Skip to content
Legal

Privacy Policy

How Niddo collects, uses, and protects your personal information.

Last updated 24 June 2026 · Niddo (Pty) Ltd

In plain terms
  • We're a South African company, and we only collect the information we need to respond to you, run this website, and deliver our work.
  • We never sell or rent your personal information.
  • We use a small number of trusted providers — like our hosting and scheduling tools — to run the site and our business.
  • You can ask us to access, correct, or delete your information at any time by emailing hello@niddo.io.

This summary is for convenience only and is not a substitute for the full terms below.

This Privacy Policy explains how Niddo (Pty) Ltd ("Niddo", "we", "us", or "our") collects, uses, shares, and protects your personal information when you visit niddo.io (the "Site") or engage us for our services. It is written to meet our obligations under South Africa's Protection of Personal Information Act, 2013 (POPIA) and, where it applies to you, the EU/UK General Data Protection Regulation (GDPR).

This Policy is a transparency notice that explains how we handle your personal information. Where we rely on your consent for a specific purpose (such as marketing), we ask for it separately. Your use of the Site is also subject to our Terms & Conditions (/terms).

Where we handle personal information *on behalf of a client* — for example when we build, host, or operate software, or run automations that process their customers' data — we act as an operator (POPIA) / processor (GDPR) under that client's instructions, and a separate Data Processing Agreement governs that work. This Policy covers the information we process in our own right.

1. Who we are

Niddo (Pty) Ltd is a private company registered in South Africa (registration number 2022/263283/07), based in Randburg, Gauteng, South Africa. Our full registered office address is on file with the Companies and Intellectual Property Commission (CIPC) and available on request.

For the purposes of POPIA we are the responsible party, and for the purposes of the GDPR we are the data controller, in respect of the personal information described in this Policy.

Our Information Officer is Sam Fourie, who you can reach about any privacy matter at hello@niddo.io.

2. Information we collect

Information you give us

  • Your name, email address, and — if you provide them — phone number and company name;
  • The contents of any enquiry or message you send us, including anything you choose to tell us about your project — when you book a call you do so on Cal.com, which collects those booking details under its own privacy policy (see sections 4 and 10);
  • Information you share when we work together, such as account details or materials needed to deliver our services.

Information we collect automatically

When you visit the Site, our hosting provider (Vercel) automatically logs limited technical data — such as your IP address, browser and device type, and the pages you request — to keep the Site secure, available, and working correctly.

Cookies and similar technologies

We keep the Site deliberately lightweight. The Site does not set cookies of its own; our hosting provider (Vercel) may set strictly necessary cookies or use similar technologies to deliver and secure it. We do not use cookies for advertising, profiling, or analytics, and we run no third-party behavioural tracking. If that changes, we will update this Policy and, where the law requires it, ask for your consent before any non-essential cookies are set.

3. How we use your information

We use personal information for the following purposes, each with a lawful basis under POPIA and (where it applies) the GDPR:

  • To respond to you — answering enquiries, scheduling and holding calls, and providing quotes (basis: steps taken at your request before entering a contract, and our legitimate interest in responding);
  • To provide our services — delivering the work we agree to do and managing our relationship with you (basis: performance of a contract);
  • To operate and secure the Site — keeping it available, preventing abuse, and diagnosing problems (basis: our legitimate interests);
  • To send you information you asked for, and occasional service updates to existing clients about similar services, or to others who have consented — in line with POPIA's direct-marketing rules (section 69). Every marketing message includes a free, easy way to opt out, and you can withdraw consent at any time by emailing hello@niddo.io (basis: your consent, or the existing-customer exception under POPIA);
  • To meet legal and regulatory obligations — such as accounting, tax, and record-keeping (basis: legal obligation).

4. How we share your information

We do not sell or rent your personal information. We share it only in these limited circumstances:

  • With service providers (operators/processors) who help us run our business under appropriate confidentiality and data-protection terms — including website hosting and infrastructure, call-scheduling, and email;
  • For legal reasons — where we are required to by law, or to establish, exercise, or defend legal claims, or to prevent fraud and protect the rights, safety, and security of others;
  • In a business transfer — if we are involved in a merger, acquisition, or sale of assets, in which case we will take reasonable steps to ensure your information stays protected.

The main third-party providers we rely on today are our hosting and deployment provider (Vercel); our call-scheduling provider (Cal.com) — when you book a call you are taken to Cal.com, and their privacy policy applies to that booking; our transactional email provider (Resend), which delivers the details you submit through our contact form to us; and our email provider (Google Workspace), which hosts the hello@niddo.io mailbox that receives them. We keep this list short and review the providers we use.

5. International transfers

We transfer personal information outside South Africa only where the recipient is bound by an agreement or rules providing protection comparable to POPIA, or where the transfer is necessary to perform a contract with you (POPIA section 72). Our hosting (Vercel), scheduling (Cal.com), and transactional email (Resend) providers may process data in the United States or the European Union under data-protection terms that include such safeguards; for transfers subject to the GDPR we rely on the European Commission's Standard Contractual Clauses, a copy of which you can request by emailing hello@niddo.io.

6. How long we keep it

We keep personal information only for as long as we need it for the purposes in this Policy. As a guide: we keep enquiry correspondence for around 12–24 months after our last contact if no engagement follows; client-relationship and financial records for the duration of the engagement plus the period required by South African tax and company law (generally five years); and technical or security logs held by our hosting provider for a short period (typically 30–90 days). Where we cannot fix an exact period in advance, these are the criteria we use to decide. When we no longer need information, we securely delete or anonymise it.

7. How we protect your information

We take the security of your information seriously and use reasonable and appropriate technical and organisational measures to protect it against loss, misuse, and unauthorised access, alteration, or disclosure. No method of transmission or storage is completely secure, but we work to safeguard your information and keep our systems up to date.

If a security compromise affecting your personal information occurs, we will notify the Information Regulator (South Africa) and you as soon as reasonably possible after becoming aware of it, as required by POPIA section 22 and applicable law, unless the Regulator or a public body directs otherwise.

8. Your rights

Subject to applicable law, you have the right to:

  • Access the personal information we hold about you and ask how we process it;
  • Correct or update information that is inaccurate or incomplete;
  • Delete your information, or ask us to stop processing it, where there is no overriding legal basis to keep it;
  • Object to processing based on legitimate interests, and to opt out of direct marketing at any time;
  • Under the GDPR, additionally to restrict processing, to data portability, and to withdraw consent at any time without affecting processing already carried out.

We do not make decisions about you based solely on automated processing without human involvement (POPIA section 71). You may also object, on reasonable grounds, to how we process your information at any time.

To exercise any of these rights, email us at hello@niddo.io. You also have the right to lodge a complaint: in South Africa you may complain to the Information Regulator (South Africa); in the EU/UK you may complain to your local data-protection supervisory authority.

9. Children

The Site and our services are intended for businesses and adults. We do not knowingly collect personal information from anyone under the age of 18. If you believe a child has provided us with personal information, please contact us so we can remove it, unless a lawful ground under POPIA section 35 requires us to keep it.

11. Changes to this Policy

We may update this Policy from time to time to reflect changes in our practices or the law. When we do, we will revise the "Last updated" date at the top of this page, and significant changes will be made clear. Your continued use of the Site after an update means you accept the revised Policy.

12. Contact us

If you have any questions about this Policy or how we handle your personal information — or to exercise any of your rights — please contact our Information Officer, Sam Fourie, at hello@niddo.io.

Niddo (Pty) Ltd, Randburg, Gauteng, South Africa.