Privacy Policy
Last updated: May 2026
1. Who we are
Midwife SA is a product owned and operated by Buntu Hosting (Pty) Ltd, a private company registered in the Republic of South Africa, with its principal place of business in Johannesburg ("we", "our", "us", "the Company"). Buntu Hosting (Pty) Ltd is the responsible party (data controller) for the processing of personal information through the Midwife SA platform ("Platform").
2. Scope and legal framework
This Privacy Policy explains how we collect, use, store, share and protect personal information in line with the Protection of Personal Information Act, 2013 (POPIA), the Electronic Communications and Transactions Act, 2002 (ECTA), the Consumer Protection Act, 2008 and other applicable South African laws. By using the Platform you acknowledge that you have read and understood this policy.
3. Information we collect
We collect: (a) account information (name, email, contact number, role, password hash); (b) profile information you choose to add (location, pregnancy stage, preferences, photo); (c) health and pregnancy context shared with a Midwife through the Platform; (d) booking, consultation and payment records; (e) messages, documents and files you exchange on the Platform; (f) reviews and feedback; (g) technical and usage data (device, browser, IP address, approximate location, log data, cookies and similar identifiers); (h) information you provide when you contact support. Some information may constitute special personal information under POPIA (for example health information) and is processed with your express consent and additional safeguards.
4. How we use your information
We process personal information to: (a) create and manage your account; (b) match Clients with verified Midwives and facilitate bookings, consultations and payments; (c) operate, secure, maintain and improve the Platform; (d) personalise content and recommendations; (e) verify Midwife credentials and combat fraud and abuse; (f) communicate with you about service updates, bookings, support and, where you have opted in, marketing; (g) comply with our legal, regulatory and contractual obligations; (h) establish, exercise or defend legal claims.
5. Lawful basis for processing
We process personal information where: (a) you have given consent (which you may withdraw at any time); (b) processing is necessary to perform the contract with you; (c) it is necessary to comply with a legal obligation; (d) it is necessary to protect a legitimate interest of yours, ours or a third party that is not overridden by your rights; or (e) it is in the public interest. Special personal information is processed only with your express consent or where otherwise permitted by POPIA.
6. Sharing your information
We do not sell your personal information. We share information only as needed and under appropriate safeguards with: (a) the Midwife you book with, to provide the requested service; (b) our payment processor (PayFast) and financial institutions, to process payments; (c) trusted operators acting on our written instructions (hosting, email, SMS, analytics, customer support, security, identity verification); (d) professional advisors (legal, accounting, insurance) under duties of confidentiality; (e) law enforcement, regulators or courts where required by law or to protect rights, safety and property; (f) a successor entity in connection with a merger, acquisition, reorganisation or sale of assets, subject to equivalent protections.
7. International transfers
Some of our service providers may be located outside South Africa. Where personal information is transferred across borders, we ensure that the recipient is bound by laws, binding rules or contractual terms that provide an adequate level of protection substantially similar to POPIA, or that another lawful ground for transfer applies.
8. Security
We take appropriate, reasonable technical and organisational measures to protect personal information against loss, damage, unlawful access or unauthorised destruction, including access controls, encryption in transit, hashed passwords, network protections, logging and regular backups. No system is completely secure; we cannot guarantee absolute security, but we will notify the Information Regulator and affected users of any security compromise as required by law.
9. Retention
We retain personal information only for as long as necessary for the purposes set out in this policy, to comply with legal, accounting, tax or regulatory obligations (typically up to five years for transactional records under South African law), to resolve disputes, and to enforce our agreements. When information is no longer required, it is securely deleted or anonymised.
10. Your POPIA rights
Subject to POPIA, you have the right to: (a) be notified about the collection and use of your information; (b) access the information we hold about you; (c) request correction or deletion of inaccurate, outdated, irrelevant or unlawfully obtained information; (d) object to processing, including for direct marketing; (e) withdraw consent at any time, without affecting the lawfulness of prior processing; (f) request that we cease further processing in certain circumstances; (g) lodge a complaint with the Information Regulator.
11. Direct marketing
We will only send you electronic marketing communications where you have consented or where the law otherwise permits. You may opt out at any time using the unsubscribe link in our messages or by contacting us.
12. Children
The Platform is intended for users aged 18 and over. We do not knowingly collect personal information from children without the consent of a competent person as required by POPIA. If you believe a child has provided information to us, please contact us so we can delete it.
13. Automated decision-making
We do not make decisions that have legal or similarly significant effects on you based solely on automated processing without human involvement.
14. Cookies
We use cookies and similar technologies as described in our Cookie Policy.
15. Changes to this policy
We may update this policy from time to time. Material changes will be communicated through the Platform or by email. Continued use after the effective date constitutes acceptance of the updated policy.
16. How to contact us and the regulator
Information Officer, Buntu Hosting (Pty) Ltd, Johannesburg, South Africa. Privacy queries: privacy@midwifesa.co.za. General queries: hello@midwifesa.co.za. You may also lodge a complaint with: The Information Regulator (South Africa), JD House, 27 Stiemens Street, Braamfontein, Johannesburg, 2001 — inforeg@justice.gov.za / POPIAComplaints@inforegulator.org.za.