Privacy Policy

Version 3.0 · Last updated: 5 November 2025

Alter TCS ("we", "us", "our") respects your privacy and is committed to processing personal information responsibly in accordance with the Protection of Personal Information Act, 2013 (POPIA), the Consumer Protection Act (CPA), and applicable global best practice.

Privacy-First Approach

We use privacy-friendly tooling, avoid invasive tracking, and only collect data essential for the services you request. No data sales. No hidden tracking. Ever.

Encrypted

TLS 1.3 protection

POPIA Compliant

South African law

Cookie-Free Analytics

Plausible privacy

1. Scope & responsibility

This policy covers all Alter TCS customer touchpoints including our online store, marketplace trading, community events, and support channels. The appointed Information Officer oversees compliance and can be reached at privacy@altertcs.co.za.

2. What we collect & why

We maintain a minimal data inventory. The table below summarises the categories of personal information we process, why we process it, the lawful basis relied on, and how long we keep it.

Category	Examples	Primary purposes	Lawful basis	Retention
Account & identity data	Full name Email address Delivery and billing addresses Contact number	Create and administer your Alter TCS account Fulfil orders and provide customer support Verify ownership for events and marketplace trading	Contractual necessity; compliance with the Consumer Protection Act (CPA)	For the lifetime of the account and 3 years thereafter (CPA record-keeping)
Order & transaction history	Purchased items Wishlist and saved carts Courier tracking references	Deliver products and manage returns/exchanges Provide purchase history for collection management Resolve courier disputes and fraud investigations	Contractual necessity; legal obligation under South African tax law	7 years to comply with SARS requirements
Payment authorisations	PayFast payment token Masked card details Transaction outcome	Process secure online payments Prevent fraudulent or unauthorised transactions Issue refunds where applicable	Contractual necessity; legitimate interest in fraud prevention	PayFast retains records per PCI-DSS. Alter TCS stores only token references for 3 years
Device & security telemetry	IP address (short-lived) Browser/OS version Login timestamps Error diagnostics	Maintain platform security and investigate suspicious activity Optimise site performance across devices Generate anonymised stability metrics	Legitimate interest in securing our services	Security logs retained for 12 months then anonymised
Privacy-friendly analytics	Aggregated page views Referrer URL (truncated) Non-identifiable events (theme toggle, search usage)	Understand product demand and improve user experience Measure performance of launches without profiling individuals	Legitimate interest – collected via Plausible Analytics with no cookies or personal data	Aggregated metrics retained for 24 months inside Plausible EU cloud

3. Cookies & local storage

We do not set marketing or advertising cookies. Instead we rely on essential local storage keys that stay on your device. They are required for shopping, security, and accessibility.

Storage key	Purpose	Essential?
altertcs:wishlist	Saves wishlist selections for quick reference	Essential
altertcs:cart	Maintains your cart across sessions	Essential
theme	Remembers light/dark/retro preferences	Essential
fx-enabled / fx-density / fx-sound	Stores visual effects toggles	Essential
sound-effects-enabled / lofi-music-enabled	Remembers audio ambience preferences	Essential
retro:enabled	Activates retro interface mode	Essential
gacha:lastWeek	Determines weekly gacha eligibility	Essential
recently-viewed	Displays your last seen products	Essential
altertcs:analytics-opt-out	Stores your Plausible analytics opt-out choice	Essential

For full details see our Cookie & Local Storage Policy.

4. Privacy-friendly analytics

We use Plausible Analytics, a European-hosted, privacy-first service. Plausible does not set cookies or collect personally identifiable data. It respects the Do Not Track (DNT) browser signal by default.

Page views and navigation flows are aggregated and anonymised.
IP addresses are truncated and never stored.
Data is processed within the EU and is GDPR and POPIA compliant.
You may opt out by enabling DNT, clearing local storage, or settingaltertcs:analytics-opt-outto true.

5. How we secure your information

In accordance with Section 19 of POPIA (Security Safeguards), we implement appropriate technical and organisational measures to protect personal information:

TLS 1.3 encryption for all data in transit.
Role-based access controls and least-privilege access for staff.
Quarterly security reviews and vulnerability patching cadence.
PCI-DSS compliant payment processing via PayFast — Alter TCS never stores full card data.
Regular data minimisation reviews to ensure we retain only what is necessary.
Secure cloud infrastructure hosted in compliant data centres with physical and digital access controls.

5.1 Data breach notification

As required by Section 22 of POPIA, if we discover an unauthorised access to or acquisition of personal information that compromises the confidentiality, integrity, or availability of your data, we will:

Notify you as soon as reasonably possible after becoming aware of the compromise, unless a public body responsible for detection or prevention of security compromises determines notification will impede a criminal investigation.
Send notification via email to your registered address, or publish a notice on our website if email notification is not feasible.
Notify the Information Regulator of South Africa as required by law.
Include in the notification: (a) a description of the possible consequences of the breach, (b) measures we are taking to address the breach, (c) recommended actions you can take to protect yourself, and (d) the identity of the unauthorized party, if known.

6. Your privacy rights

Under POPIA and international best practices, you have comprehensive control over your data:

Confirm whether we hold personal information about you

Request a copy of the personal information we maintain

Ask us to correct inaccurate, incomplete, or outdated data

Request deletion of data that we are not legally required to keep

Object to or restrict certain processing activities

Withdraw consent where processing relies on consent

Lodge a complaint with the Information Regulator

Free data requests: We don't charge fees for standard requests. Manifestly unfounded or excessive requests may incur a reasonable administrative fee as permitted by POPIA.

7. Submitting a data request

Email privacy@altertcs.co.za with the subject line ‘POPIA Request’.
Describe the right you wish to exercise and include enough information for verification (order number, account email).
We acknowledge receipt within 5 business days and may request additional verification where necessary.
A substantive response is provided within 30 calendar days, or we will explain any lawful extension.

If you are unhappy with our response you may escalate to the Information Regulator of South Africa at inforeg@justice.gov.za or visit inforegulator.org.za.

8. International transfers

Data is primarily hosted in South Africa. Where services are provided from other jurisdictions (for example, EU-based Plausible Analytics or global content delivery networks), we ensure appropriate contractual safeguards and technical controls are in place as required by POPIA Chapter 9.

9. Children and vulnerable individuals

Our products and community spaces are designed for individuals aged 18 and older. If you believe a minor has provided personal information, please notify us immediately so we can investigate and remove the data.

10. Changes to this policy

We update this policy when legal, operational, or technological changes require it. When we make material updates, we will notify registered customers via email and post a notice on our website at least 7 days before the changes take effect.

11. Contact

Information Officer

Alter TCS

Email: privacy@altertcs.co.za

Address: Salt River, Cape Town, South Africa

Shopping Cart

Your cart is empty