Last updated: 25 May 2026

Privacy Policy

This policy explains how Johannes AM Basson, sole proprietor trading as SlimSirkel ("SlimSirkel", "we", "us", "our") collects, uses, shares and protects personal information when you use our website (slimsirkel.co.za) and the SlimSirkel quiz application (together, the "Platform").

By creating an account, paying for a subscription, or letting your child use the Platform, you agree to this policy. If you do not agree, please do not use the Platform.

We process personal information in line with the Protection of Personal Information Act, 2013 ("POPIA"). Johannes AM Basson is the responsible party and, as the head of a private body, the Information Officer.

On this page

What we mean by personal information
How we collect personal information
What personal information we process
Why we process personal information
Children's information
Who we share personal information with
Where personal information is processed
How we keep personal information safe
Your rights
Cookies and similar technologies
Direct marketing
Retention and deletion
Security breach
Links to third-party sites
Lodging a complaint
Changes to this policy
Contact us

1. What we mean by personal information

"Personal information" has the meaning set out in POPIA. In short, it is any information that identifies, or could be used to identify, a living person — for example a name, email address, school, or quiz score linked to a username.

Where this policy refers to a "child", we mean any natural person under 18 years of age, in line with POPIA's definition.

2. How we collect personal information

We collect personal information in four ways:

Directly from you — when you sign up as a parent, choose a username and password for your child, fill in school or class details, accept the terms, send us an email, or report an issue with a question.
Automatically when you use the Platform — your browser and device send us technical information each time you load a page or submit an answer (see Section 3).
From third-party identity providers — if you sign in using Google, Google sends us your name, email address, profile picture and the fact that the email is verified.
From our payment provider — when a subscription is paid for, PayFast tells us whether the payment succeeded, the amount, and a reference number. PayFast does not share your card or banking details with us.

3. What personal information we process

We deliberately keep the data set small. We process only what we need to give your child a working quiz experience.

About the parent / account holder

Email address
Display name (only if you sign in with Google)
Language preference (Afrikaans or English)
Whether you have accepted our terms of use
Sign-in timestamps and the authentication provider you used (email or Google)
Subscription status, amounts paid, and a payment reference (no card data)

About the child / learner

A parent-chosen username (we encourage parents to avoid real names)
A parent-chosen password (stored as a salted hash by Supabase Auth — we cannot read it)
Grade
School (chosen from a list)
Province
Class (e.g. "4A1")
Language preference
Quiz answers, scores, time spent, and activity history
An audit trail of changes a parent or admin makes to the seat (school, province, class, language, password)

Technical information collected automatically

IP address and approximate region
Browser type, operating system, device type
Pages visited, referring URL, timestamps
Crash and error reports (sent to our error-tracking provider — see Section 6)

We do not intentionally collect identity numbers, passport numbers, biometric data, health information, or any other special personal information.

4. Why we process personal information

We process personal information for the following purposes, each of which is grounded in a lawful ground under POPIA:

To create and run accounts — so a parent can sign in and assign seats to their children.
To deliver the quiz experience — serving age-appropriate questions, marking answers, tracking progress.
To process payments and manage subscriptions — including renewals, cancellations and refunds.
To provide support — answering questions you send us, investigating reported quiz issues.
To keep the Platform secure and stable — detecting abuse, debugging crashes, recovering accounts.
To improve the Platform — looking at aggregate quiz performance to find weak questions or curriculum gaps. We do not use individual learner data for marketing.
To comply with the law — keeping records that POPIA, tax law, or consumer protection law require us to keep.
To send essential service messages — for example confirming a payment or notifying you of a security incident. These are not marketing.

We rely on parental consent as our lawful ground for processing children's personal information (POPIA s. 35).

5. Children's information

SlimSirkel is built for school children in Grades 2 to 4. The Platform is designed to be used by a child only after a parent or guardian has set up an account.

What this means in practice:

A child cannot create their own account. Only a parent or guardian who has signed in can create a "kid seat".
The parent chooses the child's username and password. We strongly encourage parents to use a nickname, not the child's real first name and surname.
Sensitive fields (school, province, class) can only be changed once every 30 days, to limit casual data churn and reduce the risk of a child's profile being moved to a stranger's school. An admin can lift this lock if a parent contacts us with a legitimate reason.
Leaderboards, where shown, display the chosen username and a quiz score — never the child's real name, school address, or any contact detail.
A parent can delete a child's seat — and all linked quiz data — from their parent dashboard at any time.

We do not show third-party advertising to children. We do not profile children for advertising or for any purpose unrelated to running the quiz.

If you believe a child's information has been added to the Platform without proper parental consent, please email us at the address in Section 17 and we will remove it.

