Privacy Policy
Last updated: 19 May 2026
1. Who we are
DalaWhat is a cloud-based business management platform built for South African small and medium businesses. It is operated by Dalawhat (Pty) Ltd ("we", "us", "our"), accessible at dalawhat.co.za.
If you have any questions about this policy, contact us at support@dalawhat.co.za.
2. What data we collect and why
We collect only the data needed to operate the platform and provide our services to you.
- Account data — your name, email address, and password (stored securely via Firebase Authentication) to create and manage your workspace.
- Business data — invoices, quotes, expenses, customers, products, and other records you create inside the app. This data belongs to you and is stored in your workspace only.
- Usage data — basic interaction data (e.g. pages visited, errors) used to improve the product. We do not use third-party analytics trackers.
- Google Calendar data — if you choose to connect Google Calendar, we access your calendar events solely to display them alongside your business schedule in the DalaWhat Home calendar. See section 3 for full details.
3. Google Calendar integration
When you connect Google Calendar, we request read-only access to your primary Google Calendar (calendar.readonly scope). Specifically:
- What we access: event titles, dates, times, locations, and descriptions from your primary Google Calendar, for the next 60 days.
- Why: to display your personal Google Calendar events alongside your business calendar inside DalaWhat, so you have a unified view of your schedule.
- How it is stored: calendar events are fetched on demand and held in memory during your session. Your Google OAuth refresh token is stored securely on our servers (Firebase) and is never exposed to the browser or other users. It is used solely to obtain fresh access tokens when syncing.
- What we do not do: we do not read, store, share, sell, or use your Google Calendar data for advertising, profiling, or any purpose other than displaying it to you inside the app.
- Revoking access: you can disconnect Google Calendar at any time from Settings → Integrations → Google Calendar. You can also revoke access directly from your Google Account permissions page.
4. How we store and protect your data
All data is stored on Google Firebase (Firestore and Firebase Authentication), hosted in secure Google Cloud infrastructure. Data is encrypted in transit (HTTPS/TLS) and at rest.
Access to your workspace data is restricted to authenticated members of your workspace only. We do not access customer workspace data except where required to provide technical support, and only with your permission.
5. Data sharing
We do not sell, rent, or share your personal data with third parties for their own purposes. Data is shared only with the following sub-processors, strictly to operate the service:
- Google Firebase — database, authentication, and hosting
- Google Calendar API — if you connect Google Calendar
- Resend — transactional email delivery (invoices, quotes, invites)
- PayFast — payment processing, if you use the PayFast integration
6. Data retention
Your workspace data is retained for as long as your account is active. If you close your account, your data will be deleted within 30 days upon written request to support@dalawhat.co.za.
7. Your rights (POPIA)
As a South African resident, you have rights under the Protection of Personal Information Act (POPIA), including the right to access, correct, or request deletion of your personal information. To exercise these rights, contact us at support@dalawhat.co.za.
8. Cookies
DalaWhat uses only essential session cookies required for authentication. We do not use advertising or tracking cookies.
9. Changes to this policy
We may update this policy from time to time. The "Last updated" date at the top will reflect any changes. Continued use of the platform after changes constitutes acceptance of the updated policy.
10. Contact
For any privacy-related questions or requests:
- Email: support@dalawhat.co.za
- Website: dalawhat.co.za