DA Activity Tracker

Privacy Policy

Last updated: 7 April 2026

The short version: Your activities, photos, and locations stay on your device. We only store your email, phone, and an encrypted password on our servers so you can sign in. We don't track you, sell your data, or share it with anyone.

1. Who we are

DA Activity Tracker (the "App") is operated independently and is not officially affiliated with or endorsed by the Democratic Alliance political party. This Privacy Policy explains how we collect, use, and protect your personal information in compliance with the Protection of Personal Information Act, 2013 (POPIA) of South Africa.

For the purposes of POPIA, the operator of the App is the Responsible Party for the limited personal information we collect on our authentication servers.

2. Information we collect

2.1 Information stored on your device only

The following information is created and stored entirely on your phone in a local SQLite database. It is not transmitted to our servers or anywhere else:

  • Photos taken via the in-app camera or selected from your gallery to document activities.
  • Location data — GPS coordinates and reverse-geocoded addresses captured when you log an activity (only with your permission).
  • Activity data — titles, descriptions, categories, and dates you enter for each logged activity.
  • App preferences — your PIN (stored as a one-way hash), biometric setting, and other in-app settings.

2.2 Information stored on our servers

The following limited information is stored on our authentication provider (Supabase, see Section 6) so that you can sign in across devices and so we can verify your identity:

  • Email address (used as your sign-in identifier)
  • Phone number (collected for record-keeping and future features such as SMS notifications — never sold or shared)
  • Password (stored as a salted, irreversible hash by our authentication provider — we cannot read your password)
  • Account metadata (account creation date, last sign-in timestamp)

3. How we use your information

Your information is used solely to:

  • Let you record and track your DA-related activities on your own device.
  • Generate proof-of-attendance PDF documents that you can share or hand to your branch.
  • Display your activity locations on an in-app map.
  • Authenticate you when you sign in to the App.
  • Send you a one-time verification code at sign-up.

We do not use your data for advertising, profiling, analytics, marketing, or sale to any third party.

4. Permissions we request

  • Camera — to take photos of your activities. You can decline; in that case you can still upload existing photos from your gallery.
  • Photo Library — to let you select existing photos to attach to an activity.
  • Location (When In Use) — to GPS-tag your activities at the moment you log them. You can decline; in that case activities will be saved without coordinates.
  • Face ID / Touch ID — only used to unlock the App if you enable biometric unlock. The biometric data never leaves your device.

5. Data retention

Your activity data, photos, and location data are kept on your device for as long as you keep the App installed. Uninstalling the App will delete this data permanently from your device.

Your account information (email, phone, hashed password) is kept on our authentication servers until you delete your account. When you delete your account from inside the App (Settings → Delete Account), your record is permanently and immediately removed from our authentication servers.

6. Third-party services we use

We use a small number of trusted third-party services to operate the App. Each is bound by their own privacy obligations:

  • Supabase — handles user authentication (sign-up, sign-in, password hashing). Stores your email, phone, and hashed password. Hosted in the EU/US. Privacy policy.
  • Resend — delivers the one-time verification code email at sign-up. Receives only your email address and the code itself. Privacy policy.
  • Apple App Store / Google Play — distribute the App. They may collect aggregate download statistics.

We do not use any analytics, advertising, crash reporting, or tracking SDKs.

7. Your rights under POPIA

As a data subject under POPIA, you have the following rights regarding the personal information we hold about you:

  • Right of access — you may request confirmation of what personal information we hold about you.
  • Right to correction — you may ask us to correct inaccurate or incomplete personal information.
  • Right to deletion — you may delete your account at any time directly inside the App (Settings → Delete Account), which removes your record from our servers permanently.
  • Right to object — you may object to the processing of your personal information.
  • Right to lodge a complaint — you may lodge a complaint with the Information Regulator of South Africa (inforegulator.org.za).

8. Children's privacy

The App is not intended for use by anyone under the age of 18. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us and we will delete it.

9. Security

We take reasonable technical and organisational measures to protect your personal information:

  • All data on our authentication servers is encrypted in transit (TLS) and at rest.
  • Passwords are hashed using industry-standard one-way hashing — even we cannot read them.
  • Local data on your device can be optionally protected with a PIN and biometric lock.
  • Your PIN is stored as a one-way hash on your device — it never leaves your phone.

Despite these measures, no system is completely secure. You are responsible for keeping your sign-in credentials and device safe.

10. International data transfers

Our authentication and email-delivery providers may store your information on servers located outside South Africa (typically in the EU or US). By using the App, you consent to this transfer. Both providers comply with GDPR and equivalent data protection standards that meet POPIA's cross-border transfer requirements.

11. Changes to this policy

We may update this Privacy Policy from time to time. Material changes will be communicated through the App and an updated "Last updated" date will appear at the top of this page. Continued use of the App after changes take effect constitutes acceptance of the updated policy.

12. Contact us

If you have questions about this Privacy Policy or wish to exercise any of your rights under POPIA, you can reach us at: