Privacy Policy
Last updated: 3 March 2026
1. Introduction
Welcome to Camberly (camberly.co.za). We are a South African company dedicated to helping car owners maintain their vehicles with confidence. We respect your privacy and are committed to protecting your personal information in accordance with the Protection of Personal Information Act, 2013 ("POPIA"), the Electronic Communications and Transactions Act, 2002 ("ECT Act"), and other applicable South African legislation.
This Privacy Policy explains what personal information we collect, how we use and protect it, who we share it with, and what rights you have regarding your data. It applies to all users of the Camberly website and progressive web application (PWA), whether you browse as a guest or create an account.
2. Information We Collect
We collect information in the following categories:
2.1 Information You Provide
- Account Information — When you register, we collect your email address and password. If you sign in via Google, we receive your name, email, and profile photo from Google.
- Profile Information — You may optionally provide your full name and phone number via your profile settings.
- Vehicle Information — You may add vehicles to your profile, including make, model, year, and a nickname.
- Search History — When logged in, your recent searches (up to 10) are saved so you can quickly revisit content.
- Vendor / Service Provider Registration — If you register as a workshop or installer, we collect your business name, address, city, province, phone number, WhatsApp number, email, website, operating hours, service types offered, supported vehicle makes, and optional portfolio images.
2.2 Information Collected Automatically
- Usage Analytics — We track aggregated, anonymous usage data such as page views on guides and blog posts, provider profile views, and contact button clicks. This data is not linked to individual users and is stored in our own database — we do not use Google Analytics or any third-party analytics platform.
- Reading Progress — If you are logged in, we track your scroll position on guides and blog posts so you can pick up where you left off. This data is stored locally in your browser and synced to your account.
- Technical Data — Standard web server logs may capture your IP address, browser type, device type, and referring URL.
2.3 Information We Do Not Collect
- We do not collect payment or financial information — Camberly does not process transactions.
- We do not collect location data from your device (GPS), though our security headers permit geolocation access for potential future use.
- We do not collect biometric data, health data, or any special categories of personal information.
3. How We Use Your Information
We use personal information only for legitimate purposes directly related to the services we provide:
- Service Delivery — To provide car maintenance guides, tutorials, calculator tools, workshop and installer discovery, and personalised reading progress.
- Account Management — To create and manage your account, verify your email, and allow you to update your profile and vehicle information.
- Provider Listings — To review, approve, and display vendor registrations on our platform.
- Platform Improvement — To understand how our content performs (via aggregated analytics) and improve the user experience.
- Security & Abuse Prevention — To enforce rate limits, detect spam (via honeypot fields), and maintain the integrity of our platform.
- Legal Compliance — To comply with applicable laws and respond to lawful requests from authorities.
4. Cookies and Local Storage
Camberly uses a minimal number of cookies and browser-storage mechanisms:
- Authentication Cookies — We use HTTP-only session cookies (managed by Supabase Auth) to keep you signed in. These are essential for the site to function and cannot be disabled while using an authenticated session.
- Local Storage — We store your reading progress, continue-reading list, and completed guides in your browser's local storage so they are available immediately, even before syncing to our server. This data stays on your device and is only synced when you log in.
We do not use tracking cookies, advertising cookies, or any third-party cookies. We do not participate in cross-site tracking or ad networks.
5. Third-Party Services
We use the following third-party service providers to operate Camberly. These providers may process your data as part of delivering their services to us:
- Supabase — Provides our authentication system (email/password and Google sign-in), real-time features, and hosts our PostgreSQL database. Supabase processes your account credentials and stores your profile data.
Supabase Privacy Policy - Vercel — Hosts our frontend website. Vercel processes standard web request data (IP addresses, headers) as part of serving web pages.
Vercel Privacy Policy - Railway — Hosts our backend API server. Railway processes standard server request data as part of running our application.
Railway Privacy Policy - Google — If you choose to sign in with Google, we receive your name, email, and profile picture from Google's OAuth service. We do not receive your Google password.
We do not sell, rent, or trade your personal information to any third party for marketing or advertising purposes.
6. Data Security
We take the security of your data seriously and have implemented the following measures:
- All connections use HTTPS with strict transport security (HSTS) enforced.
- Content Security Policy (CSP) headers restrict which domains can load scripts, styles, and other resources.
- Passwords are hashed and never stored in plain text (managed by Supabase Auth).
- API endpoints are protected by rate limiting (500 requests per 15 minutes general, 60 per 15 minutes for write operations).
- Role-based access control (RBAC) ensures only authorised personnel can access administrative functions.
- Database access uses row-level security (RLS) policies so users can only access their own data.
While we strive to protect your information, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security but will notify you promptly in the event of a data breach as required by POPIA.
7. Data Retention
We retain your personal information only for as long as necessary to fulfil the purposes for which it was collected:
- Account data — Retained for as long as your account is active. You may delete your account at any time via your profile settings.
- Vehicle data — Retained while your account exists and deleted when your account is removed.
- Search history — Limited to your 10 most recent searches and can be cleared at any time.
- Reading progress — Retained while your account exists and deleted when your account is removed.
- Aggregated analytics — Retained indefinitely as they contain no personally identifiable information.
- Vendor registration data — Retained for as long as the provider listing is active or pending review.
8. Your Rights
Under POPIA and other applicable legislation, you have the following rights regarding your personal information:
- Access — Request a copy of the personal information we hold about you.
- Correction — Request that we correct or update inaccurate information.
- Deletion — Request that we delete your personal information. You can delete your account directly from your profile settings.
- Objection — Object to the processing of your personal information.
- Restriction — Request that we restrict or stop processing your information.
- Complaint — Lodge a complaint with the Information Regulator if you believe your rights have been violated.
To exercise any of these rights, please contact us at privacy@camberly.co.za. We will respond within 30 days as required by POPIA.
For more detail on your POPIA rights, please see our POPIA Statement.
9. Children's Privacy
Camberly is not directed at children under the age of 18. We do not knowingly collect personal information from children. If you are a parent or guardian and believe your child has provided us with personal information, please contact us at privacy@camberly.co.za and we will delete that information promptly.
10. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices or applicable law. When we make material changes, we will update the "Last updated" date at the top of this page. We encourage you to review this policy periodically.
11. Contact Us
If you have any questions about this Privacy Policy or how we handle your personal information, please contact us:
- Email: privacy@camberly.co.za
- Website: camberly.co.za
You may also contact the Information Regulator of South Africa at inforeg@justice.gov.za or visit inforegulator.org.za.