Loading...
Loading...
Last Updated: September 6, 2025
Tellacity takes data privacy and security seriously. This policy explains the technical and organizational measures we use to protect personal data for consumers and businesses.
Read this policy alongside our Privacy Policy for how we collect and use information, and our Safety & Trust framework for platform integrity.
Tellacity protects the confidentiality, integrity, and availability of personal data for both consumers and businesses. This section sets out our overall commitment before the specific controls described below.
Tellacity takes data privacy and security seriously. We are committed to protecting the personal data of our users-both consumers and businesses-in accordance with applicable data protection laws and best practices. This Data Protection Policy outlines the technical and organizational measures we have implemented to ensure the confidentiality, integrity, and availability of your data.
Those measures include access controls, encryption, processor agreements, and incident response, each described in the sections that follow.
Tellacity aims to comply with major data protection frameworks depending on where users are located. Local laws may also apply in addition to those listed below.
We strive to comply with key data protection regulations, including but not limited to:
General Data Protection Regulation (GDPR): For users within the European Economic Area (EEA).
Protection of Personal Information Act (POPIA): For users within South Africa.
California Consumer Privacy Act (CCPA): For users within California, USA.
If you are unsure which framework applies to you, contact our Data Protection Officer using the details in Contact Us below.
Privacy is considered early in product and business processes, not added as an afterthought. That means we think about data collection, retention, and transparency when we design features and workflows.
We integrate data protection principles into our development and business processes from the outset. This includes minimizing data collection, pseudonymizing personal data where possible, and ensuring transparency about data processing activities.
Data minimisation, pseudonymization where feasible, and clear communication about processing are core parts of this approach.
Tellacity only collects personal data that is needed to operate the service, verify reviews where required, and support users, not excessive or unrelated information.
We only collect and process personal data that is strictly necessary for the purposes for which it is processed. We do not collect excessive or irrelevant data.
Only authorized personnel may access personal data, and access is limited by role and legitimate business need, not open to all staff by default.
Access to personal data is restricted to authorized personnel who have a legitimate need to access such data for their job responsibilities.
Authentication: We use strong authentication mechanisms (e.g., multi-factor authentication) for administrative access.
Authorization: Access rights are granted based on the principle of least privilege.
Logging: Access to sensitive data is logged and audited.
Security is layered: no single control is relied on alone. Together, encryption, network protection, and vulnerability management reduce the risk of unauthorized access, alteration, disclosure, or destruction.
We implement robust technical security measures to protect data against unauthorized access, alteration, disclosure, or destruction:
Encryption: Data is encrypted in transit (using TLS/SSL) and at rest (using industry-standard encryption algorithms).
Firewalls: We use firewalls to protect our network infrastructure.
Vulnerability Management: We regularly scan our systems for vulnerabilities and apply security patches promptly.
Receipts, invoices, and similar proof documents are handled with extra care. They are stored privately and are never shown on public profiles or review pages.
Documents uploaded as proof of experience (e.g., receipts, invoices) are treated with high sensitivity. These documents are stored in a secure, private storage bucket with strict access controls. They are never displayed publicly and are only accessible by authorized Tellacity moderation staff for the sole purpose of verifying reviews.
Only authorized moderation staff may access proof documents for verification purposes. See our Reviewer Guidelines for how verification works on the platform.
Service providers such as hosting, analytics, email, or payment processors may handle personal data on our behalf. They do so only under strict contractual terms.
We engage third-party service providers (data processors) to assist us in delivering our Services (e.g., hosting, payment processing). We enter into data processing agreements with these providers to ensure they process personal data only in accordance with our instructions and maintain appropriate security measures.
Personal data may be processed or stored in countries outside your own jurisdiction. When that happens, we use appropriate safeguards rather than transferring data without protection.
If we transfer personal data to countries outside the user's jurisdiction, we ensure that appropriate safeguards are in place to protect the data, such as standard contractual clauses or adequacy decisions.
Depending on your jurisdiction, you may have rights over your personal data. The rights below are described in plain language; availability and process may vary by location.
We respect the rights of data subjects regarding their personal data, including:
To exercise a right, contact our Data Protection Officer at privacy@tellacity.com or use the channels described in Contact Us and our Help Center.
Right to Access: You can request a copy of your personal data.
Right to Rectification: You can request correction of inaccurate data.
Right to Erasure: You can request deletion of your data ("right to be forgotten").
Right to Restriction: You can request restriction of processing.
Right to Data Portability: You can request your data in a structured, commonly used format.
Right to Object: You can object to processing based on legitimate interests or direct marketing.
Tellacity maintains a breach response process so security incidents are handled promptly and consistently.
We have an incident response plan in place to handle data breaches or security incidents effectively.
In the event of a personal data breach likely to result in a high risk to rights and freedoms, we will notify the competent supervisory authority and affected data subjects without undue delay.
Data is kept only for as long as needed for the purpose it was collected, or as required by law, then deleted or anonymized securely.
We retain personal data only for as long as necessary to fulfill the purposes for which it was collected or as required by law. When data is no longer needed, it is securely deleted or anonymized.
Security and compliance practices are reviewed regularly so we can respond to new threats, technologies, and regulatory requirements.
We regularly review and update our data protection practices to adapt to changing threats, technologies, and regulations.
This Data Protection Policy adds technical and operational detail to the general principles in our other legal documents. It works alongside, not instead of, those policies.
This Data Protection Policy complements our Privacy Policy and Terms of Service. In the event of any conflict, the specific terms regarding data handling in this policy shall provide additional context to the general principles in the Privacy Policy.
Our Privacy Policy explains what we collect, how we use it, and your privacy rights in broader terms.
Our Terms of Service govern use of the platform and sit alongside this policy for contractual context.
For questions about this policy, data protection practices, or to exercise your rights, contact our Data Protection Officer.
For any inquiries regarding data protection or to exercise your rights, please contact our Data Protection Officer at privacy@tellacity.com.
You may also reach us through Contact or the FAQ for general support routing.