1. Who We Are

Buurt is a community enrichment platform that connects residents with their community management. We act as the responsible party under the Protection of Personal Information Act (POPIA) for all data processed through this platform.

2. What Information We Collect

• ✓Name and surname
• ✓Email address and phone number
• ✓Unit/property number and community affiliation
• ✓Device push notification token
• ✓Location data (only when submitting maintenance issues)
• ✓Photos (only when submitting maintenance issues)
• ✓Chat messages within community channels
• ✓Facility booking history and issue reports
• ✓Consent records including timestamp and version

3. Why We Collect It

• →Provide community management services
• →Send relevant community notifications
• →Enable facility booking and maintenance reporting
• →Enable communication between residents and trustees
• →Comply with our legal obligations under POPIA

We do not use personal information for marketing, profiling, or any purpose beyond community management.

4. Who Sees Your Information

• ✓Community trustees and administrators can see resident names, unit numbers, and issue reports
• ✓Other residents can see your name in community chat channels
• ✓We do not sell, rent, or share personal information with any third party

Our technical sub-processors (Supabase for data storage, Expo for push notifications, Vercel for web hosting) process data on our behalf under their respective data processing agreements.

5. Data Retention

6. Your Rights Under POPIA (Section 5)

7. Security Measures

We implement appropriate technical and organisational measures to protect your personal information, including encrypted data transmission (TLS), role-based access controls, secure cloud infrastructure, and regular security reviews. In the event of a data breach, we will notify the Information Regulator and affected data subjects as required by POPIA.

8. Cross-Border Data Transfers

Your personal information is processed and stored on infrastructure hosted in Dublin, Ireland (European Union) via Supabase running on Amazon Web Services (AWS EU West). This means your data leaves South Africa for storage and processing.

We rely on POPIA Section 72(1)(a) for this transfer: Ireland and the wider European Union are bound by the General Data Protection Regulation (GDPR), which provides a level of personal information protection that is substantially similar to or stronger than POPIA, and the EU is recognised as having "adequate" data protection law for this purpose.

Sub-processor locations:

For US-based sub-processors, we rely on standard contractual clauses and the EU-US Data Privacy Framework where applicable. None of the sub-processors listed above use your data to train AI models or for their own marketing. By creating a Buurt account and continuing to use the service, you consent to these cross-border transfers. If you do not consent, please do not use the service.

9. AI Assistant (Ask Buurt)

The Buurt app includes an AI assistant ("Ask [Estate]") that answers resident questions about your community. When this feature is used, the following information is sent to AI sub-processors:

• →The resident's questions and conversation history
• →Relevant estate data retrieved to answer the question (notices, facility information, estate documents such as house rules and policies)
• →Voice audio (only when the microphone is used), transcribed before further processing

The following information is never sent to AI processors: personal profiles (name, email, phone number, address), other residents' personal information, or any financial information.

Neither Anthropic nor OpenAI use API data to train their models by default. Both operate under standard data processing agreements. The AI can only access data scoped to the resident's specific estate, and for bookings and maintenance issues, only that resident's own records.