Privacy Policy

Effective Date: 21 February 2025

Introduction

Southern Crossed Technologies, trading as NextlevelPay ("we," "us," or "our"), is dedicated to safeguarding your privacy and securing your personal information. This Privacy Policy outlines how we collect, use, store, and protect your data when you use our payment gateway integration services on the GoHighLevel platform, connecting with Paystack and Payfast. By using our services, you agree to the practices described herein.

We adhere to the Protection of Personal Information Act (POPIA) in South Africa, ensuring responsible and transparent handling of your personal information.

1. Personal Information We Collect

When you use NextlevelPay, we collect and process the following types of personal information:

- Gateway Keys: Test and live public and secret keys for Paystack and Payfast.

- OAuth Tokens: Scoped OAuth access and refresh tokens from GoHighLevel.

- Payment Data: Details such as payment amounts, customer email addresses (for sending receipts), and verification data (e.g., gateway secret key, subaccount ID, dates, amounts, and payment references).

- Transaction and Subaccount Data: Transaction details (e.g., subaccount ID, amounts, timestamps, statuses), subaccount profile information (e.g., email, ID, timestamps), and subscription data for managing active subscriptions.

Important Note: We do not collect or store sensitive customer payment information, such as credit card details. Payment processing is securely managed by Paystack and Payfast, both of which comply with the Payment Card Industry Data Security Standard (PCI-DSS).

2. How We Use Your Information

We use your personal information for the following purposes:

- Service Functionality: To facilitate integration between GoHighLevel and payment gateways (Paystack and Payfast) for seamless payment processing.

- Authentication and Access: To manage secure, scoped access via OAuth tokens, enabling interactions between your GoHighLevel account and our services.

- Receipts and Communication: To send payment receipts to customers using email addresses provided during transactions.

- Internal Reporting and Analytics: To maintain transaction and subscription records for auditing, reporting, and improving our services.

Under POPIA, we follow the principle of data minimization, collecting and processing only the data necessary for these purposes.

3. Data Storage and Protection

3.1 Data Stored

We store the following data on our servers:

- OAuth access and refresh tokens (for scoped access).

- Transaction data (e.g., subaccount ID, amounts, timestamps, statuses).

- Subaccount profile data (e.g., email, ID, timestamps).

- Subscription data (for managing active subscriptions).

3.2 Security Measures

We prioritize the security of your data with the following protections:

- Data Persistence: All data is stored in Google Cloud, which meets international security standards. Learn more at Google Cloud Compliance.

- Encryption: Data at rest is encrypted using industry-standard methods, and data in transit is secured with TLS version 1.2 or higher.

- Access Controls: OAuth tokens and credentials are stored securely, accessible only to authorized personnel, and restricted to their owners’ accounts.

- Monitoring: We use Sentry Security to monitor errors and performance. Logs are retained for 30 days and exclude sensitive information.

Note: Sensitive payment details, such as credit card numbers, are not stored by us—they are handled directly by PCI-DSS-compliant Paystack and Payfast.

4. Your Rights Under POPIA

Under the Protection of Personal Information Act (POPIA), you have the following rights:

- Access: Request access to the personal information we hold about you.

- Correction: Ask us to correct inaccurate or incomplete personal information.

- Deletion: Request deletion of your personal information, subject to legal retention obligations.

- Objection: Object to the processing of your personal information in specific cases.

To exercise these rights, contact us at [Insert contact email here]. We will respond within a reasonable timeframe, as required by law.

5. Third-Party Services

NextlevelPay integrates with the following third-party services:

- Paystack: Handles payment processing. See Paystack Compliance.

- Payfast: Handles payment processing. See Payfast Compliance.

- GoHighLevel: Provides the platform for our integration. See GoHighLevel Privacy.

These providers have their own privacy policies and practices, which we do not control. We recommend reviewing their policies for details on their data handling.

6. Data Retention and Deletion

We retain your personal information as follows:

- Operational Data: Data required for integration (e.g., OAuth tokens) is kept while the app is installed on your GoHighLevel account. It is deleted upon uninstallation.

- Subscription and Transaction Data: Retained for internal reporting and auditing, even after uninstallation, in line with legal and regulatory obligations.

Our retention practices comply with POPIA’s requirements (POPIA Retention).

7. Data Transfers

As we use Google Cloud for hosting, your data may be transferred to and stored in data centers outside South Africa. Google Cloud adheres to international data protection standards, ensuring your data remains secure. See Google Cloud Compliance for details.

8. Changes to This Privacy Policy

We may update this Privacy Policy to reflect changes in our services or legal requirements. Significant updates will be communicated by revising the effective date above and, if needed, through additional notices (e.g., on our website or via direct contact). Your continued use of our services after updates signifies your acceptance of the revised policy.

9. Contact Us

For questions or concerns about this Privacy Policy or our data practices, please reach out to us at:

[[email protected]]

By using NextlevelPay, you confirm that you have read, understood, and agree to the practices outlined in this Privacy Policy.