1. Introduction
This Privacy Policy explains how TouchBasePro (Pty) Ltd, a company registered in South Africa, trading as Testicly("we", "us", or "Company"), collects, uses, stores, and protects your personal information when you use the Testicly platform at testicly.com and all related services (the "Service").
We are committed to protecting your privacy and complying with the Protection of Personal Information Act, 2013 (POPIA) of South Africa, the General Data Protection Regulation (GDPR) for users in the European Economic Area, and other applicable data protection laws.
2. Information We Collect
2.1 Information You Provide
- Account information: name, email address, company name, mobile number, and password when you register
- Contact details: name, email, company, and mobile number provided to unlock full reports (gated content)
- Payment information: billing details processed by our third-party payment providers (PayPal, credit card processor). We do not store full payment card numbers on our servers.
- Message content: emails, WhatsApp messages, SMS messages, and RCS messages you submit for analysis
- Marketing consent: your preferences regarding marketing communications
2.2 Information Collected Automatically
- Device and browser information: IP address, browser type, operating system, device type, and screen resolution
- Usage data: pages visited, features used, timestamps, and interaction patterns
- Cookies and similar technologies: session cookies for authentication and analytics cookies for Service improvement (see Section 8)
2.3 Information from Third Parties
- SSO providers: if you sign in via Apple, Google, or Microsoft, we receive your name and email address from the identity provider
- DNS and blacklist services: publicly available information about sending domains and IP addresses used in your messages
3. How We Use Your Information
We use your information to:
- Provide, maintain, and improve the Service
- Analyse submitted messages and generate reports
- Process payments and manage your account
- Send transactional communications (report delivery, account notifications)
- Send marketing communications (only with your explicit consent, which you can withdraw at any time)
- Enforce our Terms of Service and prevent fraud or abuse
- Comply with legal obligations
- Generate aggregated, anonymised analytics to improve the Service
4. Message Content Processing
When you submit a message for analysis, we process it as follows:
- Messages are processed in real-time to generate your analysis report
- Message content is sent to our AI provider (Azure AI Foundry) for content analysis — subject to Microsoft's data processing agreements
- Email headers and metadata are inspected for technical deliverability checks (SPF, DKIM, DMARC, blacklist lookups)
- Generated reports are stored for your future access and are retained for 12 months from the date of creation
- Raw message content is deleted within 30 days of analysis completion
5. Legal Basis for Processing
We process your personal information on the following legal bases:
- Contract performance: processing necessary to provide the Service you requested
- Consent: where you have given explicit consent (e.g., marketing communications, contact details for gated reports)
- Legitimate interest: Service improvement, fraud prevention, and security
- Legal obligation: compliance with applicable laws and regulations
6. Data Sharing and Third Parties
We do not sell your personal information. We may share your data with:
- Cloud infrastructure providers: Microsoft Azure (hosting, AI processing, database) — data processed in South Africa North region
- Payment processors: PayPal and credit card providers for payment processing
- Accounting services: Xero for invoice and payment management
- DNS and blacklist services: for technical deliverability checks (only sending IP and domain information is shared)
- Your tenant administrator: if you access the Service through a white-label tenant, your tenant administrator may have access to usage data and reports within their organisation
- Law enforcement: when required by law, court order, or to protect our legal rights
7. Data Retention
| Data Type | Retention Period |
|---|---|
| Account information | Duration of account + 12 months after deletion |
| Analysis reports | 12 months from creation |
| Raw message content | 30 days from analysis completion |
| Payment records | 7 years (legal/tax requirement) |
| Usage analytics | 24 months (anonymised) |
| Server logs | 90 days |
8. Cookies
We use the following types of cookies:
- Essential cookies: required for authentication, session management, and security. These cannot be disabled.
- Analytics cookies: help us understand how the Service is used to improve functionality and user experience. These can be disabled via your browser settings.
We do not use third-party advertising or tracking cookies.
9. Data Security
We implement appropriate technical and organisational measures to protect your personal information, including:
- Encryption in transit (TLS/HTTPS) and at rest
- Secrets managed via Azure Key Vault
- Role-based access controls
- Regular security assessments and code scanning (CodeQL, dependency review)
- Multi-tenant data isolation with tenant-scoped database queries
- Virtual network isolation for infrastructure components
While we take reasonable measures to protect your data, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security.
10. Your Rights
Depending on your jurisdiction, you may have the following rights regarding your personal information:
- Access: request a copy of the personal data we hold about you
- Correction: request correction of inaccurate or incomplete data
- Deletion: request deletion of your personal data (subject to legal retention requirements)
- Portability: receive your data in a structured, machine-readable format
- Objection: object to processing based on legitimate interest
- Withdraw consent: withdraw consent for marketing communications at any time
- Restriction: request restriction of processing in certain circumstances
To exercise any of these rights, please contact us at privacy@touchbasepro.com. We will respond within 30 days.
South African Users (POPIA)
If you are a South African resident, you have additional rights under POPIA, including the right to lodge a complaint with the Information Regulator at www.justice.gov.za/inforeg.
European Users (GDPR)
If you are in the European Economic Area, we process your data in accordance with the GDPR. Data may be transferred to South Africa, which we protect through appropriate safeguards including standard contractual clauses.
11. Children's Privacy
The Service is not intended for children under 18 years of age. We do not knowingly collect personal information from children. If we become aware that we have collected data from a child, we will take steps to delete it promptly.
12. International Data Transfers
Your data is primarily processed in Microsoft Azure's South Africa North region. Some processing (e.g., AI analysis, DNS lookups) may involve data transfer to other regions. We ensure appropriate safeguards are in place for all international transfers, including:
- Standard contractual clauses
- Data processing agreements with all sub-processors
- Compliance with applicable cross-border data transfer regulations
13. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on the Service and updating the "Last updated" date. Your continued use of the Service after changes constitutes acceptance of the revised policy.
14. Contact Us
If you have any questions about this Privacy Policy or our data practices, please contact us:
- Privacy enquiries: privacy@touchbasepro.com
- General support: support@touchbasepro.com
- Website: www.touchbasepro.com
- Offices: Johannesburg (Hyde Park) & Cape Town (Century City), South Africa
By using Testicly, you acknowledge that you have read and understood this Privacy Policy and agree to the collection and use of your information as described herein. For questions about how we handle your data in the context of our Service, please also review our Terms of Service.