Contents
- Introduction
- Who we are
- Information Officer
- Scope
- Personal information we process
- How we collect personal information
- Purposes and lawful basis
- Website technologies and third-party services
- WhatsApp, Meta and messaging platforms
- Processing on behalf of clients
- Cookies and similar technologies
- Direct marketing
- Email communications and disclaimers
- Sharing and disclosure
- Cross-border transfers
- Retention
- Security
- Your rights under POPIA
- Children
- Third-party websites and links
- Changes to this policy
- Contact and complaints
1. Introduction
This privacy policy was last updated on 3 June 2026 and applies to Answer Co Za (Pty) Ltd (Answer), the website at https://answer.co.za, and related communication channels operated by us.
We respect your privacy and are committed to protecting personal information in accordance with the Protection of Personal Information Act, 4 of 2013 (“POPIA”), the Promotion of Access to Information Act, 2 of 2000 (“PAIA”), and other applicable South African law.
This Privacy Policy explains what personal information we collect, why we collect it, how we use it, who we share it with, and what choices and rights you have. Please read it carefully. By using our website, contacting us, or engaging our services, you acknowledge that you have read this Privacy Policy.
Where we provide WhatsApp Business, unified inbox, automation, or related communication systems to business clients, we may process personal information on behalf of those clients. In those cases, the client is usually the responsible party (“responsible party” or “operator” under POPIA) for end-customer data, and we act as an operator or sub-operator according to our contract with the client. Section 9 below explains this further.
2. Who we are
The responsible party for personal information collected through this website and through direct enquiries to Answer is:
- Legal entity: Answer Co Za (Pty) Ltd
- Trading name: Answer
- Website: https://answer.co.za
- Email: hello@answer.co.za
- Telephone: +27 861 444 333
- Physical address: Johannesburg, Gauteng, South Africa
Answer designs and delivers communication technology solutions, including WhatsApp Business API platforms, unified inbox and ticketing systems, chatbots, workflow automation, messaging infrastructure, reporting dashboards, integrations, and custom software for organisations in South Africa and, where agreed, internationally.
3. Information Officer
In terms of POPIA, Answer Co Za (Pty) Ltd has designated an Information Officer to oversee compliance with this Privacy Policy and to respond to requests relating to personal information.
- Information Officer: Information Officer, Answer Co Za (Pty) Ltd
- Email: hello@answer.co.za
Please use the subject line “POPIA request” or “Privacy enquiry” so that your message can be routed appropriately. We may request proof of identity before fulfilling certain requests.
4. Scope
This Privacy Policy applies to personal information processed when you:
- visit or interact with https://answer.co.za;
- submit an enquiry through our contact form, email, telephone, or other channels we operate;
- subscribe to updates or marketing communications from us (where offered and where you have opted in);
- communicate with us on professional networking platforms such as LinkedIn;
- engage Answer as a client, supplier, contractor, or partner;
- participate in demonstrations, onboarding, training, or support relating to our services; or
- interact with communication channels or platforms that we configure or manage for a client, where we act as operator on the client’s instructions.
This policy does not apply to third-party websites, apps, or platforms that we do not control, including Meta/WhatsApp, Google, LinkedIn, and client-owned properties. Those services are governed by their own privacy policies, although we describe our use of them below where relevant to you.
5. Personal information we process
“Personal information” means information relating to an identifiable, living, natural person and, where applicable, an identifiable juristic person, as defined in POPIA. Depending on how you interact with us, we may process the following categories of personal information:
5.1 Website visitors
- Technical and usage data, such as IP address, browser type and version, device type, operating system, referring URL, pages viewed, date and time of access, and approximate location derived from IP address;
- Cookie identifiers and similar online identifiers where cookies or analytics tools are enabled;
- Security and anti-abuse data, such as form submission timestamps, CSRF tokens, rate-limit records, and reCAPTCHA assessment results.
5.2 Contact and sales enquiries
- Name, job title, and organisation;
- Email address, telephone number, and preferred contact method;
- Service interest, project description, and any other information you choose to provide in your message;
- Records of correspondence, meeting notes, proposals, and commercial discussions.
5.3 Clients, suppliers, and partners
- Business contact details and billing information;
- Contractual, onboarding, and compliance documentation;
- User account details for systems we deploy or manage;
- Support tickets, audit logs, and service performance records.
5.4 End-customer data in client systems
Where we build or operate communication platforms for clients, we may process end-customer personal information on the client’s behalf, including:
- Names, telephone numbers, and WhatsApp identifiers;
- Message content, attachments, metadata, and conversation history;
- Consent records, opt-in and opt-out preferences;
- Order, appointment, support, or transaction details shared through messaging channels;
- Commerce-related information where WhatsApp Commerce or similar features are enabled by the client.
