Privacy Policy

Last updated: June 30, 2021


This Privacy Policy relates to Journey Mobile, Inc. and its affiliates (“JourneyApps” or “us” or “we” or “our”). It describes how we treat the personal data we collect and process when:

  • someone (a “Visitor”) visits our website ( (our “Website”);
  • one of our customers (a “Customer”) or one of our business partners, suppliers, subcontractors or independent contractors (a “Supplier”) enters into a written agreement with us; or
  • a Customer or Supplier, or a Customer or Supplier’s authorized users (a “User”) uses our platform and its ancillary components and services (our “Platform”), or any application developed and hosted on the Platform (an “Application”) or otherwise uses a product or service provided by us (in the case of a Customer) or when providing a product or service to us (in the case of a Supplier).

Where another written agreement between us and a Visitor, Customer, Supplier or a User exists, and the terms of that other agreement conflict with the terms of this Privacy Policy, the terms of that other agreement shall prevail, unless applicable laws require otherwise. If you are a User using the Application of a Customer, please consult the applicable agreement between you and our Customer (such as an end-user license agreement or employment agreement) to ensure you understand your rights and obligations.

The purpose and scope of this policy

We respect data privacy rights and take the protection of data seriously. The purpose of this Privacy Policy is to be transparent about the way we collect, store, use, and protect personal data of Visitors, Customers, Suppliers and Users, collectively referred to as “data subjects”. We implement business practices that comply with applicable data protection laws, including the Protection of Personal Information Act 4 of 2013 ("POPI") and the General Data Protection Regulation ((EU) 2016/679) ("GDPR") (collectively "Applicable Law"). This Policy applies to all processing of personal data of data subjects.

Personal data means any information relating to an identified or identifiable natural or juristic person. It typically includes names, addresses, email addresses and contact details.

JourneyApps provides technology products and related services to our Customers.

We process personal data for purposes of our Customer and Supplier relationships as a Data Controller/Responsible Party.

As part of providing our technology products and related services to Customers, we process personal data of Users (typically our customers’ employees or other third parties related to our Customers) as received from our Customers or from Users directly. When we do this, we do it as a Data Processor/Operator for the purpose of providing our technology products and related services to our Customers.

Where we process personal data as a Data Processor/Operator, our Customer as the Data Controller/Responsible Party will also be responsible for implementing appropriate data privacy practices and complying with the relevant Applicable Laws.

How we collect your personal data

We collect data, which may include personal data of individuals, in one of four ways:

  • Through our Website, when a Visitor, Customer or User enquires about our products and services by providing their details and requesting that we contact them;
  • Through our Platform, when Customers and Users sign up to use the Platform, request support from our support desk or otherwise use our or other third-party software to interact with us in terms of the agreement between us and a Customer;
  • Through Applications developed for our Customers and hosted on the Platform, when Users provide personal data such as a name or email address to enrol in an Application, or use an Application to capture other personal data in terms of an agreement between us and a Customer; or
  • Through other means, including email and electronic signature software, when we collect the personal information of Customers and Suppliers as part of the execution and administration of the terms under which we provide our products and services (in the case of Customers) or under which we procure products and services (in the case of Suppliers).

Data collected through our Website

When an individual clicks on “Contact Us” or otherwise completes a form which requests that they provide personal information, we collect certain personal information such as their full name, phone number, email address, company name (if applicable) and online identifier information.

Data collected through our Platform and customer support and interaction channels

When an individual signs up to use our Platform, or any ancillary service used to access the Platform or administer an Application, we collect certain personal information, including their name, email address and online identifier.

We use a number of channels to provide professional services and technical support to Customers and Users and to contact Customers and Users with important information regarding the Platform and Customers’ Applications. When we interact with Users in this way, we collect the User’s name and relevant contact information.

Data collected through Customers’ Applications

Our Platform is used by us, our Customers and/or our Suppliers to develop, operate and host custom software applications for our Customers, which we call “Applications”. Each Application is developed according to a Customer’s specifications and therefore the personal data collected using the Application varies depending on the Application’s purpose and the Customer’s requirements.

Where personal data is collected using an Application it is seldom sensitive. Personal data collected from Users is typically, but not always, limited to a User’s name, email address, phone number, address, employee or contractor identification number and the location where the Application is used and the device used to access the Application.

