Privacy Policy

What We Collect

When you register on the OASIS platform, we collect: your full name, email address, and phone number for account creation and communication; for practitioners, professional credentials, HPCSA or equivalent registration details, and bank account information for earnings payouts.

When you book sessions, we store booking history, session scheduling data, and payment transaction records. Journal entries you write within the platform are stored privately and are never accessible to practitioners or platform staff.

We collect basic platform usage data (pages visited, features used) to improve the platform experience. This data is aggregated and not linked to your individual identity in any analysis.

How We Use Your Information

We use your personal information exclusively to: create and manage your account; facilitate booking, payment, and session delivery; send session reminders and platform notifications; and investigate and resolve disputes or support queries.

We do not use your personal information for advertising, third-party profiling, or any purpose beyond the direct operation and improvement of the Trinity Healing Room platform. We do not build or sell marketing profiles.

POPIA Compliance

Trinity Healing Room is committed to compliance with the Protection of Personal Information Act (POPIA), Act 4 of 2013. We are the responsible party for personal information processed on this platform.

We process your personal information lawfully, only for the purposes for which it was collected, and only for as long as necessary to fulfil those purposes. We apply the principle of data minimisation — we collect only what is strictly required.

We engage only the minimum necessary service providers — email delivery (Resend), payment processing (Yoco), and video hosting (self-hosted Jitsi) — each of whom is contractually bound to protect your data and not process it for their own purposes.

Data Sharing

Your personal information is never sold, traded, or rented to any third party. The only sharing that occurs is: sharing your first name and session details with your booked practitioner to facilitate your session; sharing transaction data with Yoco to process payments; and sharing your email address with Resend solely to deliver platform emails.

Your practitioner sees only your name and the service you have booked. They do not see your payment information, personal contact details, or journal entries.

Data Retention

Your account data is retained for as long as your account is active. Accounts that have been inactive for 24 months are notified by email and archived. Data for archived accounts is deleted 12 months after archival unless you request earlier deletion.

Session notes written by practitioners are stored securely, accessible only to that practitioner. Financial transaction records are retained for 5 years as required by South African Revenue Service (SARS) regulations.

If you request full account deletion, your personal data will be removed within 30 days of your request, except for financial transaction records which must be retained as described above.

Security

All data on this platform is encrypted in transit using TLS 1.2 or higher. Data stored in our database is encrypted at rest. Access to personal data is restricted to authorised platform personnel on a strict need-to-know basis.

We conduct regular security reviews of our infrastructure. Our video sessions are delivered through a self-hosted, encrypted environment — sessions are not recorded and no third-party video provider has access to session content.

In the event of a data breach that may affect your personal information, we will notify you and the Information Regulator of South Africa as required by POPIA within 72 hours of becoming aware of the breach.

Your Rights Under POPIA

As a data subject under POPIA, you have the right to: access the personal information we hold about you; request correction of inaccurate or incomplete information; request deletion of your information (subject to legal retention obligations); object to the processing of your information; and withdraw consent where processing is based on consent.

To exercise any of these rights, contact our Information Officer at info@sheleads.co.za. We will respond within 10 business days. If you believe your rights have been violated, you may lodge a complaint with the Information Regulator of South Africa at inforeg@justice.gov.za or visit www.inforegulator.org.za.

Cookies and Tracking

The OASIS platform uses only functional cookies strictly necessary for authentication and secure session management. These cookies are set when you log in and expire when your session ends or when you log out.

We do not use advertising cookies, third-party tracking cookies, or any cookies linked to external analytics or marketing platforms. No data from your platform usage is shared with advertising networks.

Contact and Updates

For all privacy-related enquiries, to exercise your POPIA rights, or to raise a concern about how your data is being handled, contact our Information Officer at info@sheleads.co.za.

This Privacy Policy may be updated from time to time. When changes are material, you will be notified by email and prompted to review the updated policy before continuing to use the platform. The date of the most recent update is shown at the top of this document.