Privacy Policy

How we honour the trust you place in us.

Home / Privacy Policy

Last updated: 8 April 2026

1. Introduction

MrMoyo ("we", "us", "our") operates MrMoyo.com (the "Site"). This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you use our Site, in compliance with the Protection of Personal Information Act 4 of 2013 (POPIA) of South Africa.

2. Information We Collect

2.1 Information You Provide

  • Account registration: Name, email address, and password when you create an account
  • Contact form: Name, email address, and message content when you submit the contact form
  • Booking details: Name, email address, phone number, and any notes you provide when booking a coaching session
  • Newsletter: Email address when you subscribe to our newsletter
  • Partnership enquiries: Name, email, organisation, and message when expressing interest in partnerships
  • Question responses: Reflections you write in response to philosophical questions (both private and anonymous community submissions)
  • Profile information: Optional biographical information you add to your user profile

2.2 AI Interaction Data

When you use our AI-powered features (The Mirror, Stone Age Test), we collect:

  • Conversation content: Messages you send and AI responses, stored to enable conversation history and continuity
  • Stone Age Test answers: Your responses to the three test prompts and the AI-generated reflection
  • Usage metrics: Token counts, session counts, and feature usage for managing access tiers

For logged-in users, AI conversations are associated with your account. For guests, conversations are linked to your browser session and are not permanently stored.

2.3 Information Collected Automatically

  • Log data: IP address, browser type, operating system, referring URL, pages visited, and timestamps
  • Session data: Laravel session identifiers used to maintain your browsing session
  • Cookies: Essential cookies required for site functionality (session management, CSRF protection). We do not use tracking or advertising cookies.

3. How We Use Your Information

We use your personal information for the following purposes:

  • Providing services: Delivering coaching sessions, managing bookings, facilitating AI interactions, and maintaining your account
  • Communication: Responding to your enquiries, sending booking confirmations, and delivering newsletters you have subscribed to
  • Improvement: Understanding how the Site is used to improve content, features, and user experience
  • Security: Protecting the Site and its users from abuse, including rate limiting and spam prevention
  • Legal compliance: Meeting our obligations under applicable South African law

4. AI Data Processing

Your AI interactions are processed as follows:

  • Messages are sent to third-party AI providers (such as Anthropic, OpenAI, Google, or locally-hosted models) to generate responses
  • We select AI providers based on quality, cost, and privacy considerations; the specific provider may vary by feature
  • AI providers process your messages according to their own privacy policies and data processing agreements
  • We do not use your conversation content to train AI models
  • You may delete your conversation history at any time from your user dashboard

5. Payment Processing

Payments for coaching sessions are processed by PayFast, a PCI-DSS compliant South African payment gateway. When you make a payment:

  • You are redirected to PayFast's secure payment page
  • We do not receive, process, or store your credit card or bank details
  • PayFast processes your payment in accordance with their own privacy policy
  • We receive only a confirmation of payment status from PayFast

6. Data Sharing

We do not sell, rent, or trade your personal information. We share data only in the following circumstances:

  • AI providers: Conversation content is shared with the configured AI provider to generate responses (see Section 4)
  • Payment processor: Booking details are shared with PayFast to process payments
  • Legal requirements: When required by South African law, court order, or governmental authority
  • Service providers: Hosting and email delivery services that process data on our behalf under contractual obligations

7. Data Retention

  • Account data: Retained for as long as your account is active. You may request account deletion at any time.
  • Conversations: Retained until you delete them, or until your account is deleted
  • Guest session data: Automatically expires when your browser session ends
  • Contact submissions: Retained for 12 months, then archived or deleted
  • Booking records: Retained for 5 years for accounting and legal purposes
  • Newsletter subscriptions: Retained until you unsubscribe

8. Data Security

We implement appropriate technical and organisational measures to protect your personal information, including:

  • Encryption of sensitive data (API keys, passwords) at rest
  • HTTPS encryption for all data in transit
  • Access controls limiting who can view personal data
  • Regular security reviews of our codebase and infrastructure

No system is completely secure. While we take reasonable precautions, we cannot guarantee absolute security of your data.

9. Your Rights Under POPIA

Under the Protection of Personal Information Act (POPIA), you have the right to:

  • Access: Request a copy of the personal information we hold about you
  • Correction: Request that inaccurate or incomplete information be corrected
  • Deletion: Request that your personal information be deleted (subject to legal retention requirements)
  • Objection: Object to the processing of your personal information for direct marketing
  • Data portability: Request your data in a structured, machine-readable format
  • Withdrawal of consent: Withdraw consent where processing is based on consent
  • Complaint: Lodge a complaint with the Information Regulator of South Africa

To exercise any of these rights, contact us using the details in Section 12.

10. Children's Privacy

The Site is not intended for children under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have collected data from a child, we will take steps to delete it promptly.

11. Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated "Last updated" date. We encourage you to review this policy periodically.

12. Contact and Information Officer

For privacy-related enquiries or to exercise your rights under POPIA:

You may also contact the Information Regulator of South Africa:

?

"The cave you fear to enter holds the treasure you seek."

A question for you...
Loading...