Privacy Policy
Last updated: April 2026
1. Introduction
TruScan Systems (Pty) Ltd (“TruScan”, “we”, “us”, or “our”) is committed to protecting your privacy and ensuring that your personal information is handled in accordance with the Protection of Personal Information Act 4 of 2013 (POPIA) and other applicable South African legislation.
This Privacy Policy explains how we collect, use, store, and protect your personal information when you use our website (truscan.co.za), partner portal (partners.truscan.co.za), and the TruScan WhatsApp referral marketplace — a platform connecting partners who promote digital products via QR codes with merchants who sell those products on WhatsApp.
2. Information We Collect
We may collect the following types of personal information:
Partner Information: Name, WhatsApp number, email address, and ID or business details when you apply to become a TruScan partner. Once approved, we also collect scan activity, referral performance, commission earnings, and your Big 5 tier progression within the programme.
Merchant Information: Business name, contact name, email, WhatsApp number, product category, product descriptions, and website or store links when you apply to list products on the TruScan marketplace.
WhatsApp Interaction Data: When you interact with TruScan via WhatsApp (as a partner, merchant, or customer), we collect your WhatsApp phone number and message content for the purpose of providing the service. This data is processed through Meta's Cloud API and managed by our automation systems.
Device & Scan Data: IP address, device fingerprint, browser type, and approximate geographic location when you scan a partner QR code or access our referral links. This is collected to track referrals and prevent fraudulent scan activity.
Lead Information: Name, email, and phone number if you submit an enquiry form on our website.
3. How We Use Your Information
We use your personal information for the following purposes:
To operate the TruScan WhatsApp referral marketplace; to manage the partner programme including tracking QR scans, calculating commissions (10% of each sale), awarding Big 5 milestone bonuses, and crediting partner wallets; to review and approve merchant product listings; to deliver WhatsApp-based commerce flows (product browsing, selection, and purchase) through our automation systems; to send merchants relevant communications and onboarding sequences via Brevo; to detect and prevent fraudulent scan activity; and to comply with legal obligations under South African law.
4. Legal Basis for Processing
We process your personal information on one or more of the following grounds under POPIA: your consent (e.g. when you submit an application form); the performance of a contract with you (e.g. operating your partner or merchant account); compliance with a legal obligation; or our legitimate business interests, provided these do not override your rights.
5. Data Sharing
We do not sell your personal information. We may share your information with trusted service providers who assist us in operating our platform, including:
- Supabase — secure database hosting and storage
- Vercel — website and API hosting
- Meta (WhatsApp Cloud API) — WhatsApp messaging and commerce flows
- n8n — workflow automation connecting our systems
- Brevo — email communications and merchant nurturing sequences
All service providers are bound by appropriate data processing agreements and are required to handle your information securely and only for the purposes we specify.
6. Data Security
We implement appropriate technical and organisational measures to protect your personal information against unauthorised access, alteration, disclosure, or destruction. These measures include encryption of data in transit and at rest, row-level security on our database, device fingerprinting for fraud prevention, and regular security reviews.
7. Data Retention
We retain your personal information only for as long as necessary to fulfil the purposes for which it was collected, or as required by law. Partner and merchant account data is retained for the duration of your participation and for a reasonable period thereafter for audit and legal purposes. WhatsApp message data is retained only as long as needed to fulfil the relevant transaction or interaction.
8. Your Rights
Under POPIA, you have the right to: request access to the personal information we hold about you; request correction of inaccurate information; request deletion of your personal information (subject to legal obligations); object to the processing of your information; and withdraw consent where processing is based on consent.
To exercise any of these rights, please contact us at hello@truscan.co.za.
9. Cookies
Our website may use essential cookies to ensure proper functionality. We do not use tracking cookies or third-party advertising cookies.
10. Changes to This Policy
We may update this Privacy Policy from time to time. Any changes will be posted on this page with an updated revision date. We encourage you to review this policy periodically.
11. Contact Us
If you have questions about this Privacy Policy or wish to exercise your rights, contact us at: