Building South Africa's biggest car wash network. Get the app →
Shinepass
Sign in Get the app
Legal

Privacy Policy.

How we collect, use, share and protect your personal information — in plain language, and in line with South Africa's Protection of Personal Information Act (POPIA).

Last updated: 14 May 2026

Contents

  1. Who we are
  2. What we collect
  3. How we use it
  4. Who we share it with
  5. Your POPIA rights
  6. Cookies & analytics
  7. Data security
  8. How long we keep it
  9. International transfers
  10. Children
  11. Changes to this policy
  12. Contact us

This Privacy Policy applies to the Shinepass website, mobile apps, and any related services (together, the "Service"). By using the Service you agree to this policy. If you don't agree with any part of it, please stop using the Service.

1. Who we are

Shinepass (Pty) Ltd ("Shinepass", "we", "us") is the responsible party (data controller) for the personal information described in this policy. You can reach us at support@shinepass.co.za.

2. What we collect

We only collect what we need to run the Service and improve it. The categories below cover everything.

Information you give us

  • Account information — name, email address, mobile number, and a password (stored hashed, never in plain text).
  • Vehicle information — make, model, colour, registration number, and any photos you choose to upload.
  • Payment information — your card details are handled by our PCI-compliant payment partner (Paystack). Shinepass never sees or stores your full card number or CVV.
  • Communication — anything you send us in support tickets, ratings, or feedback.

Information we collect automatically

  • Location data — your approximate or precise location when you ask the app to find nearby washes or schedule a valet pickup. You can revoke location access in your device settings at any time.
  • Usage data — bookings you make, services you tap, ratings you leave, and how you move through the app.
  • Device information — device type, operating system, app version, language, time zone, and anonymised crash logs.
  • Cookies and similar technologies — see section 6 below.

3. How we use it

We use your personal information only for the purposes set out below:

  • To provide and operate the Service — taking your booking, finding a partner wash, dispatching a valet, processing payment, sending confirmations and reminders.
  • To communicate with you — service updates, transactional emails, and (with your consent) occasional promotional emails. You can unsubscribe from marketing at any time.
  • To improve the Service — understand which features people use, fix bugs, and design new things.
  • To prevent fraud, abuse, and unsafe behaviour on the Service.
  • To meet our legal obligations — tax records, regulatory requests, court orders.

4. Who we share it with

We never sell your personal information. We share it only in the limited ways below:

  • Partner car washes — when you book a wash we share the minimum information they need to serve you: your first name, vehicle details, and the booking time.
  • Valet drivers — for valet bookings, the driver receives your name, pickup location, and vehicle details.
  • Payment processors — Paystack and any future payment partners we use, to process your card payments.
  • Service providers — cloud hosting (Google Cloud, Firebase), email delivery (Resend), analytics, and customer-support tools. Each is contractually required to handle your data securely and use it only as we instruct.
  • Legal or regulatory authorities — when we're required to by law, court order, or to protect Shinepass, our users, or the public.
  • Corporate transactions — if Shinepass is involved in a merger, acquisition, or sale of assets, your information may transfer to the new entity, subject to this policy.

5. Your POPIA rights

Under the Protection of Personal Information Act (POPIA), you have the right to:

  • Access — ask us what personal information we hold about you.
  • Correct — ask us to fix anything inaccurate or out of date.
  • Delete — ask us to delete your account and personal information (subject to retention obligations in section 8).
  • Object — object to certain processing, including direct marketing.
  • Portability — ask us to export your data in a common, machine-readable format.
  • Withdraw consent — where we rely on consent, you can withdraw it at any time.
  • Lodge a complaint — with the Information Regulator of South Africa at inforegulator.org.za.

To exercise any of these rights, email support@shinepass.co.za. We'll respond within 30 days.

6. Cookies & analytics

Our website uses a small number of cookies and similar technologies:

  • Essential cookies keep you signed in and remember your preferences. The site doesn't work without them.
  • Analytics cookies help us understand which pages and features people use, so we can make them better. Our analytics data is aggregated and doesn't identify individuals.

You can clear or block cookies in your browser settings — note that the Service may not work properly without essential cookies.

7. Data security

We take reasonable, industry-standard steps to protect your personal information, including:

  • Encryption of data in transit (HTTPS/TLS) and at rest.
  • Role-based access controls — only the Shinepass staff who need access have it.
  • Regular security reviews and dependency updates.
  • Background-checked valet drivers and a chain-of-custody audit log on every valet booking.

No system is perfectly secure. If we ever experience a security incident affecting your personal information, we'll tell you and the Information Regulator as required by POPIA.

8. How long we keep it

  • Account information — for as long as your account is active. When you delete your account, we delete the bulk of your personal information within 30 days.
  • Booking and payment records — retained for five (5) years after the transaction, as required by South African tax law.
  • Support communications — typically retained for two (2) years.
  • Backups — automatically expire within 90 days.

9. International transfers

Some of our service providers (for example, email delivery, error tracking, and cloud hosting) are based outside South Africa. Where personal information is transferred internationally, we rely on Standard Contractual Clauses and other POPIA-compliant safeguards to ensure your information is protected to the same standard.

10. Children

The Service is intended for users aged 18 and over. We don't knowingly collect personal information from children under 18. If you believe a child has provided us with personal information, please email support@shinepass.co.za and we'll delete it.

11. Changes to this policy

We may update this Privacy Policy from time to time. When we do, we'll change the "Last updated" date at the top of this page. For material changes — anything that meaningfully affects your rights — we'll notify you by email or in-app at least 14 days before the change takes effect.

12. Contact us

Questions, requests, or complaints about this policy? Email our Information Officer at support@shinepass.co.za.

Looking for our Terms of Service?