Privacy Policy

This Privacy Policy applies to all users of the SQUIDS platform, accessible via squids.co.za and all associated mobile applications and services. SQUIDS is a global platform where ideas surface — a social platform built for questions, debate, and open conversation. When you use SQUIDS, you entrust us with information about yourself, and we take that responsibility seriously.

By using SQUIDS, you consent to the processing of your personal information as described in this Policy. This Policy must be read in conjunction with our Terms of Service and Cookie Policy, all of which form part of the binding agreement between you and SQUIDS.

SQUIDS processes personal information in accordance with the following legal framework, listed in order of primary applicability. Where obligations overlap or conflict, South African law applies as the primary jurisdiction unless mandatory rights in a user's local jurisdiction require otherwise.

South Africa — Primary Jurisdiction

Our primary data protection obligations are governed by the Protection of Personal Information Act, 2013 (Act No. 4 of 2013) ("POPIA"), read together with its subordinate Regulations Relating to the Protection of Personal Information, 2018. POPIA is underpinned by Section 14 of the Constitution of the Republic of South Africa, 1996, which enshrines the Right to Privacy as a fundamental constitutional right. Our marketing and notification practices are also governed by the Consumer Protection Act, 2008 (CPA), and our electronic operations are governed by the Electronic Communications and Transactions Act, 2002 (ECTA). Data breach obligations are informed by the Cybercrimes Act, 2020.

United Kingdom

For users located in the United Kingdom, our processing of personal data is additionally governed by the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018 (DPA 2018), and the Data (Use and Access) Act 2025 (DUAA), the provisions of which are coming into force progressively throughout 2026. Cookie-related obligations for UK users are further governed by the Privacy and Electronic Communications (EC Directive) Regulations 2003 (PECR).

Australia

For users located in Australia, we observe the Privacy Act 1988 (Cth) and its 13 Australian Privacy Principles (APPs) as contained in Schedule 1. We also comply with the reforms introduced by the Privacy and Other Legislation Amendment Act 2024 (Cth). Where SQUIDS sends commercial electronic messages to Australian users, the Spam Act 2003 (Cth) applies.

United States

SQUIDS does not knowingly collect personal information from users under the age of 13. Our minimum age policy of 16 years for all users means that SQUIDS exceeds the threshold requirements of the Children's Online Privacy Protection Act (COPPA). No COPPA-applicable data collection will be conducted.

Information you provide directly

When you register for SQUIDS, we collect your username, display name, email address, and password (stored in hashed and salted form — we never store passwords in plain text). You may also provide optional profile information including a bio, profile image, and any other details you choose to add to your public profile. The content you post on the Platform — including questions, posts, comments, and replies — is also information you provide directly and is subject to this Policy.

Information collected automatically

When you use SQUIDS, we automatically collect certain technical information about your device and your use of the Platform. This includes your IP address, browser type and version, operating system, referring URLs, pages visited, features used, time spent on the Platform, and interaction patterns. This information is used to operate, maintain, and improve the Platform, to detect and prevent abuse, and to understand how users engage with the service.

Information from cookies and tracking technologies

SQUIDS uses cookies and similar technologies as described in detail in our Cookie Policy. These may collect device identifiers, session information, and usage data to maintain your login session, remember preferences, and support analytics.

Information from third parties

If you choose to use third-party authentication providers to log in to SQUIDS, those providers may share certain profile information with us in accordance with their own terms and privacy policies. We receive only what is necessary for authentication purposes.

SQUIDS uses your personal information only for legitimate and necessary purposes. Specifically, we use your information to operate and provide the Platform and its features; to authenticate your identity and manage your account; to enforce our Terms of Service and Community Guidelines; to detect, investigate, and prevent fraud, abuse, security incidents, and violations of our policies; to display advertising on the Platform in the manner described in our Terms of Service; to send you service-related communications such as account notifications, security alerts, and policy updates; to analyse usage trends and improve the Platform's performance, reliability, and features; and to comply with our legal obligations under POPIA and other applicable legislation. We do not use your personal information for automated decision-making that produces significant legal effects, except where expressly permitted by applicable law and with appropriate safeguards.

We do not use your personal information to send you unsolicited marketing communications unless you have expressly opted in to receive such communications. You may opt out of any marketing communications at any time by following the unsubscribe instructions in those communications or by contacting us at legal@squids.co.za.

Under POPIA, every instance of processing personal information requires a lawful basis. SQUIDS processes your personal information on the following grounds: your consent, where you have given us explicit consent to process your information for a specific purpose; the performance of a contract, where processing is necessary to deliver the services described in our Terms of Service; a legitimate interest of SQUIDS or a third party, where that interest is balanced against and does not override your rights and freedoms; and a legal obligation, where processing is required by South African law or the order of a competent court or authority.

Where we rely on consent as a lawful basis, you have the right to withdraw that consent at any time by contacting us at legal@squids.co.za. Withdrawal of consent will not affect the lawfulness of processing that took place before the withdrawal. For UK users, our lawful bases under UK GDPR correspond to those described above and are provided in our supplementary UK Privacy Notice, available on request.

