The plain-English version

A short privacy note.

Effective 14 April 2026 POPIA compliant · v2.1

The long version exists further down. But the honest, short one is this: we take the fewest details we need to do the job, we never sell or share them, and you can ask us to forget you in one sentence.

The three-line version

We take the fewest details we need. We never sell them. You can leave in one sentence, and everything goes with you.

If you want the full, lawful, POPIA-compliant version, read on. It's intentionally short.

Section 01

Who we are.

OasisKeep is a small Cape Town-based business. We run an AI visibility service for South African businesses. Our registered office is in Observatory, Cape Town, South Africa. For the purposes of the Protection of Personal Information Act (POPIA), we are the Responsible Party for the information described below, and our Information Officer can be reached at hello@oasiskeep.com.

Section 02

What we collect, and nothing else.

We only take the information we genuinely need. That is:

Contact
Your name, email, WhatsApp numberUsed only to reply to you and to send Sunday Scan reports if you've opted in.
Business
Business name, suburb, category, websiteUsed to run the audit queries and to build your weekly Keep.
Public profile
Google Business Profile, directory entries, reviewsPublic information we read, re-structure, and help you keep tidy.
Usage
Basic, anonymised analyticsWhich pages you visited, which blog posts you read. No personal tracking, no third-party ad pixels.
Billing
Handled by Stripe / Peach PaymentsWe never see or store your card numbers. Our payment processors are POPIA- and PCI-compliant.

We do not collect: your ID number, your address, location data, contact lists, social graphs, or anything else that isn't explicitly on the list above.

Section 03

Why we collect it.

Lawfully, three reasons only:

  • To provide the service you asked us for — running the audit, delivering the Keep, sending the reports to your WhatsApp.
  • To reply when you write to us — the form, the email, the WhatsApp message.
  • To meet tax and accounting obligations — SARS requires we keep financial records for a minimum period after a service is invoiced.

That is the complete list. We do not use your information to train models, to build advertising profiles, or to analyse behaviour for any commercial purpose beyond the list above.

Section 04

Who sees it.

A deliberately short list of operators we rely on to do the work. Each is POPIA-compliant and contractually bound to process your data only on our written instructions:

  • Google Workspace — email and documents (data resident in the EU where possible).
  • Stripe & Peach Payments — billing and subscription management.
  • Meta WhatsApp Business — the Sunday Scan channel, only if you've opted in.
  • OpenAI, Anthropic, Google — we query their public models on your behalf to produce audits. Your business name is the only personal-ish data that leaves our systems, and these queries are run without any cross-linked identifier.

We do not sell your information. We do not rent it. We do not share it with advertisers. If any of that ever changes — and we don't intend it to — we will tell you before it takes effect, in plain English, and you will have the option to leave with everything that belongs to you.

Section 05

How long we keep it.

For as long as you are an active customer, plus the minimum period SARS requires us to retain financial records after you leave (currently five years). If you've only ever run a free audit and never became a customer, we keep your audit result for 12 months so you can come back and compare, then we delete it automatically.

Section 06

Your rights under POPIA.

You have the right to:

  • Ask what we hold about you — we'll send you a plain-English export within 30 days.
  • Ask us to correct it — if anything's wrong, reply to any of our emails and we'll fix it.
  • Ask us to delete it — one sentence by email or WhatsApp ("please delete everything you have about me") is enough. We process deletion within 14 working days, and you'll receive written confirmation when it's done. We'll retain only what SARS legally requires us to keep.
  • Object to how we're processing it — and, if we can't reach agreement, lodge a complaint with the Information Regulator of South Africa.
Section 07

A short note on cookies.

We set one cookie, for logged-in customers only, to keep you signed in. It is a strictly-necessary session cookie, it expires when you close the browser, and it is not used for analytics or advertising. We do not use third-party tracking pixels, Google Analytics, Facebook Pixel, or any equivalent.

Section 08

Questions? Just write.

If any of this is unclear, or you'd like to exercise any of the rights in Section 06, please write to hello@oasiskeep.com or use the contact form. A human will reply, in plain English, usually within a working day.

This note was written to be read. It is deliberately short and deliberately free of legal language that most humans couldn't reasonably be expected to understand. It is, however, our full privacy policy. If a court ever asks what OasisKeep's privacy policy said on 14 April 2026, this is it.

Start the way every customer starts

Ready when you are.

Run the sixty-second audit, and we'll send you a plain-English report of what the models currently say about your business. No signup. The only information we ask for is a business name.

Run my audit Get in touch