Privacy Policy

Last updated: 18 May 2026  ·  Effective date: 18 May 2026

Legit Boet is a construction site documentation platform operated by Legit Boet ("we", "us", or "our"). This policy explains what personal data we collect, why we collect it, how we use it, and your rights under the General Data Protection Regulation (GDPR) and South Africa's Protection of Personal Information Act (POPIA).

1. Who we are

Legit Boet is an application that helps construction contractors document site activity, manage work orders, and generate legally defensible evidence packages.

For GDPR purposes, Legit Boet is the data controller for personal data processed through the platform.
Contact: privacy@legitboet.site

2. Data we collect

Category Examples Purpose
Account data Name, email address, company name Authentication and account management
Organisation data Company address, phone, email, logo, VAT number, NHBRC/CIDB numbers Populating documents and compliance records
Project data Project name, client name, client email, site address, contract details Project management and document generation
Site logs Text entries, GPS coordinates, timestamps Legal evidence documentation
Photos Images, GPS coordinates, timestamps Visual evidence documentation
Work order data Descriptions, costs, client signatures, IP addresses, timestamps Contractual records and evidence
Payment data Subscription plan, billing status (card details held by Stripe — not us) Subscription management
Device data Push notification token Sending work order approval notifications

3. Legal basis for processing

4. How we use your data

We do not sell your data or use it for advertising purposes.

5. Third-party services

Service Purpose Privacy policy
Supabase Database, authentication, file storage supabase.com/privacy
Stripe Payment processing and subscription billing stripe.com/privacy
Resend Transactional email (approval receipts) resend.com/privacy
Expo (Push Notifications) Delivering push notifications to devices expo.dev/privacy

Each third party acts as a data processor under appropriate data processing agreements. Supabase infrastructure is hosted in the EU (Frankfurt) by default.

6. Data retention

We retain your data for as long as your account is active. Site logs, photos, work orders, and approval records are retained indefinitely within your account because they may constitute legal evidence — they cannot be deleted once captured.

If you close your account, you may request deletion of personal data that is not required for legal or regulatory compliance by emailing privacy@legitboet.site.

7. Data security

8. International transfers

Your data may be processed in the EU (Supabase/Frankfurt) and the United States (Stripe, Resend, Expo). Where data is transferred outside the EEA, we rely on Standard Contractual Clauses (SCCs) or equivalent safeguards as required by GDPR Chapter V.

9. Your rights

Under GDPR and POPIA, you have the right to:

To exercise any of these rights, contact us at privacy@legitboet.site. We will respond within 30 days.

10. Cookies and tracking

The Legit Boet mobile app does not use cookies. The Legit Boet website (legitboet.site) uses no third-party tracking or analytics cookies.

11. Children's privacy

Legit Boet is a professional tool intended for adults (18+). We do not knowingly collect data from anyone under 18.

12. Changes to this policy

We may update this policy from time to time. Material changes will be notified via email or an in-app notice. Continued use of Legit Boet after the effective date constitutes acceptance of the updated policy.

13. Contact

Legit Boet
privacy@legitboet.site
legitboet.site