Privacy Policy
Last updated 15 June 2026
This policy explains how SkyL4rk (Pty) Ltd (“we”, “us”) collects and uses personal information through SkySignal (the “Service”). We follow the Protection of Personal Information Act, 2013 (“POPIA”) and, where it applies, the EU/UK General Data Protection Regulation (“GDPR”).
1. Two roles: us as responsible party, and us as operator
For information about your own account — your name, email, billing — we are the responsible party (controller) and this policy governs it.
For the campaign data you load into the Service — your recipient lists, the people depicted or named in your content, the posts you publish — we act only as your operator (processor). You are the responsible party for that data, and our handling of it is governed by the Data Processing Addendum. This policy still describes that handling for transparency.
2. What we collect
Account & billing
Your name, email address, hashed password, workspace details, and billing records.
Content you create or upload
- Campaigns, variants and posts — the copy, links, hashtags and scheduling you configure.
- Audiences — recipient lists you import for email campaigns, which may include names and email addresses of your contacts.
- Uploaded images — if you choose to upload artwork rather than reference an externally hosted URL, we store a normalised copy and a thumbnail. Images may depict identifiable people; you are responsible for having the right to use and publish them (see the Terms).
- Connected social accounts — when you link Facebook, LinkedIn or similar, we store access tokens (encrypted) and basic account identifiers so we can publish on your instruction.
Automatically collected
Log data such as IP address, browser, timestamps, and delivery/error events generated as the Service runs.
3. Why we use it (and our legal basis)
- To provide the Service — create, schedule, publish and report on campaigns. Basis: performance of our contract with you.
- To publish on your instruction — sending content and images to the social platforms and email relay you direct us to. Basis: your instruction / contract.
- To secure and maintain the Service, prevent abuse, and keep records. Basis: our legitimate interest and legal obligations.
- To communicate with you about your account. Basis: contract and legitimate interest.
We do not sell personal information, and we do not use the content you load into the Service for advertising or to train models.
4. Who we share it with
We share personal information only as needed to run the Service:
- Social platforms — when you publish, the post content and any image are transmitted to the platform you selected (e.g. Facebook, LinkedIn). Once published there, that platform holds its own copy under its own privacy policy, outside our control.
- Email delivery — campaign emails are dispatched through our sending relay.
- Infrastructure & sub-operators — hosting and supporting services listed in the DPA.
- Law & safety — where required by law or to protect rights and safety.
5. Cross-border transfers
Some recipients above (notably the social platforms) operate outside the Republic of South Africa. Where personal information is transferred abroad, we rely on the conditions permitted under section 72 of POPIA and, for GDPR data, an appropriate transfer mechanism.
6. How long we keep it
We keep account and billing records for as long as your account is active and thereafter as required by law. For the content you load into the Service:
- Externally hosted images that you reference by URL are never stored by us — we keep only the reference, indefinitely, and fetch the image at publish time from your server.
- Uploaded images are retained while any scheduled or recent post still needs them, and then expire 30 days after the last post that used them has been delivered. Abandoned uploads that were never attached to a post are swept sooner. You may upload again at any time.
- Campaign records and audiences are retained for the life of your workspace, or until you delete them, subject to the DPA.
The full mechanics are set out in the Data Processing Addendum.
7. Security
We use reasonable technical and organisational safeguards, including encryption of stored access tokens and passwords, access controls scoped per workspace, and re-encoding of uploaded images to strip embedded data. No system is perfectly secure, and we cannot guarantee absolute security.
8. Your rights
Subject to law, you may request access to, correction of, or deletion of your personal information, object to certain processing, and (under the GDPR) request portability. To exercise these, contact us at privacy@skysignal.co.za. Where the request concerns data we process on a customer’s behalf, we will refer it to that customer as the responsible party. You may also complain to the Information Regulator (South Africa) or your local supervisory authority.
9. Information Officer
Our Information Officer, as required by POPIA, can be reached at privacy@skysignal.co.za — Michael Beuster / Information Officer.
10. Cookies
We use strictly necessary cookies to keep you signed in and to operate the Service. We do not use advertising cookies. A fuller Cookie Policy will be published on this page.
11. Changes
We may update this policy from time to time. Material changes will be notified in-app or by email, and the “last updated” date above will change.
12. Contact
SkyL4rk (Pty) Ltd, Ballito, KwaZulu-Natal, South Africa · 2018/043553/07 · privacy@skysignal.co.za.