Data privacy
Policy.
1. Google user data
When you sign in with Google, we access your name, email address, and profile picture. This data is used exclusively to:
2. Data we collect
We collect only what is necessary to operate the platform:
3. Third-party services
AirUpsell uses the following third-party services to operate the platform. Each has its own privacy policy:
Supabase
Database & authentication infrastructure (servers in EU)
PayFast
Payment processing — PCI-DSS compliant, South African processor
ZeptoMail
Transactional email delivery (order confirmations, door codes)
Twilio
SMS OTP verification for phone-based login
Vapi
AI voice concierge — call recordings are not retained
Google (Gemini / Maps)
AI recommendations and location enrichment
Google AdSense
Advertising network — may use cookies to serve personalized ads based on prior visits
Foursquare
Merchant discovery and venue data enrichment
Mapbox / LocationIQ
Map rendering and address geocoding
Upstash
Rate limiting — stores anonymised IP hashes, auto-expiring
Sentry
Error monitoring — may capture anonymised stack traces
4. AI & Location Services
To provide hyper-local recommendations, we process your real-time location within your browser session. Location data is used exclusively to rank and surface nearby merchants and is never written to our database. Our AirUpsell Assistant processes chat messages to generate recommendations. These conversations are not used to train AI models and are retained only for the duration of your session unless an order is placed.
5. Payment Security
AirUpsell does not store credit card numbers or CVV codes on our infrastructure. All card data is handled exclusively by PayFast, which is PCI-DSS Level 1 compliant. Merchant banking details submitted for payout purposes are encrypted at rest using 256-bit AES encryption and are accessible only to authorised AirUpsell administrators.
6. Cookies & Tracking
We use the following categories of cookies:
Essential
Required for the platform to function — authentication sessions, cart state. These cannot be declined.
Analytics
Used to understand how users interact with the platform (e.g., PostHog). Only activated if you accept cookies via our consent banner.
You can change your cookie preferences at any time by clearing your browser's local storage for airupsell.com.
7. Data Retention
8. Your Rights (POPIA & GDPR)
Under the Protection of Personal Information Act (POPIA) and the General Data Protection Regulation (GDPR), you have the following rights:
Access
Request a copy of all personal data we hold about you
Correction
Request correction of inaccurate or incomplete data
Deletion
Request permanent erasure of your data (subject to legal retention requirements)
Objection
Object to processing of your data for direct marketing
Portability
Request your data in a structured, machine-readable format
Complaint
Lodge a complaint with the Information Regulator of South Africa
Data deletion protocol
To permanently delete your profile, order history, concierge chat logs, and all associated records, email hello@airupsell.com with the subject line "Deletion request" and your registered email address. Requests are processed within 48 hours. Note: order records required for financial compliance (7 years) will be anonymised rather than deleted.
10. Contact & Information Officer
AirUpsell's designated Information Officer (as required by POPIA) can be contacted at hello@airupsell.com. For urgent data breaches or security concerns, please use the subject line "DATA BREACH" for priority handling.
11. Advertising & Third-Party Cookies
We use Google AdSense to display advertisements on our platform. To provide a tailored experience, Google and its partners may use cookies (such as the DoubleClick cookie) to serve ads based on your prior visits to our platform and/or other websites on the internet.
• Personalized Advertising: You can opt out of personalized advertising by visiting Google's Ads Settings.
• Third-Party Vendors: Alternatively, you can opt out of some third-party vendors' uses of cookies for personalized advertising by visiting aboutads.info.
Users in the European Economic Area (EEA) and UK will be presented with a consent banner upon their first visit, allowing them to explicitly manage their preferences regarding ad personalization and analytics cookies in compliance with the GDPR.