Data Privacy
Policy.
1. Google User Data
When you sign in with Google, we access your name, email address, and profile picture. This data is used exclusively to:
2. Data We Collect
We collect only what is necessary to operate the platform:
3. Third-Party Services
AirUpsell uses the following third-party services to operate the platform. Each has its own privacy policy:
Supabase
Database & authentication infrastructure (servers in EU)
PayFast
Payment processing — PCI-DSS compliant, South African processor
ZeptoMail
Transactional email delivery (order confirmations, door codes)
Twilio
SMS OTP verification for phone-based login
Vapi
AI voice concierge — call recordings are not retained
Google (Gemini / Maps)
AI recommendations and location enrichment
Foursquare
Merchant discovery and venue data enrichment
Mapbox / LocationIQ
Map rendering and address geocoding
Upstash
Rate limiting — stores anonymised IP hashes, auto-expiring
Sentry
Error monitoring — may capture anonymised stack traces
4. AI & Location Services
To provide hyper-local recommendations, we process your real-time location within your browser session. Location data is used exclusively to rank and surface nearby merchants and is never written to our database. Our AI Concierge (Gigi) processes chat messages to generate recommendations. These conversations are not used to train AI models and are retained only for the duration of your session unless an order is placed.
5. Payment Security
AirUpsell does not store credit card numbers or CVV codes on our infrastructure. All card data is handled exclusively by PayFast, which is PCI-DSS Level 1 compliant. Merchant banking details submitted for payout purposes are encrypted at rest using 256-bit AES encryption and are accessible only to authorised AirUpsell administrators.
6. Cookies & Tracking
We use the following categories of cookies:
Essential
Required for the platform to function — authentication sessions, cart state. These cannot be declined.
Analytics
Used to understand how users interact with the platform (e.g., PostHog). Only activated if you accept cookies via our consent banner.
You can change your cookie preferences at any time by clearing your browser's local storage for airupsell.com.
7. Data Retention
8. Your Rights (POPIA & GDPR)
Under the Protection of Personal Information Act (POPIA) and the General Data Protection Regulation (GDPR), you have the following rights:
Access
Request a copy of all personal data we hold about you
Correction
Request correction of inaccurate or incomplete data
Deletion
Request permanent erasure of your data (subject to legal retention requirements)
Objection
Object to processing of your data for direct marketing
Portability
Request your data in a structured, machine-readable format
Complaint
Lodge a complaint with the Information Regulator of South Africa
Data Deletion Protocol
To permanently delete your profile, order history, concierge chat logs, and all associated records, email hello@airupsell.com with the subject line "DELETION REQUEST" and your registered email address. Requests are processed within 48 hours. Note: order records required for financial compliance (7 years) will be anonymised rather than deleted.
10. Contact & Information Officer
AirUpsell's designated Information Officer (as required by POPIA) can be contacted at hello@airupsell.com. For urgent data breaches or security concerns, please use the subject line "DATA BREACH" for priority handling.