Privacy Policy
Last updated: 7 July 2026
This policy explains how Nelo (“we”, “us”) collects, uses and protects personal information when you use nelo.co.za. We process personal information in accordance with the Protection of Personal Information Act, 2013 (POPIA).
1. Information we collect
Account information
- Name, email address and password (stored as a secure hash)
- For Providers: business name, description, contact details and address
Booking and loyalty information
- Bookings you make or receive: service, date, time, amount, notes you add, and the staff member the booking is with
- Loyalty points, rewards and voucher usage
Billing information
- Subscription plan, invoices and payment references. Card payments are processed by Paystack — we never see or store your full card number, only a payment reference and the card's last four digits.
Technical information
- Log data needed to run and secure the Service (such as IP address, browser type and timestamps), and cookies required for sign-in and session management. We do not use third-party advertising cookies.
2. How we use your information
- To operate bookings, loyalty programs and vouchers
- To send transactional email (confirmation links, booking confirmations, payment receipts, team invitations)
- To bill Provider subscriptions and prevent fraud
- To provide support and improve the Service
- To meet legal obligations
We do not sell personal information, and we do not use it for third-party advertising.
3. Sharing between Customers and Providers
When you book with a Provider, that Provider can see your name, your contact details and your booking and loyalty history with them — this is necessary for them to deliver the service. Providers may only use this information to manage their relationship with you.
4. Service providers we rely on
- Supabase — database, authentication and hosting of application data
- Paystack — payment processing
- Resend — transactional email delivery
- Vercel — application hosting
These operators process personal information on our instructions under their own security and confidentiality obligations. Some operate outside South Africa; where information is transferred across borders we rely on the safeguards in section 72 of POPIA.
5. How long we keep information
We keep your information while your account is active. If you close your account we delete or de-identify personal information within a reasonable period, except records we must keep for legal, tax or fraud-prevention purposes (such as invoices).
6. Security
We protect personal information with appropriate technical and organisational measures, including encryption in transit, hashed passwords, row-level access controls in our database, and restricted administrative access. No system is perfectly secure; if a breach affecting your information occurs we will notify you and the Information Regulator as required by POPIA.
7. Your rights
Under POPIA you may:
- ask what personal information we hold about you;
- ask us to correct or delete it;
- object to processing, or withdraw consent where relied on;
- complain to the Information Regulator (South Africa) at inforegulator.org.za.
To exercise any of these rights, email support@nelo.co.za. We respond within a reasonable time and at most within the periods POPIA prescribes.
8. Children
The Service is not directed at children. We do not knowingly process a child's personal information without the consent of a competent person.
9. Changes to this policy
We may update this policy as the Service evolves. Material changes will be announced in the app or by email before they take effect. The “Last updated” date above shows the current version.
See also our Terms of Service.

