Privacy Policy - GreenLine

← Back to Home

XTIAN (PTY) Ltd ("GreenLine", "we", "us", or "our") is committed to protecting your privacy and complying with South Africa's Protection of Personal Information Act, 2013 ("POPIA").

            Your Privacy Matters: We collect only the information necessary to provide our DNS filtering service. We do not sell your personal information to third parties. We do not log the full content of your DNS queries for commercial purposes.
        

1. Information Officer

As required by POPIA, we have designated an Information Officer responsible for ensuring compliance with data protection requirements:

Information Officer: Legal Department, XTIAN (PTY) Ltd
Email: privacy@mygreenline.co.za
Contact for Data Subject Requests: privacy@mygreenline.co.za

2. Responsible Party Details

Name: XTIAN (PTY) Ltd
Trading As: GreenLine
Contact Email: support@mygreenline.co.za
Website: mygreenline.co.za

3. Information We Collect

3.1 Account Information

When you register for GreenLine, we collect:

Full name
Email address
Password (encrypted and hashed)
Billing information (processed securely by Paystack)
Physical address (for billing and firewall device shipping)
Phone number (optional, for account recovery)

3.2 Service Usage Information

To provide and improve our DNS filtering service, we collect:

Device identifiers (for device limit enforcement)
IP addresses (for connection management)
DNS query metadata (domains queried, timestamp, query type)
Filtering actions (blocked/allowed domains)
VPN connection logs
Service configuration preferences

3.3 Technical Information

Browser type and version
Operating system
Device type
Connection timestamps
Service performance metrics

3.4 Information We DO NOT Collect

We do not collect:

Full browsing history beyond DNS queries
Website content you view
Personal messages or communications
Race, religious beliefs, or political opinions
Health or biometric information
Criminal history

4. Legal Basis for Processing (POPIA Compliance)

We process your personal information based on:

Processing Activity	Legal Basis
Account management and service delivery	Contractual obligation (Section 11(1)(b))
DNS filtering and threat protection	Legitimate interest (Section 11(1)(f))
Billing and payment processing	Contractual obligation
Customer support	Contractual obligation
Service improvement and analytics	Legitimate interest
Marketing communications	Consent (can be withdrawn)
Legal compliance	Legal obligation (Section 11(1)(a))

5. How We Use Your Information

5.1 Service Delivery

Providing DNS filtering and content blocking
Enforcing safe search settings
Managing VPN connections
Configuring and managing firewall devices
Enforcing device limits per subscription plan

5.2 Service Improvement

Identifying and blocking new threats
Improving filter accuracy
Optimizing service performance
Analyzing usage patterns (aggregated and anonymized)

5.3 Account Management

Processing subscriptions and payments
Providing customer support
Sending service notifications
Managing family member accounts

5.4 Legal Compliance

Complying with South African law
Responding to lawful requests from authorities
Protecting our legal rights
Preventing fraud and abuse

6. Data Retention

6.1 Retention Periods

Data Type	Retention Period
Account information	Duration of account + 12 months
DNS query metadata	14 days (rolling window)
Connection logs	90 days
Billing records	7 years (tax law requirement)
Support tickets	3 years
Aggregated analytics	Indefinitely (anonymized)

6.2 Deletion

When retention periods expire, we securely delete or anonymize your data. You may request earlier deletion by exercising your data subject rights (see Section 9).

7. Information Sharing and Third Parties

7.1 We Share Information With:

Payment Processor:

Paystack: For processing subscription payments. Paystack has its own privacy policy and POPIA compliance measures.

Service Providers:

Email service providers (for transactional emails and notifications)
Hosting and infrastructure providers
Customer support tools

All third parties are contractually obligated to protect your data and use it only for specified purposes.