We process this data only as instructed by the relevant client and in accordance with our agreement with that client, applicable platform policies, and POPIA.
5.5 Special personal information
We do not intentionally collect special personal information (such as health, biometric, or religious information) through our website. If such information is included in a message you send us, or appears in client system data we process as operator, we treat it in accordance with POPIA and our contractual obligations. Clients are responsible for ensuring they have a lawful basis to collect and share such information with us.
6. How we collect personal information
We collect personal information directly and indirectly:
- Directly from you when you complete forms, email us, call us, meet with us, sign contracts, or otherwise provide information;
- Automatically when you use our website, through server logs, security tooling, cookies, and analytics technologies where enabled;
- From clients when they provide administrator, user, or integration details for projects we deliver;
- From platform providers such as Meta/WhatsApp, messaging gateways, or hosting providers, where necessary to deliver services or comply with platform requirements;
- From publicly available sources such as company websites or professional profiles, where relevant to legitimate business development and always subject to applicable law.
Where personal information is collected from a source other than the data subject, we take reasonable steps to ensure that POPIA’s notification requirements are met, either ourselves or through the client responsible for that collection.
7. Purposes and lawful basis
We process personal information for the purposes set out below. Our lawful bases under POPIA include consent, contractual necessity, compliance with legal obligations, and legitimate interests of the responsible party, balanced against your rights.
| Purpose | Examples | Typical lawful basis |
|---|---|---|
| Responding to enquiries | Contact form submissions, sales follow-up, demos | Consent; pre-contractual steps; legitimate interest |
| Delivering services | WhatsApp onboarding, inbox configuration, support, reporting | Contract; legitimate interest |
| Website operation and security | Hosting, CSRF protection, rate limiting, bot detection, incident response | Legitimate interest; legal obligation |
| Analytics and improvement | Understanding site usage, measuring campaigns, improving UX | Consent where required; legitimate interest |
| Marketing | Newsletters, service updates, event invitations | Consent; opt-out available at all times |
| Legal and compliance | Tax, accounting, dispute resolution, regulatory requests, Meta/Google platform compliance | Legal obligation; legitimate interest |
We do not sell personal information. We do not use personal information for purposes incompatible with those described above without notifying you and, where required, obtaining your consent.
8. Website technologies and third-party services
Our website and business operations may rely on third-party services that process personal information. The services below may be enabled now or added in future. When a service is enabled, it may set cookies, collect usage data, or process information you submit through forms.
8.1 Hosting, CDN, and infrastructure
Our website is hosted on infrastructure that records server logs (including IP addresses and request metadata) for security, performance, and troubleshooting. Where we use a content delivery network (CDN) or reverse proxy, your connection may be routed through edge servers operated by that provider. We configure trusted proxy settings so that security controls such as rate limiting work correctly behind CDNs.
8.2 Google reCAPTCHA
Where enabled on our contact form, Google reCAPTCHA (v2 checkbox or v3 invisible scoring) helps protect against spam and automated abuse. Google may collect hardware and software information, device data, cookies, and interaction data to assess whether a submission appears human. This processing is governed by Google’s Privacy Policy and the Google Terms of Service. reCAPTCHA is subject to Google’s collection and use policies. We enable reCAPTCHA only where configured in our environment and only for legitimate security purposes.
8.3 Google Analytics
We may use Google Analytics or Google Analytics 4 (GA4) to understand how visitors use our website, including pages visited, session duration, referral sources, device categories, and general geographic regions. Google Analytics uses cookies and similar technologies. Where required, we will request consent before non-essential analytics cookies are placed. You can learn about Google’s practices at How Google uses information from sites or apps that use our services and opt out via the Google Analytics Opt-out Browser Add-on or your browser cookie settings.
8.4 Google Tag Manager, Google Ads, and conversion measurement
We may use Google Tag Manager to deploy tags on our website, including Google Ads conversion tracking, remarketing tags, or other measurement pixels. These tools may collect online identifiers, page URLs, and interaction events to measure advertising performance and show relevant ads on Google properties or partner sites. Where remarketing or non-essential advertising cookies are used, we will obtain consent where required by law. Google Ads data is processed according to Google’s advertising policies. You can manage ad personalisation in your Google Ads Settings.
8.5 Google Search Console and Bing Webmaster Tools
We may verify site ownership with Google Search Console and Bing Webmaster Tools. These services provide aggregated search performance data and do not typically receive personal information from ordinary page views beyond verification meta tags on our site.
8.6 Email delivery (SMTP)
Contact form submissions and business email may be transmitted through SMTP servers or email service providers. Those providers process sender and recipient addresses, message content, and delivery metadata necessary to route email. We configure mail delivery using environment-specific credentials and restrict access to authorised personnel.
8.7 Social and professional networks
Our website may link to profiles on platforms such as LinkedIn. If you interact with us through those platforms, the platform operator processes your information under its own privacy policy. Embedded social widgets, if added in future, may collect usage data subject to the relevant platform’s terms.
9. WhatsApp, Meta and messaging platforms
Answer specialises in WhatsApp Business and related messaging solutions. Personal information processed through WhatsApp or other Meta platforms is also subject to Meta’s terms and policies.
9.1 Meta and WhatsApp policies
Depending on your interaction, applicable policies may include:
- WhatsApp Business Policy
- WhatsApp Commerce Policy
- WhatsApp Business Terms of Service
- Meta Business Tools Terms
- Meta Privacy Policy
- Meta Platform Terms (for API integrations)
9.2 WhatsApp Business onboarding
When a business is onboarded to WhatsApp Business API or Cloud API, Meta and/or its authorised partners may collect business verification data, display name details, phone number ownership evidence, authorised representative identity information, and compliance declarations. We assist clients with onboarding as part of our services and may transmit onboarding data to Meta or approved Business Solution Providers (BSPs) strictly as required to complete setup. Clients must ensure information submitted during onboarding is accurate and that they are authorised to provide it.
9.3 Messaging, templates, and the 24-hour customer care window
WhatsApp restricts how businesses may message users. Session messages are generally permitted within customer service windows; marketing and utility messages outside those windows typically require approved message templates and valid opt-in. We configure systems to support these rules, but clients remain responsible for obtaining lawful consent, using approved templates, and honouring opt-out requests.
9.4 WhatsApp Commerce
Where clients enable catalogues, carts, payments, or other commerce features on WhatsApp, end-customer order and transaction data may be processed by the client, Answer (as implementer/operator), Meta/WhatsApp, and payment or fulfilment partners. Commerce features must comply with the WhatsApp Commerce Policy, including rules on prohibited products and services, accurate product representation, customer support, refunds where applicable, and lawful collection of payment information. We do not process card data unless explicitly agreed and secured under PCI-DSS-aligned controls.
9.5 Data use restrictions
Meta prohibits using WhatsApp data for unauthorised purposes, including selling contact lists or using message content for unrelated advertising profiling. We contractually require clients and personnel to honour these restrictions and platform retention rules.
10. Processing on behalf of clients
When we design, host, integrate, or support communication systems for clients, we often act as an operator processing personal information on instructions from the client (the responsible party). In those cases:
- the client determines the purposes and means of processing end-customer data;
- we process data only on documented instructions, including those in our master services agreement, statements of work, data processing addendum, and platform configuration;
- we implement appropriate security safeguards and assist clients with reasonable compliance requests where contractually agreed;
- we use sub-processors (such as cloud hosts, BSPs, or SMS gateways) only where permitted by contract and with appropriate safeguards;
- at project end, we delete or return personal information according to the contract and retention schedule, subject to legal hold requirements.
If you are an end customer of one of our clients and wish to exercise privacy rights relating to messages or account data held in a client system, please contact that client first. We will support our client in responding where required by contract and law.
12. Direct marketing
We may send direct marketing about our services by email or other channels where permitted by POPIA and the Electronic Communications and Transactions Act. We will obtain your consent where required and always provide a clear opt-out. You may unsubscribe from marketing emails using the link in the message or by contacting hello@answer.co.za.
Opting out of marketing does not affect transactional or service-related communications necessary to perform a contract or respond to your enquiries.
13. Email communications and disclaimers
This section applies to email and similar written messages sent by Answer Co Za (Pty) Ltd or Answer from our domains, mailboxes, or systems we operate, including replies to enquiries, service notices, project correspondence, and direct marketing where permitted by law.
13.1 Confidentiality and intended recipients
Our emails may contain confidential, proprietary, or personal information intended only for the named recipient(s). If you receive a message in error, please notify us at hello@answer.co.za without delay, delete all copies from your systems, and do not read, use, disclose, or distribute its contents. We will take reasonable steps to address misdelivery when we become aware of it.
13.2 No contract or advice by email alone
Unless we expressly state otherwise in writing, email content does not constitute a binding offer, acceptance, contract amendment, waiver, or instruction. Formal agreements, project scope, pricing, and service commitments require execution according to our signed contracts or written authorisation procedures. Email does not constitute legal, tax, regulatory, accounting, or financial advice.
13.3 Monitoring, retention, and personal information
Business email may be stored, backed up, and accessed by authorised personnel for operational, security, quality, and legal compliance purposes. Personal information in email is processed according to this Privacy Policy and POPIA. Retention periods are described in Section 16. Where we provide inbox or messaging services to clients, client organisations control retention and access for their own systems; we process data on their instructions as described in Section 9.
