1. Introduction
Welcome to the Privacy Policy for Maverick & Max (the "Service", "we", "us", or "our"), a registered South African property services business. We are committed to protecting and respecting your privacy while handling your personal information.
This Privacy Policy explains how we collect, process, secure, and disclose your personal information in accordance with the Protection of Personal Information Act, No. 4 of 2013 ("POPIA"). This policy applies to our client service portals, accompanying mobile software, and all property management applications.
2. Information We Collect
We limit the collection of personal information to what is strictly necessary to register your account, manage your properties, and deliver our Service. We collect:
Contact Information
Your full name, email address, and mobile phone number.
Account Credentials
Your username and encrypted password used to secure your access to our portals.
We do not collect sensitive personal information (such as racial origin, health status, political opinions, or religious beliefs) unless required by law.
3. Purpose of Processing
In compliance with Condition 3 of POPIA (Purpose Specification), your personal information is processed solely for the following lawful reasons:
- Account Provision: To create, manage, and authenticate your user account for the Maverick & Max platform and mobile app.
- Property Operations: To deliver rental management, commercial property management, and sectional title administrative features.
- Communication: To send service updates, rent notifications, body corporate notices, and direct support responses.
- Compliance: To satisfy tax, accounting, or statutory legal obligations in South Africa, including Estate Agency Affairs Board requirements.
4. Storage & Firebase
All user profiles, authorization metadata, and portal records are securely stored using Firebase Cloud Firestore, a cloud database service provided by Google.
Firebase host servers are located globally. By registering for our Service, you acknowledge and consent to the transfer of your data outside of South Africa. We ensure that Google Firestore implements security compliance equivalent to or exceeding POPIA requirements, specifically matching international GDPR standards.
5. Technical Security
To comply with Condition 7 of POPIA (Security Safeguards), we implement robust technical and organizational measures to prevent unauthorized access, loss, or alteration:
Data Encryption
All data is encrypted in transit using TLS 1.3 and at rest using AES-256 bit encryption via Firebase Firestore.
Strict Security Rules
We configure server-side Firebase Security Rules to ensure users can only read and write their own authenticated data records.
Access Monitoring
System administrators only have access to records on a strict need-to-know basis, and credentials are protected by Multi-Factor Authentication (MFA).
6. Your POPIA Rights
As a data subject in South Africa, you possess statutory rights regarding how we handle your personal information. You can exercise these rights at any time:
7. Information Officer Details
If you have questions, wish to exercise any of your POPIA rights, or submit a complaint regarding how your personal information is handled, please contact our appointed Information Officer:
If you feel we have not resolved your concern adequately, you have the right to lodge a complaint with the South African Information Regulator:
Website: https://inforegulator.org.za/
Email: POPIAComplaints@inforegulator.org.za