We do not sell your personal information to any third party under any circumstances. We may share your personal information in the following limited circumstances. We share data with service providers and infrastructure partners — such as cloud hosting providers, analytics providers, and content delivery networks — who process data on our behalf under strict contractual obligations that require them to protect your information and use it only for the purposes we specify. We share data with law enforcement authorities and regulatory bodies where required by South African law, a valid court order, or a lawful request from a competent authority; in such cases we will, where legally permitted, notify you of the disclosure. In the event of a merger, acquisition, business combination, or sale of substantially all of SQUIDS's assets, your information may be transferred to the successor entity, subject to equivalent confidentiality and privacy protections.

All third-party processors with whom we share personal information are contractually required to maintain the confidentiality, security, and integrity of that information in accordance with POPIA and any other applicable data protection law.

We use cookies and similar technologies to maintain your login session, remember your preferences, analyse how users interact with the Platform, and support the delivery of advertising. A complete explanation of the cookies we use, their purpose, their duration, and how to manage your preferences is provided in our Cookie Policy.

Under POPIA, you have the following rights as a data subject. You have the right to access the personal information that SQUIDS holds about you and to receive a copy of that information in a reasonable format. You have the right to request the correction of any personal information that is inaccurate, incomplete, or out of date. You have the right to request the deletion or destruction of your personal information where processing is no longer necessary, where you have withdrawn consent, or where processing is unlawful — subject to our legal retention obligations. You have the right to object to the processing of your personal information where that processing is based on legitimate interests, and to request that processing be restricted pending resolution of that objection. You have the right to receive your personal information in a portable, structured, and machine-readable format. You have the right to lodge a complaint with the Information Regulator of South Africa if you believe your rights under POPIA have been violated.

To exercise any of your rights under POPIA, please submit a written request to our Information Officer. We will acknowledge your request within three business days and respond fully within 30 days as required by POPIA. Please include your registered email address, a description of the nature of your request, and proof of identity to enable us to verify and process your request securely.

If you are dissatisfied with our response to your request, you may lodge a complaint with the Information Regulator of South Africa at inforegulator.org.za. UK users who are dissatisfied may contact the Information Commissioner's Office (ICO) at ico.org.uk. Australian users may contact the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au.

SQUIDS implements appropriate technical and organisational measures to protect your personal information against unauthorised access, loss, destruction, alteration, or disclosure. These measures include encryption of data in transit using HTTPS and TLS protocols, encryption of data at rest, hashed and salted password storage, strict access controls limiting employee access to personal information on a need-to-know basis, and regular security assessments. In the event of a data breach that could prejudice you, we will notify you and the Information Regulator of South Africa in accordance with our obligations under POPIA and, where applicable, the Cybercrimes Act, 2020. No method of data transmission or storage over the internet is completely secure, and SQUIDS cannot guarantee absolute security.

We retain your personal information for as long as is necessary to maintain your active account and provide you with the services of the Platform; to comply with our legal retention obligations under applicable South African and international law; to resolve disputes, enforce our Terms of Service, and prevent fraud; and to maintain the security and operational integrity of the Platform. Following account deletion, most personal data is deleted or anonymised within 90 days. Certain categories of data may be retained for longer periods where required by law — for example, records relevant to a legal proceeding or regulatory investigation. Anonymised and aggregated usage data may be retained indefinitely as it can no longer be attributed to an individual.

SQUIDS does not permit any person under the age of 16 to register for or use the Platform. We do not knowingly collect personal information from any person under 16 years of age. If we become aware or have reason to believe that a user is under 16, we will immediately suspend or terminate the account and delete any associated personal information as expeditiously as possible. If you are a parent or guardian and believe that your child under 16 has created an account on SQUIDS, please contact us immediately at legal@squids.co.za so that we may investigate and act accordingly.

Our minimum age of 16 years exceeds the minimum threshold required under US COPPA (13 years), UK GDPR (13 years for consent in the absence of a higher national threshold), and Australia's Privacy Act. This higher threshold is deliberate and reflects our commitment to keeping younger users off the Platform entirely.

If you are located in the United Kingdom, the following additional information applies to you. SQUIDS processes your personal data in accordance with the UK GDPR and the Data Protection Act 2018. We are subject to the Data (Use and Access) Act 2025 and will maintain compliance as its provisions come into force throughout 2026. Your rights under UK GDPR include the right of access, rectification, erasure, restriction of processing, data portability, the right to object, and rights related to automated decision-making. You may exercise any of these rights by contacting us at legal@squids.co.za. If you are dissatisfied with our response, you have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk. Cookies placed on UK users' devices are governed by the Privacy and Electronic Communications Regulations 2003 (PECR) and are described in our Cookie Policy.

If you are located in Australia, the following additional information applies to you. SQUIDS handles your personal information in accordance with the Privacy Act 1988 (Cth) and the 13 Australian Privacy Principles (APPs). We also comply with the Privacy and Other Legislation Amendment Act 2024 (Cth). You have the right to access the personal information SQUIDS holds about you, to request its correction, and to complain about how your information has been handled. To exercise these rights, please contact us at legal@squids.co.za. If you are not satisfied with our response, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au.

We may update this Privacy Policy periodically to reflect changes in our data practices, the introduction of new features, or evolving legal requirements. When we make material changes, we will update the "Last Updated" date at the top of this page and, where reasonably practicable, notify active users by in-app notification or email. The current version of this Policy is always available at policies.squids.co.za/privacy. Your continued use of the Platform after we post changes constitutes your acceptance of the updated Policy.

For all privacy enquiries, POPIA data requests, or data protection concerns, please contact our designated Information Officer: