PRIVACY POLICY
How we collect, use, and protect your personal information.
Last updated: January 2025
1. Introduction
The Gravalist Company Pty Ltd ("we," "our," or "us"), a company registered in South Africa, respects your privacy and is committed to protecting your personal data in accordance with the Protection of Personal Information Act (POPIA). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our platform at gravalist.com for ultra-endurance sports events, routes, and community engagement.
2. Information We Collect
2.1 Personal Information
When you register and use our platform, we collect:
- Email address (primary identifier for privacy reasons)
- First and last name
- City/location information
- Profile information you choose to provide
- Communication preferences
2.2 Activity and Usage Data
Important: We comprehensively track and store all your platform activity, including:
- Every action you take on the platform (clicks, navigation, form submissions)
- Onboarding progress and step completion times
- Event registrations and participation data
- Ride start times, finish times, and completion status
- Points earned and leaderboard interactions
- Community interactions and contributions
- Technical data (device type, browser, IP address, session duration)
- Feature usage patterns and engagement metrics
2.3 Ride and Performance Data
- GPS tracking data and route progress (if you choose to share)
- Start and finish confirmations
- Photo uploads and ride documentation
- Post-ride reflections and ratings
- Equipment and preparation information
3. How We Use Your Information (Purpose of Processing)
Under POPIA, we process your information for the following specific purposes:
- Event Participation: Registration, logistics, results tracking, and verification of fair play
- Community Engagement: Routes, leaderboards, user stories, shared content, and community interactions
- Platform Services: Account management, progress tracking, and points calculation
- Communication: Important updates about events and platform changes
- Improvement: Platform functionality enhancement and user experience optimization
- Security: Detecting and preventing platform abuse or security issues
- Legal Compliance: Meeting legal obligations and regulatory requirements
- Partner Sharing: Sharing with event organizers, sponsors, and partners for event management and community value
4. Data Ownership and Storage
By using Gravalist, you acknowledge that all activity data generated through your use of the platform becomes part of our database and belongs to Gravalist. This includes:
- Your progression through onboarding steps and events
- Timing data, completion rates, and engagement patterns
- Community contributions and interactions
- Points, achievements, and leaderboard positions
- Platform usage analytics and behavioral data
This data is essential for maintaining community features, calculating fair leaderboard rankings, and continuously improving the platform experience for all members.
5. Information Sharing and Disclosure
5.1 Community Features
Some information is shared within the Gravalist community:
- Your chosen display name on leaderboards
- Points earned and community ranking
- Event participation and completion status
- Public profile information you choose to share
5.2 Authorized Sharing with Partners
We share data with authorized parties under contracts for legitimate purposes:
- Event organizers for event management and logistics
- Sponsors for recognition and community value initiatives
- Partners for enhanced event experiences and services
- International sharing only where comparable protection standards exist
5.3 We Do NOT Share
- Your email address with other members
- Personal data with third parties for marketing purposes without consent
- Detailed activity data outside of legitimate business purposes
5.4 Legal Requirements
We may disclose your information if required by law, regulation, legal process, or governmental request in accordance with POPIA and South African law.
6. Proprietary Route Data Protection
Our route files, GPX data, and course information are proprietary. We use your activity data to:
- Ensure route data is only accessed by authorized members
- Monitor for unauthorized sharing or distribution
- Detect attempts to bypass platform controls
- Protect our intellectual property rights
7. Data Security and Breach Handling
We implement appropriate technical and organizational security measures to protect your personal information, including:
- Encryption for payment processing and sensitive data
- Controlled access for user accounts and data
- Regular security updates and monitoring
- Industry-standard safeguards and protection measures
Breach Response: In the event of a data breach, we will notify the South African Information Regulator and affected users as required by POPIA, providing details of the breach and steps taken to address it.
8. Data Retention and Monitoring
We retain your personal information for as long as necessary to:
- Provide our services and maintain your account
- Comply with legal obligations and POPIA requirements
- Resolve disputes and enforce our agreements
- Maintain platform history and community archives (leaderboards, routes completed)
- Support ongoing community engagement and fair play verification
Community Archives: Please note that participation records like leaderboards and completed routes may remain visible as part of community archives and platform history, even after account deletion.
9. Your POPIA Rights
Under the Protection of Personal Information Act (POPIA), you have the following rights:
- Access: Request access to your personal data we hold (e.g., event history, community profile)
- Correction: Request correction or updating of inaccurate personal data
- Deletion: Request deletion of your data (except where records must be kept for legal or historical purposes)
- Withdraw Consent: Withdraw consent for data processing (may limit event or community participation)
- Object to Processing: Object to processing of your data for specific purposes
- Data Portability: Request your data in a portable format where technically feasible
Important: Some data may be retained to maintain community features, prevent abuse, and comply with legal requirements. Withdrawing consent may limit your ability to participate in events and community features. To exercise these rights, contact us through the platform or our Information Officer.
10. Cookies and Tracking
We use essential cookies and similar technologies to maintain your session, remember your preferences, and ensure platform functionality. We do not use tracking cookies for advertising purposes.
11. Children's Privacy
Our platform is not intended for individuals under 18 years of age. We do not knowingly collect personal information from children under 18.
12. International Data Transfers
Your information may be transferred to and processed in countries other than your own. We ensure appropriate safeguards are in place for such transfers.
13. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new Privacy Policy on this page and updating the "Last updated" date.
14. Contact Us and Information Officer
If you have any questions about this Privacy Policy or wish to exercise your POPIA rights, please contact us through the platform or at the contact information provided on gravalist.com.
Information Officer: The Gravalist Company Pty Ltd has appointed and registered an Information Officer with the South African Information Regulator for POPIA compliance matters. Contact details for our Information Officer are available upon request for privacy-related inquiries and rights requests.
© 2025 The Gravalist Company Pty Ltd - Self Sufficiency | Responsibility | Honour
Registered in South Africa | POPIA Compliant | Information Officer Registered