Data collected by other means to execute and administer Customer and Supplier agreements

When a Customer enters into an agreement for the use of our Platform and the provision of related services, we collect information such as the Customer name, place of incorporation and physical and postal address, which are required in order to properly execute a legally binding agreement between us and the Customer. We also collect billing and shipping information, such as the email address of invoice recipients and the shipping address where our Platform and services will be used, which we need to collect services fees and comply with sales tax legislation.

When a Supplier enters into an agreement with us to provide us with products and/or services, we may collect information about the Supplier required to administer our agreement with the Supplier, including but not limited to the Supplier’s name, place of incorporation, physical and postal address, tax information and banking information.

How we use your personal data

The personal data we collect is used for purposes of our contractual relationship with our Customers, including responding to pre-contractual queries, registration for our technology products and related services, administering our contract with our Customers, billing and collections, ongoing Customer relationship management and direct marketing.

We also use personal data for purposes of business analysis, statistics, product development, internal operational requirements, testing, providing information on product updates and usage best practices to Users, legal requirements and compliance.

We also use the personal data of Suppliers in order to administer our agreement with the Supplier, pay the Supplier’s fees and comply with tax legislation and other regulatory reporting requirements.

The personal data of Users that we collect and process on behalf of our Customers will depend on our Customers’ requirements and we do not control these requirements.

Customers have complete access to all data that their Users enter using a Customer’s Application. We have no obligation to maintain or monitor any data entered by a User using an Application or the Customer’s account on our Platform, unless expressly stated otherwise in a written agreement between us and that Customer.

Our Customer may also elect, at their sole discretion, to make all data entered by a User freely available to all other Users existing under the Customer account or Application, or to restrict the availability of such data within the Customer account or Application in any manner it sees fit.

Like most software companies, we collect non-personally-identifying data of the sort that web browsers, platforms and software applications and servers typically make available, such as the browser type, language preference, referring website or application, and the date and time of each visitor request. Our purpose in collecting non-personally identifying data is to better understand how our Visitors, Customers and Users use our Website, our Platform and our Applications and to tailor the information provided to Visitors, Customers and Users based on their location, in order to make that information more relevant. From time to time, we may release non-personally-identifying data in the aggregate, e.g., by publishing a report on trends in the usage of our products and services.

We also collect potentially personally-identifying data like Internet Protocol (IP) addresses. We do not use such information to identify Visitors or Users, and we do not disclose such information, other than under the same circumstances that we use and disclose personal data as described in this Privacy Policy.

Certain Visitors to our Website and Users using our support and interaction channels choose to interact with us in ways that require us to gather personal data. The amount and type of data that we gather depend on the nature of the interaction. For example, we ask Users who sign up to use our Platform and who enroll in an Application to provide data such as their name, email address, Customer name and contact details. Customers and Users who sign up to use our Platform or an Application may be asked to provide additional data, including as necessary the personal data required to create and administer User accounts. In each case, we collect such data only insofar as is necessary or appropriate to fulfil the purpose of the User’s interaction with us, as determined by an agreement between us and a Customer. We do not disclose personally-identifying information other than as described in this Privacy Policy. Users can refuse to provide certain personally-identifying data, and although we make every attempt to accommodate such a request, such a refusal may prevent them from being able to use our Platform or an Application.

We may also collect financial or payment information, such as credit card information or bank details, from our Visitors, Customers, Suppliers or Users.

We may collect statistics about the behaviour of Visitors to the Website and Users’ use of our Platform and our Applications. We may display this information, in aggregate, publicly or provide it to others. However, we do not disclose personally-identifying data other than as described in this Privacy Policy.

We may use personal information for direct marketing purposes if Applicable Laws allow this. You always have the right to object to your personal data being used for direct marketing purposes. Note that where we process personal data for direct marketing purposes of our Customer in terms of the service we provide to Customers, our Customer is obligated to ensure compliance with Applicable Laws.

Legal basis for using your personal data

Our basis for collecting and processing personal data is one of the following:

  • Our contract with a Customer or Supplier: for example, when we process personal data to respond to a Customer request to enter into an agreement with us, or when processing personal data for billing purposes or any other purpose relating to the technology products and related services we provide to Customers in terms of our agreement with them, or when Suppliers provide products and services to us;
  • Our legitimate interest: for example, when we direct market to a Visitor, User or Customer or process personal data for our internal statistical or research purposes;
  • Legal or compliance requirements: for example, when we process personal data for a purpose required in law or when we liaise with authorities, or for reviewing our security practices.

