Privacy Policy

Last updated: June 2026

1. Who we are

Grüp is a South African group-payment platform. This policy explains what personal information we process and why, in line with the Protection of Personal Information Act (POPIA).

2. What we collect

For organisers: name, email address, verified mobile number, and the bank account details you register for receiving settlements. For payers: the name and mobile number an organiser adds to a payment event, and the status of the related payment. For everyone: transaction records (amounts, timestamps, payment status) and basic technical logs needed to run the service securely.

3. What we don't collect

Grüp does not store card numbers or banking login credentials. Card and bank payment details are handled directly by our accredited payment partners on their secure infrastructure.

4. How we use information

To operate payment events (creating requests, sending reminders, tracking payment status), to settle collected funds to organisers' registered bank accounts via our payment partners, to verify accounts and prevent fraud, and to communicate service messages. We do not sell personal information.

5. Sharing

We share information with our payment service providers to the extent needed to process payments and settlements, with our hosting and authentication providers who process data on our behalf, and where required by law.

6. Retention

Transaction records are retained as required for legal, accounting and fraud-prevention purposes. Account information is retained while your account is active; you may request deletion of your account and associated personal information, subject to records we are legally required to keep.

7. Your rights

Under POPIA you may request access to, correction of, or deletion of your personal information, and you may object to processing. Contact hello@grup.co.za to exercise these rights. You may also lodge a complaint with the Information Regulator of South Africa.

8. Security

We use encryption in transit, access controls, and reputable infrastructure providers to protect personal information. No system is perfectly secure; we will notify affected users and the Information Regulator of any breach as required by POPIA.

9. Contact

Privacy questions and requests: hello@grup.co.za.