Privacy Policy (POPIA Notice)
Last updated: 5 July 2026
This notice explains how Dishly ("we") processes personal information about visitors and members, in line with the Protection of Personal Information Act, 2013 (POPIA).
1. Who is responsible
Dishly is the responsible party. Contact us at info@dishly.co.za with any privacy question, access request, or complaint.
2. What we collect
- Account information: display name, email address, password (hashed), profile details you add.
- Submitted content: recipes, blog posts, photos, comments, reviews, and metadata about them.
- Technical data: IP address, browser and device information, log data, and cookies (see the Cookie Notice).
- Communication data: messages you send us, contact-form submissions, newsletter signups.
- Moderation data: reports you submit, flags on your content, warnings issued to your account.
3. Why we use it (purposes and lawful basis)
- Create and manage your account - necessary for the contract with you.
- Publish your submissions and show them to other users - with your consent.
- Allow reviews, comments, and interactions - necessary for the service you asked for.
- Moderate content and enforce the Terms - legitimate interest in a safe community.
- Send account and service notices - necessary for the service.
- Send the newsletter - only where you have opted in.
- Improve site performance, security, and prevent abuse - legitimate interest.
- Comply with legal obligations.
4. Direct marketing (newsletter)
We send marketing emails (like the newsletter) only where you have given clear opt-in consent. The signup checkbox is never pre-ticked. Every marketing email includes an unsubscribe link, and you can also email us to be removed.
5. Children
You must be at least 13 to create an account. If you are under 18 you must have a parent or legal guardian's consent to use the site or receive emails from us. If you believe a child has provided us with personal information without proper consent, contact us and we will delete it.
6. Who we share it with
We share personal information only with service providers who help us run the site:
- Our hosting and backend provider (Lovable Cloud).
- Our email delivery provider (for confirmation and newsletter emails, if enabled).
- Law enforcement or courts, if we are legally required to disclose information.
We do not sell your personal information.
7. Cross-border transfers
Some service providers store or process data outside South Africa. Where this happens we rely on the provider's own compliance measures and contractual safeguards, as permitted by POPIA.
8. How long we keep it
- Account data: while your account is active, and for a reasonable period after deletion for legal, backup, and abuse-prevention purposes.
- Submitted content: while it is published; anonymised traces may remain if a submission is deleted.
- Newsletter subscribers: until you unsubscribe, then retained only to honour the unsubscribe.
- Logs and technical data: typically no longer than 12 months.
9. Your rights under POPIA
You have the right to:
- Ask what personal information we hold about you (access).
- Ask us to correct or delete inaccurate or unnecessary information.
- Object to processing based on legitimate interest.
- Withdraw consent for direct marketing at any time.
- Complain to the Information Regulator (South Africa).
To exercise a right, email info@dishly.co.za. We may need to verify your identity before acting.
10. Security
We use reasonable technical and organisational safeguards (encrypted transport, hashed passwords, access controls). No online service is perfectly secure - please use a strong, unique password and tell us immediately if you suspect account misuse.
11. Information Regulator
You can contact the Information Regulator of South Africa at inforegulator.org.za.
12. Changes to this notice
We may update this notice. Material changes will be highlighted on the site. The "Last updated" date at the top shows when it last changed.