When we process personal data as a Data Processor/Operator on behalf of our Customer, the Customer is responsible for determining the legal basis for processing. This may include that the Customer may require consent from a User before processing the information or sharing it with us for purposes of processing in terms of our agreement with the Customer.

Sharing your personal data with third parties

We do not sell personal data. We disclose personal data to employees, contractors, affiliated organizations and business partners in terms of this policy. When we share personal data it is only on a need to know basis and subject to contract regulating the use of the personal data by the recipient. We may share personal data as follows:

  • with regulators or similar bodies if required by any governmental regulatory authorities or similar bodies in terms of applicable law. We may also share it with law enforcement agencies if required in law;
  • with employees, service providers and contractors who provide services to us under contract;
  • with external professional service providers such as auditors and attorneys for purposes relating to our business operations;
  • any third party as a result of a sale, acquisition, merger, reorganization or other transfer (a “Transfer”) involving JourneyApps. JourneyApps specifically reserves the right to transfer personal data to a third party in connection with a Transfer. Should such a Transfer occur, we will request that the new combined entity follow this Privacy Policy with respect to your personal data, as and to the extent required by applicable law, and to require that you receive prior notice if your personal data could be used contrary to this Privacy Policy.

Your rights in respect of your personal data

You have certain rights in respect of your personal data. As available and except as limited under Applicable Laws, your rights include:

  • Right of access: the right to be informed of and request access to the personal data that we process about you;
  • Right to rectification: you may request that your personal data be amended or updated where it is inaccurate or incomplete;
  • Right to erasure: the right to request that we delete your personal data, subject to applicable limitations and exceptions;
  • Right to restrict processing: you may request that we temporarily or permanently stop processing your personal data;
  • Right to object:
    • you may object to us processing your personal data; and
    • to your personal data being processed for direct marketing purposes;
  • Right to information portability: you may request a copy of your personal data and request that data to be transmitted for use by another person; and
  • Right not to be subject to automated decision-making: where a decision that has a legal or other significant effect is based solely on automated decision making, including profiling, you may request that your data not be processed in that manner.

Where you have provided consent to process your personal data, you may also withdraw your consent where our processing is based on your consent. However, we may continue to process your information if another legal justification exists for the processing.

Note that where we process Personal Information as a Data Processor/Operator for our Customers, these rights must be applied against the Customer. We will fully cooperate with our Customer on any request relating to these rights.

Retaining your personal data

Each of our Customers may specify for how long we may retain the personal data collected from their Users. Unless specified otherwise in an agreement between us and a Customer, we retain personal data collected from that Customer’s Users for up to 3 years or, if earlier, for a maximum period of 60 days after our agreement with that Customer ends. If requested to do so, we provide Customers with a copy of the personal data. Thereafter, we permanently and securely delete the personal data.

Where we are the Controller/Responsible Party, we retain information in terms of our internal retention policies.

We may keep personal data indefinitely in a de-identified format for statistical purposes, which may include for example statistics of how data subjects use our services.

Security of your personal data

We are committed to take reasonable steps to keep your personal data safe and secured, and we implement appropriate technical and other security measures to protect the integrity and confidentiality of your personal data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure, unauthorized access, and other unlawful or unauthorized forms of processing, in accordance with applicable law.

We employ administrative, physical, and electronic measures designed to protect the personal data we store and process.

We use industry-standard technological means to protect personal data when stored on a User’s device, while in transit through the internet and when stored on our servers. We use encryption and a comprehensive authentication protocol to provide reasonable security. However, please remember that no security system on the internet is perfect.

Where you access the Platform or an Application using a username and password, please ensure that you always keep these safe and confidential and never share it with any third party. We will never ask you for your password. If someone contacts you, claiming to represent JourneyApps and requests your information, it is always best to request that you contact that person by first getting in touch with JourneyApps through a known and published communication channel such as our support desk, or telephone number and confirming that person’s identity.

You can get more information about our data security practices in our Data Security Whitepaper.

We will report any security breach in terms of Applicable Laws to the applicable regulatory authority and to the data subjects whose personal data is involved in the breach, unless you are a User. If you are a User and your personal data is affected by a security breach, we will inform our Customer about the breach.

If you want to report any concerns about our privacy practices or if you suspect any breach regarding your personal data, please notify us by sending an email to


Our website uses cookies. Please read our Cookie Policy for more information. You can manage your cookie preferences by visiting our Consent Preference Center.

Limitation of liability

We exercise reasonable efforts to safeguard the security and confidentiality of your personal data; however, transmissions protected by industry standard technology and administered by humans cannot be guaranteed to be secure in all circumstances. We will not be liable for unauthorized disclosure of personal data that occurs through no fault of JourneyApps including, but not limited to, errors in transmission, uses of your data by a third party, and your failure to comply with your security obligations.

Links to other websites and software services

This policy addresses only the use and disclosure of information that we collect from you through the Website and your use of the Platform or an Application, through our interaction with you or from interaction with our business partners. Our Website, Platform or Applications may contain links to other websites and software services. The fact that we link to a website or another software service is not an endorsement, authorization or representation of our affiliation with that third party. We do not exercise control over third party websites or software services. These other websites and software services may place their own cookies or other files on your computer, collect data, or solicit personal data from you. They follow their own rules regarding the use or disclosure of the personal data you submit to them. We recommend that you read the privacy policies or statements of these other websites and software services, if applicable.

Children’s and your sensitive personal data

As a Data Controller/Responsible Party we do not collect personal data from children under the age of 18. If you believe that a child has provided us with personal data without the consent of his or her parent or guardian, please contact us immediately at If we become aware that a child under age 18 has provided us with personal data, we will delete such data.

As a Data Controller/Responsible Party we do not intentionally collect sensitive or special personal data.

Where we process children’s or sensitive/special personal data as a Data Processor/Operator for our Customer, the Customer is responsible to ensure lawful processing and to obtain consents where required.

Cross-border transfers of your personal data

We make use of third party service providers as sub-processors and may transfer data cross border if our service provider conducts business in another jurisdiction. We only use reputable sub-processors who maintain rigorous security standards.

Any personal data transferred cross border will only be transferred in terms of an agreement requiring the recipient of the data to comply with all applicable requirements in respect of data privacy, and/or the recipient is subject to a law or binding corporate rules which provide an adequate level of protection that effectively upholds principles for reasonable processing of the information and includes provisions relating to the further transfer of personal information from the recipient to third parties who are in a foreign country.

Dispute resolution and complaints

If you have any concerns or claims with respect to our Privacy Policy, please contact our Data Protection Officer/Information Officer at We will investigate and attempt to resolve any complaints and disputes regarding our use and disclosure of personal data.

In terms of applicable laws, you may have the right to formally lodge a complaint about how we handle your personal data with your relevant regulatory authority in terms of the applicable law that applies to you.

If the GDPR applies to you, you may lodge a complaint with the European Commission by using the European Commission online complaint procedure or writing to the European Commission, Secretary-General B-1049 Brussels, BELGIUM, or sending a fax to +32 229 64 335.

If POPIA applies to you, you may a lodge a complaint with the Information Regulator with the following details:

  • Website:
  • Address: JD House, 27 Stiemens Street, Braamfontein, Johannesburg, South Africa 2001
  • Postal address: P.O Box 31533, Braamfontein, Johannesburg, South Africa 2017
  • Complaints email:
  • General enquiries email:

Updates to this Privacy Policy

This Privacy Policy may be updated from time to time in order to reflect changes in our practices. We will notify you of any material changes by posting the new Privacy Policy on our Website, and we will obtain the necessary consents as may be required under Applicable Laws if we seek to collect, use or disclose personal data for purposes other than those disclosed initially or for which consent has been obtained.

Except as stated above, all changes will apply to the personal data that has already been collected, and to personal data that is collected after the effective date of the revised Privacy Policy. If any proposed change is unacceptable to you, you will have the right to ask for the deletion of your personal data. You are advised to consult this Privacy Policy regularly for any changes.

How to contact us

If you have any questions, comments, concerns, complaints or claims with respect to our Website, our Platform or an Application, if your User account has been compromised by a hacker or scammer, if another User is abusing, harassing, or stalking you, if you find that certain content displayed on the Website, the Platform or an Application is inappropriate or prohibited by these terms, or if you have any other concern, please contact us by email at We will investigate and attempt to resolve the matter.