Rezzr

/ Legal

Privacy Policy.

How Rezzr Technologies (Pty) Ltd collects, uses, stores and shares your personal information, and the rights you have under the Protection of Personal Information Act, 2013 (POPIA).

Last updated: 28 April 2026 · Effective from: 28 April 2026

1. Who we are

This website is operated by Rezzr Technologies (Pty) Ltd (“Rezzr”, “we”, “us”, “our”), a company incorporated in the Republic of South Africa. For the purposes of POPIA, Rezzr is the responsible party for the personal information collected through rezzr.com and its subdomains.

Our registered Information Officer can be contacted at privacy@rezzr.com.

2. What information we collect

We only collect information that is adequate, relevant and not excessive for the purpose. The categories below are everything we collect through this website.

Information you give us

  • Diner waitlist: email address; optional city.
  • Restaurant pre-launch sign-up: name, email address, restaurant name; optional city.
  • Restaurant nominations: the restaurant’s name and suburb (this is business information about the restaurant, not personal information about you); optionally your email address if you ask to be told when that restaurant joins.
  • Contact form: name, email address, your role (restaurant owner / diner / investor) and the message you write to us.

Information collected automatically

  • Browser user-agent — the technical fingerprint your browser sends with every request, used for debugging and abuse detection.
  • Salted, one-way hash of your IP address — used only to prevent the same person nominating the same restaurant repeatedly. We do not store the IP address itself and we cannot reverse the hash to recover it.

We do not collect special personal information (race, health, biometrics, religious beliefs, etc.) through this website.

3. Why we collect it

  • To launch the Rezzr product — sending you launch announcements, invites and product updates if you ask us to.
  • To respond to your enquiry — when you contact us through the contact form, list-your-restaurant form, or by email.
  • To prioritise restaurant outreach — nomination counts help our founders decide which restaurants to reach out to first. Outreach is always done by a human.
  • To prevent spam and abuse — by deduplicating nominations using the salted IP hash described above.
  • To comply with our legal obligations — including record-keeping under POPIA itself.

We will never sell your personal information.

4. Lawful basis for processing

POPIA Section 11 sets out the grounds on which personal information may be processed. We rely on the following:

  • Your consent — for joining the diner waitlist, the restaurant pre-launch sign-up, and any direct marketing emails.
  • Performance of, or steps to enter into, a contract with you — for the restaurant pre-launch sign-up and any onboarding that follows.
  • Our legitimate interests — for limited operational use such as preventing duplicate nominations, debugging, and protecting the integrity of the service. We balance these interests against your rights and only proceed where the impact on you is minimal.
  • Compliance with a legal obligation — where the law requires us to retain or disclose information.

5. Direct marketing

Under Section 69 of POPIA we may only send you electronic marketing if you have specifically consented, or if you are an existing customer and we are marketing similar products in a way you can opt out of at any time.

When you submit a form that includes a marketing opt-in, we record the date, the form, and the consent text shown to you at the time. Every marketing email we send includes a one-click unsubscribe link. You can also withdraw consent at any time by emailing privacy@rezzr.com. Withdrawal does not affect the lawfulness of any processing done before you withdrew.

6. Restaurant nominations

When you nominate a restaurant on Rezzr, you provide business information about that restaurant (its name and suburb). This is not personal information about a natural person and it does not require the restaurant’s consent to collect.

If you also provide your email address with a nomination, that email is only used to notify you when the nominated restaurant joins Rezzr. It is not added to any marketing list unless you separately tick the marketing opt-in.

Rezzr does not auto-message nominated restaurants. Any outreach to a restaurant is initiated personally by a Rezzr founder.

7. Who we share it with

We use a small number of trusted operators (POPIA “operators” / GDPR “processors”) to run this website. They process personal information only on our written instructions and may not use it for their own purposes.

  • Supabase — database and authentication. Stores form submissions and account data.
  • Resend — transactional email delivery. Receives the address and content of any notification email we send.
  • Vercel — website hosting and edge delivery. Receives standard web traffic information (IP, user-agent, request path) for the duration needed to serve the page.

We will not share your personal information with any other third party except where:

  • you have given us specific consent;
  • we are required to by law, court order or a regulator; or
  • it is necessary to protect Rezzr’s legal rights or to investigate fraud or abuse of the service.

8. Where your data is stored

Some of our operators (Supabase, Resend, Vercel) host or process personal information on servers located outside South Africa, including in the European Union and the United States. In line with Section 72 of POPIA, we only transfer personal information outside South Africa where:

  • the recipient is subject to laws, binding corporate rules, or binding contractual obligations that provide a level of protection substantially similar to POPIA; or
  • you have consented to the transfer; or
  • the transfer is necessary for the performance of a contract with you, or for the conclusion or performance of a contract concluded in your interest.

By submitting any form on this site you acknowledge that this cross-border transfer takes place.

9. How long we keep it

  • Diner waitlist: until 12 months after you unsubscribe, or until you ask us to delete the record, whichever comes first.
  • Restaurant pre-launch sign-up: for as long as you remain a Rezzr prospect or customer, plus 5 years after your last interaction (to comply with tax and commercial record-keeping rules).
  • Restaurant nominations: for as long as the restaurant has not yet joined Rezzr or for 24 months, whichever comes first.
  • Contact form messages: 24 months from the date of the message.
  • IP hashes and user-agent strings: 90 days, then deleted automatically.

After these periods we delete or de-identify the records.

10. How we protect it

We take appropriate, reasonable technical and organisational measures to protect your personal information against loss, unlawful access, interference, modification or destruction. These include:

  • encryption in transit (HTTPS / TLS) on every page and API endpoint;
  • encryption at rest at the database layer;
  • row-level security on the database — only our server processes can read or write;
  • access controls and audit logging on operator dashboards;
  • salted, one-way hashing of any IP addresses we briefly use for abuse prevention.

If a security compromise occurs that creates a real risk of harm to you, we will notify both you and the Information Regulator as soon as reasonably possible, in line with Section 22 of POPIA.

11. Your rights under POPIA

You have the following rights in respect of your personal information:

  • Access — to be told whether we hold information about you and to receive a copy.
  • Correction — to ask us to correct information that is inaccurate, irrelevant, excessive, out of date or misleading.
  • Deletion — to ask us to delete or destroy information we are no longer entitled to keep.
  • Objection — to object to processing on reasonable grounds, and to object at any time to processing for direct marketing.
  • Withdrawal of consent — to withdraw any consent you previously gave.
  • Complaint — to lodge a complaint with the Information Regulator if you believe we have not complied with POPIA.

To exercise any of these rights, email privacy@rezzr.com. We will respond within 30 days. To verify your identity we may ask you to confirm details associated with the account or submission you are asking about.

The Information Regulator (South Africa)
JD House, 27 Stiemens Street, Braamfontein, Johannesburg, 2001
Email: POPIAComplaints@inforegulator.org.za
Website: inforegulator.org.za

12. Cookies and analytics

This website uses only the strictly necessary cookies required to serve pages and remember your form-submission state. We do not currently run third-party advertising or behavioural tracking on this site. If we add analytics in future we will update this policy and request your consent before any non-essential cookie is set.

13. Children

Rezzr is intended for adults (18+) and for restaurant operators acting on behalf of their business. We do not knowingly collect personal information from children. If you believe a child has submitted a form on this site, email privacy@rezzr.com and we will delete the record.

14. Changes to this policy

We may update this policy from time to time. The “last updated” date at the top of the page reflects the most recent change. If a change is material we will notify affected users by email. Continued use of the site after a change constitutes acceptance of the updated policy.

15. How to contact us

For any privacy question, request, or complaint:

Rezzr Technologies (Pty) Ltd
Information Officer
Email: privacy@rezzr.com
General enquiries: hello@rezzr.com