1. Introduction

Kryohm Metering Platform ("we", "us", "our") is committed to protecting your personal information and your right to privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our prepaid utility metering platform.

This policy complies with the Protection of Personal Information Act 4 of 2013 (POPIA) and applies to all users in South Africa.

2. Information We Collect

2.1 Personal Information You Provide

When you register and use our platform, we collect:

• Account Information: Email address, first name, last name, password (encrypted)
• Contact Information: Phone number (optional), physical address (optional)
• Meter Information: Meter numbers you claim, friendly meter names
• Payment Information: Transaction amounts, units purchased, payment status (processed by Paystack)

2.2 Information Automatically Collected

• Usage Data: Login attempts, last login date, account activity
• Technical Data: IP address, browser type, device information
• Transaction Records: Credit purchase history, tokens generated, delivery status

2.3 Vendor Information (If Applicable)

For vendor accounts, we additionally collect:

• Business name, registration number, tax number
• Business contact details, physical address
• Payment split preferences

3. How We Use Your Information

We use your personal information to:

• Provide Services: Process credit purchases, generate prepaid tokens, manage meter access
• Account Management: Create and maintain your account, verify your email, authenticate logins
• Payment Processing: Process payments via Paystack, track transaction status, issue receipts
• Communication: Send transactional emails (tokens, receipts, account notifications)
• Security: Detect fraud, prevent unauthorized access, protect against abuse
• Legal Compliance: Comply with legal obligations, tax requirements, and dispute resolution
• Service Improvement: Analyze usage patterns, improve platform functionality

4. Legal Basis for Processing (POPIA)

We process your personal information based on:

• Consent: You have given explicit consent for us to process your information
• Contractual Necessity: Processing is necessary to provide the services you requested
• Legal Obligation: We must process data to comply with tax, accounting, and legal requirements
• Legitimate Interests: Fraud prevention, security, and service improvement

5. How We Share Your Information

5.1 Third-Party Service Providers

We share your information with trusted service providers who assist us in operating our platform:

• Paystack (Payment Gateway): Processes payments, stores transaction data. View their privacy policy at paystack.com/privacy
• Calin API (Token Generation): Generates prepaid meter tokens for your purchases
• Email Service Provider: Sends transactional emails (tokens, receipts, account notifications)

5.2 Vendors

If you claim a meter, the vendor who owns that meter can see:

• Your name and email address
• Meters you have claimed from them
• Purchase history for their meters

5.3 Legal Requirements

We may disclose your information if required by law, court order, or government regulation, or to protect our rights, property, or safety.

6. Data Security

We implement security measures to protect your personal information:

• Encryption: HTTPS/TLS encryption for all data in transit
• Password Security: Passwords hashed using industry-standard algorithms (PBKDF2)
• Access Controls: Role-based access, authentication required for all actions
• Audit Logging: All account changes and access tracked for security monitoring
• Brute Force Protection: Account lockout after 5 failed login attempts

However, no method of transmission over the Internet is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.

7. Data Retention

We retain your personal information for as long as necessary to provide services and comply with legal obligations:

• Active Accounts: Retained while your account is active
• Deleted Accounts: Personal data removed within 90 days of account deletion
• Payment Records: Retained for 7 years for tax and accounting purposes
• Purchase History: Retained for 7 years for audit and dispute resolution
• Login Records: Deleted after 90 days

8. Your Rights Under POPIA

You have the following rights regarding your personal information:

9. Children's Privacy

Our platform is not intended for individuals under the age of 18. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately.

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by email or through a notice on our platform. Your continued use of the platform after changes constitutes acceptance of the updated policy.

11. Contact Us

If you have questions about this Privacy Policy or wish to exercise your rights, please contact us: