Privacy Policy
1. Who we are
Legit Boet is an application that helps construction contractors document site activity, manage work orders, and generate legally defensible evidence packages.
For GDPR purposes, Legit Boet is the data controller for personal data
processed through the platform.
Contact: privacy@legitboet.site
2. Data we collect
| Category | Examples | Purpose |
|---|---|---|
| Account data | Name, email address, company name | Authentication and account management |
| Organisation data | Company address, phone, email, logo, VAT number, NHBRC/CIDB numbers | Populating documents and compliance records |
| Project data | Project name, client name, client email, site address, contract details | Project management and document generation |
| Site logs | Text entries, GPS coordinates, timestamps | Legal evidence documentation |
| Photos | Images, GPS coordinates, timestamps | Visual evidence documentation |
| Work order data | Descriptions, costs, client signatures, IP addresses, timestamps | Contractual records and evidence |
| Payment data | Subscription plan, billing status (card details held by Stripe — not us) | Subscription management |
| Device data | Push notification token | Sending work order approval notifications |
3. Legal basis for processing
- Contract performance — processing necessary to provide the service you signed up for.
- Legitimate interests — security, fraud prevention, product improvement.
- Legal obligation — retaining records as required by applicable law.
- Consent — push notifications (you can withdraw by disabling notifications on your device).
4. How we use your data
- Providing, maintaining, and improving the Legit Boet platform
- Generating PDF evidence, site diaries, and final account documents
- Sending work order approval emails and push notifications
- Processing subscription payments via Stripe
- Responding to support requests
- Complying with legal and regulatory obligations
We do not sell your data or use it for advertising purposes.
5. Third-party services
| Service | Purpose | Privacy policy |
|---|---|---|
| Supabase | Database, authentication, file storage | supabase.com/privacy |
| Stripe | Payment processing and subscription billing | stripe.com/privacy |
| Resend | Transactional email (approval receipts) | resend.com/privacy |
| Expo (Push Notifications) | Delivering push notifications to devices | expo.dev/privacy |
Each third party acts as a data processor under appropriate data processing agreements. Supabase infrastructure is hosted in the EU (Frankfurt) by default.
6. Data retention
We retain your data for as long as your account is active. Site logs, photos, work orders, and approval records are retained indefinitely within your account because they may constitute legal evidence — they cannot be deleted once captured.
If you close your account, you may request deletion of personal data that is not required for legal or regulatory compliance by emailing privacy@legitboet.site.
7. Data security
- All data is transmitted over TLS (HTTPS).
- Data at rest is encrypted by Supabase.
- Row-level security (RLS) ensures organisations can only access their own data.
- Payment card data is never stored by Legit Boet — Stripe handles all card processing.
8. International transfers
Your data may be processed in the EU (Supabase/Frankfurt) and the United States (Stripe, Resend, Expo). Where data is transferred outside the EEA, we rely on Standard Contractual Clauses (SCCs) or equivalent safeguards as required by GDPR Chapter V.
9. Your rights
Under GDPR and POPIA, you have the right to:
- Access — request a copy of the personal data we hold about you.
- Correction — ask us to correct inaccurate data.
- Erasure — request deletion of data where no legal basis for retention exists.
- Portability — receive your data in a machine-readable format.
- Object — object to processing based on legitimate interests.
- Withdraw consent — e.g. disable push notifications at any time in your device settings.
- Lodge a complaint — with your local supervisory authority (e.g. the ICO in the UK, the Information Regulator in South Africa, or your EU member state's DPA).
To exercise any of these rights, contact us at privacy@legitboet.site. We will respond within 30 days.
10. Cookies and tracking
The Legit Boet mobile app does not use cookies. The Legit Boet website (legitboet.site) uses no third-party tracking or analytics cookies.
11. Children's privacy
Legit Boet is a professional tool intended for adults (18+). We do not knowingly collect data from anyone under 18.
12. Changes to this policy
We may update this policy from time to time. Material changes will be notified via email or an in-app notice. Continued use of Legit Boet after the effective date constitutes acceptance of the updated policy.
13. Contact
Legit Boet
privacy@legitboet.site
legitboet.site