Offerings← Home

Last updated May 2026

Privacy

Draft — under legal review. The substance is broadly correct but final wording will be finalised pre-launch. If you spot issues, email hello@openofferings.com.

Offerings is a registration-page builder for community wellness organisers. This Privacy Policy describes what we collect when you use the service, how it's used, and your rights under POPIA (the Protection of Personal Information Act, 2013).

What we collect

Account holders (organisers). Email address, name, organisation name, optional bio and avatar URL. If you connect Paystack, your public key and an encrypted reference to your secret key. We never store your Paystack secret key in plaintext.

Attendees. When someone registers for an offering on our platform, we collect the data the organiser asked for — at minimum, a name and email. Other fields (phone, dietary needs, etc.) are optional and configured per offering. We also record the IP address and browser user-agent at the time of registration to help with abuse prevention.

Why we collect it

Account data lets you sign in and manage your offerings. Attendee data is collected on behalf of the organiser, who decides what to ask for and how to use it. We use it operationally to deliver registration confirmations, payment receipts, and the reveal-on-completion details the organiser configured.

Who we share it with

We use the following data processors:

  • Supabase — database and authentication hosting
  • Paystack — payment processing for paid offerings. Funds flow directly between attendees and organisers; we never touch the money.
  • Resend — transactional email delivery
  • Vercel — application hosting and edge delivery
  • Cloudflare — DNS, CDN, bot protection (when enabled)

We do not sell, rent, or otherwise share your personal information with third parties for their own marketing.

Retention

Account data is retained for as long as you have an account. Attendee data is retained as long as the organiser's offering exists — if the organiser deletes their account, attendee data tied to their offerings is deleted too. Anonymous draft offerings created via /start are auto-deleted after 30 days of inactivity.

Your rights

Under POPIA you can:

  • Access the personal information we hold about you
  • Request a correction or update
  • Request deletion. Account holders can self-serve via Settings → Delete account; attendees should contact the organiser they registered with, since the organiser is the responsible party for that data
  • Export your data (account holders: see Settings → Export)

Cookies

We use a single session cookie set by Supabase to keep you signed in. We do not use tracking, advertising, or analytics cookies.

Contact

Email hello@openofferings.com for any data-protection request. We respond within five working days.