7.2 We DO NOT:

Sell your personal information to advertisers
Share your browsing data with marketers
Provide your DNS query data to third parties for commercial purposes
Sell or rent customer lists

7.3 Legal Disclosures

We may disclose information when:

Required by South African law
Ordered by a court or law enforcement
Necessary to protect our legal rights
Needed to prevent fraud or protect safety

We will notify you of legal requests unless prohibited by law.

8. Data Security

8.1 Security Measures

We implement appropriate technical and organizational measures including:

Encryption of data in transit (TLS/SSL)
Encryption of data at rest
Secure password hashing (bcrypt)
Regular security audits
Access controls and authentication
Firewall protection
Regular backups
Employee training on data protection

8.2 Data Breach Notification

As required by POPIA, if we experience a data breach that poses a risk to your rights and freedoms, we will:

Notify the Information Regulator within 72 hours
Notify affected users as soon as reasonably possible
Provide details about the breach and mitigation steps
Report through the Information Regulator's eServices Portal

9. Your Rights Under POPIA

As a data subject under POPIA, you have the following rights:

9.1 Right of Access (Section 23)

You may request confirmation of what personal information we hold about you and access to that information.

9.2 Right to Correction (Section 24)

You may request correction of inaccurate or incomplete personal information.

9.3 Right to Deletion (Section 24)

You may request deletion of your personal information when:

It's no longer necessary for the purpose collected
You withdraw consent (where consent was the basis)
You object to processing
The information was unlawfully obtained

9.4 Right to Object (Section 11(3))

You may object to processing of your personal information on reasonable grounds.

9.5 Right to Restriction

You may request restriction of processing in certain circumstances.

9.6 Right to Data Portability

You may request your data in a structured, commonly used format.

9.7 How to Exercise Your Rights

To exercise any of these rights, contact us at:

Email: privacy@mygreenline.co.za
Subject Line: "Data Subject Request"
Response Time: We will respond within 30 days

10. Cookies and Tracking

10.1 Cookies We Use

Cookie Type	Purpose	Consent Required
Session cookies	Authentication and security	No (strictly necessary)
CSRF tokens	Security protection	No (strictly necessary)
Preference cookies	Remember your settings	Yes (optional)
Analytics cookies	Service improvement	Yes (optional)

10.2 Managing Cookies

You can control cookies through your browser settings. Note that disabling essential cookies may affect service functionality.

11. Children's Privacy

GreenLine is a family safety service. We collect minimal information about child users:

Children under 18 must have parental consent
Parents/guardians control child accounts
We collect only information necessary for filtering
Children's data receives enhanced protection
Parents may access and delete children's data at any time

12. International Data Transfers

Your data is primarily stored and processed in South Africa. If we transfer data internationally:

We ensure adequate data protection measures
We use standard contractual clauses where applicable
We comply with POPIA's cross-border transfer requirements

13. Marketing Communications

We may send you marketing emails about:

New features and services
Special offers and promotions
Service tips and best practices

You can opt out at any time by:

Clicking "unsubscribe" in any marketing email
Contacting support@mygreenline.co.za
Updating preferences in your account settings

Note: You cannot opt out of essential service emails (security alerts, billing notifications, service changes).

14. Changes to This Privacy Policy

We may update this policy to reflect:

Changes in our services
Legal or regulatory updates
Best practice improvements

We will notify you of material changes via:

Email to your registered address
Prominent notice on our website
In-app notification

15. Contact Us

For privacy-related questions or concerns:

Privacy Inquiries: privacy@mygreenline.co.za
Information Officer: privacy@mygreenline.co.za
General Support: support@mygreenline.co.za
Website: mygreenline.co.za

16. Complaints to the Information Regulator

If you believe we have violated POPIA, you may lodge a complaint with:

Information Regulator (South Africa)
Email: inforeg@justice.gov.za
Website: www.justice.gov.za/inforeg
Phone: +27 (0)10 023 5200

We encourage you to contact us first so we can address your concerns directly.

17. Governing Law

This Privacy Policy is governed by the laws of the Republic of South Africa, including POPIA and related regulations.