13.4 Security and transmission risks
Email transmission over the internet is not fully secure. Although we use reasonable safeguards, including secure configuration of mail systems where supported, we cannot guarantee that any message will be received without interception, corruption, delay, or virus transmission. You should scan attachments with up-to-date security software. Answer Co Za (Pty) Ltd is not liable for loss or damage arising from email transmission beyond the extent permitted by law and subject to any applicable agreement with you.
13.5 Standard footer notice
We may include the following standard disclaimer (or a shortened form of it) at the end of outbound emails. The published version on this page prevails if there is any inconsistency with an older footer stored in an email client template:
Email disclaimer
This message is sent by or on behalf of Answer Co Za (Pty) Ltd (Answer). It may contain confidential or proprietary information intended only for the addressee(s).
If you received it in error, notify us at hello@answer.co.za, delete all copies, and do not use or share its contents.
Nothing in this email constitutes a binding offer, contract amendment, or professional advice unless confirmed in a signed agreement or written authorisation.
We process personal information in email in accordance with our Privacy Policy: /privacy
Email transmission cannot be guaranteed secure or error-free; we are not liable for loss or damage arising from interception, corruption, or delay beyond our reasonable control.
For privacy requests relating to information in email correspondence, contact hello@answer.co.za or our Information Officer at hello@answer.co.za.
15. Cross-border transfers
Some of our service providers and platform partners are located outside South Africa, including in the United States and European Union. Where personal information is transferred to a country that does not have substantially similar data protection laws, we implement appropriate safeguards such as contractual clauses, provider certifications, and risk assessments, and we comply with POPIA Section 72 requirements.
WhatsApp and Meta infrastructure, Google services, and major cloud providers may process data globally. Clients using our messaging solutions should inform their end customers where cross-border processing is likely, as required by POPIA.
16. Retention
We retain personal information only for as long as necessary for the purposes described in this policy, unless a longer period is required or permitted by law. Typical retention periods include:
- Contact enquiries: up to 24 months after last meaningful contact, unless a client relationship continues;
- Client and project records: for the duration of the contract and thereafter as required for legal, tax, and dispute resolution purposes (often 5 to 7 years where financial records are involved);
- Website logs and security records: generally 30 to 90 days, unless needed for incident investigation;
- Analytics data: according to the relevant analytics platform configuration, often 14 to 26 months for Google Analytics;
- WhatsApp and inbox data in client systems: as configured by the client and permitted by platform policies.
When personal information is no longer required, we securely delete or anonymise it.
17. Security
We implement reasonable technical and organisational measures to protect personal information, including access controls, encryption in transit where supported, secure configuration, rate limiting, CSRF protection, honeypot and timing checks on forms, HTTP security headers, and restricted access on a need-to-know basis.
No method of transmission or storage is completely secure. If you believe your interaction with us has been compromised, please contact hello@answer.co.za promptly.
18. Your rights under POPIA
Subject to POPIA, you may have the right to:
- request confirmation of whether we hold personal information about you;
- request access to personal information we hold about you;
- request correction or deletion of inaccurate, irrelevant, excessive, outdated, or unlawfully processed personal information;
- object to processing based on legitimate interests, direct marketing, or processing for direct marketing purposes;
- withdraw consent where processing is based on consent (without affecting prior lawful processing);
- request restriction of processing in certain circumstances;
- lodge a complaint with the Information Regulator.
To exercise your rights, email hello@answer.co.za with sufficient detail for us to identify you and locate relevant records. We will respond within a reasonable period and in accordance with POPIA. We may refuse requests where permitted by law, for example where disclosure would reveal confidential commercial information or another person’s personal information.
Information Regulator (South Africa):
Website: https://inforegulator.org.za/
Email: inforeg@justice.gov.za
19. Children
Our website and business services are directed at organisations and adults. We do not knowingly collect personal information from children under 18 without appropriate consent from a parent or guardian. If you believe we have collected information from a child inappropriately, contact us and we will take reasonable steps to delete it.
20. Third-party websites and links
Our website may contain links to third-party sites, documentation, or platform consoles. We are not responsible for the privacy practices of those sites. We encourage you to read their privacy policies before providing personal information.
21. Changes to this policy
We may update this Privacy Policy from time to time to reflect legal, technical, or business changes. The “last updated” date at the top of this page will be revised when changes are published. Material changes may be communicated through our website or by other appropriate means. Continued use of our website or services after changes take effect constitutes acknowledgement of the updated policy, subject to any consent requirements for new processing activities.
22. Contact and complaints
For privacy questions, POPIA requests, or complaints, contact:
- Information Officer: Answer Co Za (Pty) Ltd
- Email: hello@answer.co.za
- Telephone: +27 861 444 333
- Address: Johannesburg, Gauteng, South Africa
Related documents: Terms & Conditions.