We do not sell personal information. We share it only with the operators we need to run the Platform, and only the minimum required for them to do their job:

Operator	What they do	What they receive
Supabase	Hosts the database, authentication, file storage, and serverless functions.	All Platform data, encrypted in transit and at rest.
PayFast	Processes subscription payments on our behalf.	Parent name, email, payment amount, our internal payment reference.
Google (OAuth)	Authenticates parents who choose "Sign in with Google".	The parent's Google email, on each sign-in.
Sentry	Receives anonymised error and crash reports so we can fix bugs.	Browser type, error stack trace, the URL where the error occurred. We do not send quiz answers or personal identifiers to Sentry.
Netlify	Hosts the website and serves static assets via its global CDN.	Standard web request logs (IP, user agent, page requested).

We may also disclose personal information:

to a regulator, court, or law-enforcement body if we are legally required to;
to a professional adviser (lawyer, accountant) under a duty of confidentiality;
to a successor entity if SlimSirkel is sold or merged, on the same terms as this policy.

7. Where personal information is processed

Some of our operators store data outside South Africa (for example in the European Union or the United States). When we transfer personal information across borders, we rely on the operator's contractual undertakings to apply protection that is, on the whole, comparable to POPIA, in line with section 72 of POPIA.

8. How we keep personal information safe

We follow generally-accepted practices for a small online service, including:

Encryption in transit — all traffic to the Platform uses HTTPS.
Encryption at rest — the database and storage volumes are encrypted by our hosting provider.
Hashed passwords — kid passwords are stored as a salted hash; nobody at SlimSirkel can read them.
Least-privilege access — only the Information Officer has full administrative access.
Row-level security — parents can only read their own seats and their own children's quiz data.
Audit logging — sensitive changes (deletes, role changes, school/province/class changes) are recorded.

No system on the public internet is perfectly secure. We cannot guarantee absolute security and you use the Platform at your own risk.

9. Your rights

Under POPIA you have the right to:

ask whether we hold personal information about you, and to a copy of it;
ask us to correct or delete personal information that is inaccurate, irrelevant, excessive, out of date, misleading or unlawfully obtained;
object, on reasonable grounds, to our processing of your personal information;
object to direct marketing at any time;
withdraw a consent you have given (this does not affect lawful processing that happened before withdrawal);
complain to the Information Regulator (see Section 15).

To exercise any of these rights, email us at privacy@slimsirkel.co.za. We will respond within 30 days.

10. Cookies and similar technologies

We use a small number of cookies and browser-storage entries, all of them strictly necessary to make the Platform work:

Authentication cookies / tokens issued by Supabase, so you stay signed in between visits.
Local-storage entries that remember your language preference, the last admin tab you opened, and similar UI preferences.

We do not use third-party advertising cookies, tracking pixels, or behavioural ad networks. You can clear cookies and local storage from your browser at any time; doing so will sign you out of the Platform.

11. Direct marketing

We will only send you direct marketing about SlimSirkel features or special offers if you have given us explicit consent (for example by ticking an opt-in box). Every marketing message will include an easy way to unsubscribe. Service messages (payment receipts, password resets, security notices) are not marketing and you cannot opt out of those while you have an active account.

12. Retention and deletion

We keep personal information only for as long as we need it:

Active accounts — for as long as your account exists.
Closed accounts — quiz answers, seat data and audit logs are deleted when the account is deleted, except where we are required by law to keep records (for example tax invoices, which we keep for the period required by SARS).
Payment audit log — we keep a record of payment-related events even after the underlying account is deleted, to comply with consumer-protection and accounting rules.
Sentry error logs — automatically deleted after 90 days.

You can delete your own account from the parent dashboard. The deletion cascades to all seats, kid auth users and quiz scores attached to your account.

13. Security breach

If we become aware of a security breach that compromises your personal information and creates a real risk of harm to you, we will notify both you and the Information Regulator as soon as reasonably possible, in line with section 22 of POPIA.

14. Links to third-party sites

The Platform may contain links to third-party websites (for example, the PayFast payment page). This policy does not apply to those sites. Please read their own privacy policies before submitting any information to them.

15. Lodging a complaint

If you are unhappy with the way we have handled your personal information and we have not been able to resolve it, you can complain to:

The Information Regulator (South Africa)
JD House, 27 Stiemens Street, Braamfontein, Johannesburg, 2001
PO Box 31533, Braamfontein, Johannesburg, 2017
Email: complaints.IR@justice.gov.za
Website: inforegulator.org.za

16. Changes to this policy

We may update this policy from time to time. The "Last updated" date at the top of the page tells you when. If we make a material change, we will notify active parents by email. Continuing to use the Platform after a change means you accept the updated policy.

17. Contact us

Responsible party / Information Officer
Johannes AM Basson, sole proprietor trading as SlimSirkel
Email: privacy@slimsirkel.co.za

For all privacy queries, requests under POPIA, or to report a concern, please email the address above.