Privacy Notice

This Privacy Notice describes how InkedState (Company Reg. No. 2026/496204/07), Johannesburg, South Africa ("InkedState", "we", "us") collects and processes personal information. InkedState is the Responsible Party under the Protection of Personal Information Act, 4 of 2013 ("POPIA") for personal information processed through this website and our services. For data subjects in the EU/UK, InkedState acts as data controller under the GDPR / UK GDPR.

Contact: info@inkedstate.com.

• Identity & contact data — name, organisation, email address you provide via intake forms or toolkit download forms.
• Transaction data — purchase records (product, date, amount, reference). Payment card details are collected and processed by Paystack, our payment provider, and are not stored by us.
• Communications — messages you send to us via email or forms.
• Technical data — IP address, device/browser identifiers, and basic usage telemetry needed to operate and secure the site.

• Providing the toolkits and services you request — performance of a contract.
• Processing payments, invoicing, fraud prevention and tax compliance — performance of a contract and legal obligation.
• Responding to your enquiries and providing customer support — legitimate interests.
• Securing the site, preventing abuse, and improving our service — legitimate interests.
• Sending occasional updates where you have opted in — consent.

We share personal information only with the categories of recipients needed to run our service:

• Paystack — our payment provider. Paystack processes card payments, handles refunds, and provides fraud and transaction monitoring. See Paystack's privacy notice.
• Infrastructure & service providers — hosting, database, email delivery and analytics providers acting as our operators/processors.
• Professional advisers — legal, tax and accounting advisers where reasonably required.
• Authorities — where disclosure is required by law.

We do not sell your personal information.

Where personal information is transferred outside South Africa, we rely on the protections set out in section 72 of POPIA, including binding agreements with recipients that provide an adequate level of protection. For transfers from the EU/UK, we rely on appropriate safeguards such as Standard Contractual Clauses or adequacy decisions.

We retain personal information only for as long as needed for the purposes set out above, to comply with legal, tax and accounting obligations (typically 5 years from the end of the relevant tax year for transaction records), and to resolve disputes. When no longer needed, information is deleted or anonymised.

Under POPIA you have the right to: be notified that your personal information is being collected; access your personal information; request correction or deletion; object to processing; and lodge a complaint with the Information Regulator of South Africa (inforegulator.org.za). EU/UK data subjects have equivalent rights under the GDPR / UK GDPR including data portability.

To exercise any of these rights, email info@inkedstate.com.

We use appropriate technical and organisational measures — including encryption in transit (TLS), access controls, and provider-managed key handling — to protect personal information from unauthorised access, loss, or disclosure, as required by section 19 of POPIA.

We use strictly necessary cookies to operate the site and may use limited analytics cookies to understand aggregate usage. You can manage cookies in your browser settings.

Questions or requests about this Privacy Notice can be sent to info@inkedstate.com. For payment matters handled by Paystack, see their merchant privacy notice linked above. See also our Terms & Conditions and Refund Policy.