Important role distinction. BuildZero is the responsible party for information used to run accounts and the platform. For personal information submitted through a client’s published quote form, the client business generally determines why the information is collected and is the responsible party; BuildZero processes and stores it as an operator on that client’s behalf.

1. Who we are

BuildZero is a website-building and hosting service operated by Ruan Groenewald trading as Build0. Registration number: Not applicable – sole proprietor. Physical address: 145 5th Avenue, Belmont Park, Kraaifontein, Cape town, 7570. Privacy contact: legal@build0.co.za. Information Officer: Ruan Groenewald.

“BuildZero”, “we”, “us” and “our” refer to the operator above. “Client” refers to a business using the editor. “Visitor” refers to a person viewing BuildZero or a client website.

2. Information we process

Account information, including name, business name, email address, authentication records and organisation membership.
Website information supplied by clients, including business details, service areas, contact information, text, logos and project images.
Lead and quote information supplied by visitors, including name, email, phone number, requested service, message, contact preference, budget or timing information, project answers and optional job photographs.
Lead-management information added by the client, including pipeline status, private notes and follow-up dates.
Notification delivery records, including recipient, channel, provider status and errors. Email and WhatsApp providers process delivery data under their own terms.
Privacy-conscious analytics, including page views, WhatsApp clicks, dates and a salted one-way hash derived from a random first-party identifier. We do not deliberately store visitor IP addresses in the analytics tables or use browser fingerprinting.
Technical, security and operational logs generated by our hosting, authentication, database and storage providers.
Support communications and, once billing is introduced, transaction and payment-administration information. Complete card details should be handled by the payment provider rather than BuildZero.

3. How information is collected

We receive information directly when an account is created, a website is edited, media is uploaded, support is requested or a visitor submits a quote form. We also receive limited technical information automatically from browsers, security systems and infrastructure providers.

4. Why we process information

We process information only where there is a lawful justification, including performing our agreement with a client, taking requested steps before an agreement, complying with law, protecting legitimate business and security interests, or acting with consent where consent is appropriate.

Provide authentication, website editing, hosting, publishing, lead storage and support.
Secure accounts, prevent misuse, investigate faults and maintain reliable services.
Measure basic website activity where the visitor permits anonymous analytics.
Communicate service, security and account information.
Meet tax, accounting, regulatory, dispute and legal obligations.
Improve BuildZero using aggregated or de-identified information.

5. Client quote forms and POPIA responsibilities

A client is responsible for ensuring its collection and use of visitor enquiries complies with the Protection of Personal Information Act, 4 of 2013 (“POPIA”), including giving an appropriate notice, limiting use to legitimate business purposes, keeping information secure, respecting data-subject requests and deleting information when it is no longer needed.

BuildZero processes leads for the client to provide the contracted service. We do not sell lead information. We may access it only as needed to operate, secure, support or comply with law. Clients must not use BuildZero to collect special personal information or children’s information unless they have established a lawful, appropriate process with us in writing.

6. Cookies and analytics choices

BuildZero uses essential authentication cookies for logged-in clients. Published client websites ask visitors whether they permit anonymous analytics. If allowed, we place an HTTP-only bz_visitor random identifier cookie for up to 12 months and use session storage to avoid duplicate page-view events during one page session. The random value is salted and hashed before analytics records are stored.

Selecting “Only essential” prevents analytics recording and asks the server to remove the analytics identifier cookie. The consent choice is stored locally for up to 12 months. Browser settings can also clear stored choices and cookies.

7. Sharing and service providers

We disclose information only as reasonably necessary to infrastructure, authentication, database, storage, hosting, email, monitoring, support and professional-service providers; to a client entitled to receive its own leads; during a lawful business reorganisation; or when law, court process, safety or rights protection requires it.

Current core infrastructure includes Supabase for authentication, database and storage, and Netlify for application hosting. Providers process information under their own contractual and security frameworks.

8. Cross-border processing

Some service providers or backups may process information outside South Africa. Where POPIA section 72 applies, we will use recipients subject to laws, binding corporate rules, agreements or other safeguards providing an adequate level of protection, or another permitted basis.

9. Retention

Analytics visitor hashes and daily analytics aggregates are automatically deleted after approximately 90 days.
The browser analytics consent choice and identifier may remain for up to 12 months unless cleared earlier.
Account, website, media and lead information is kept while the service is active and afterwards only for a reasonable closure, backup, dispute, fraud-prevention or legal-compliance period.
Clients should archive or delete leads they no longer need. After termination, BuildZero may delete client content following a reasonable retrieval period, subject to legal holds and backup cycles.

10. Security

We use access controls, tenant-level database policies, private object storage, server-side secrets, encrypted transport, authentication controls and operational safeguards appropriate to the service. No internet system is perfectly secure. Clients must protect their credentials and promptly report suspected compromise.

If a security compromise creates a POPIA notification duty, the responsible party and operator will cooperate and notifications will be handled as required by applicable law.

11. Your rights

Subject to POPIA and other applicable law, a data subject may request confirmation of processing, access to personal information, correction or deletion, object to certain processing, withdraw consent where processing depends on consent, and complain to the Information Regulator. We may need to verify identity and may retain information where law permits or requires it.

Requests relating to a quote submitted to a client should ordinarily be sent to that client first. Platform-related requests may be sent to legal@build0.co.za.

12. Children

BuildZero is intended for adults and business users. It is not designed to knowingly collect personal information from children through client websites. Contact us if such information appears to have been submitted improperly.

13. Complaints and regulator

Please contact us first at legal@build0.co.za so we can investigate. A person may also contact South Africa’s Information Regulator using the current details published at inforegulator.org.za.

14. Changes

We may update this policy when the service, suppliers or law changes. Material changes will be communicated through the service or by email where reasonably practicable. The date above identifies the current version.