly affect you — such as approving verification documents, resolving disputes, or suspending an account — are made by a person, not solely by automated means.

13 Direct marketing

We send transactional messages (bookings, payments, verification, support) as part of operating the service — these are not marketing. We will only send you direct marketing by electronic means in line with section 69 of POPIA: where you are an existing customer and the message concerns similar services, or where you have consented. Every marketing message will include a working opt-out, and we will honour opt-outs immediately. Referral invitations are sent by you, not by us, when you choose to share your referral link.

14 Cookies, local storage & notifications

We use essential cookies and local storage to keep you signed in, keep the platform secure (session and CSRF protection), and remember basic preferences. These are necessary for the site to function. We do not use them to build advertising profiles. You can control cookies through your browser settings, but disabling essential cookies may prevent parts of the platform from working.

If you install GreenHand as an app (PWA) or enable browser push notifications, your browser stores app data locally and may receive notifications; you can revoke notification permission in your browser or device settings at any time.

15 Children's privacy

GreenHand is intended for users aged 18 and over. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us and we will delete it.

16 Contact us & complaints

GreenHand Information Officer

If you are not satisfied with how we have handled your personal information, you may lodge a complaint with:

The Information Regulator (South Africa)
Website: inforegulator.org.za
Email: enquiries@inforegulator.org.za · complaints: POPIAComplaints@inforegulator.org.za

This Privacy Policy should be read together with our Terms and Conditions, Refund & Cancellation Policy and Delivery Policy.