In short: DoubleTick processes your personal information to facilitate event RSVPs and communications on behalf of event organisers. We comply with South Africa's Protection of Personal Information Act (POPIA) and never sell your data.
1. Who We Are
DoubleTick ("we", "us", "our") is a WhatsApp-based event RSVP and communication platform operated by Idea Farm CC (Registration Number 2000/025527/23), a close corporation registered in South Africa. We provide services to Event Organisers (our clients) who use our platform to manage event invitations, RSVPs, and attendee communications.
Idea Farm CC
Registration Number: 2000/025527/23
PO Box 51874, Waterfront, 8002
South Africa
Email: [email protected]
For POPIA purposes:
- When you interact with our platform as an event attendee: The Event Organiser is the "responsible party" for your personal information, and DoubleTick acts as an "operator" processing data on their behalf.
- When you contact us directly or use our website: DoubleTick is the "responsible party".
2. Information We Collect
2.1 Information from Event Attendees
When you receive an event invitation and respond via our platform, we may collect:
| Data Type | Purpose | Lawful Basis |
|---|---|---|
| WhatsApp ID (phone number) | Identify you and deliver messages | Contract / Legitimate interest |
| Name | Personalise communications, guest list management | Contract |
| Email address | Send confirmations, calendar invites | Contract / Consent |
| RSVP response | Track attendance, manage capacity | Contract |
| Dietary requirements | Catering arrangements (if requested by organiser) | Consent |
| Session preferences | Event scheduling (if applicable) | Contract |
| Marketing opt-in status | Future event communications from the organiser | Consent |
2.2 Technical Information
When you access our webviews or website, we automatically collect:
- Session tokens (short-lived, for security)
- Timestamp of interactions
- Basic device/browser information for compatibility
We do not use tracking cookies or third-party analytics on our RSVP webviews.
2.3 Information from Event Organisers
Our clients (Event Organisers) may upload guest lists containing names, phone numbers, and email addresses to send invitations. The Event Organiser is responsible for ensuring they have the appropriate consent or lawful basis to share this information with us.
3. How We Use Your Information
We process personal information for the following purposes:
- Delivering event invitations via WhatsApp on behalf of Event Organisers
- Processing RSVP responses and communicating confirmations
- Sending event updates (reminders, schedule changes, venue information)
- Generating digital tickets with QR codes for event check-in
- Providing Event Organisers with attendance reports and analytics
- Security purposes (preventing link sharing, verifying attendee identity)
We never sell your personal information. We do not share attendee data with third parties for marketing purposes. Your data is only accessible to the Event Organiser who invited you and our platform for operational purposes.
4. Data Sharing
We share personal information only in the following circumstances:
- With the Event Organiser: Your RSVP responses, contact details, and preferences are shared with the organiser of the event you're attending. They use this to manage their event.
- With Meta (WhatsApp): Messages are delivered via the WhatsApp Business API. Meta's privacy policy governs how WhatsApp handles message delivery.
- With service providers: We use Cloudflare for hosting and security. These providers process data on our behalf under strict data processing agreements.
- Legal requirements: We may disclose information if required by law or to protect our legal rights.
5. Data Security
We implement appropriate technical and organisational measures to protect your personal information:
- Encryption in transit: All data is transmitted over HTTPS/TLS
- Encryption at rest: All personally identifiable data is encrypted using AES-256, with encryption keys securely managed in an isolated secrets vault
- Single-use links: RSVP webview links are burned after first use, preventing link sharing or interception
- Short-lived sessions: Session tokens expire within one hour
- Access controls: Event Organisers can only access data for their own events
- Data isolation: Each Event Organiser's contact data is kept separate
- Infrastructure security: Our platform runs on Cloudflare's global edge network with built-in DDoS protection
6. Data Retention
We retain personal information for the following periods:
- Event data: Retained for 12 months after the event date, then anonymised or deleted
- Contact records: Retained by the Event Organiser until they delete them or you request deletion
- Session tokens: Automatically deleted after 1 hour or upon use
- Technical logs: Retained for 30 days for security and debugging purposes
Event Organisers may retain your information for longer in their own systems. Contact the organiser directly for information about their retention practices.
7. Your Rights Under POPIA
As a data subject in South Africa, you have the following rights:
- Right to access: Request a copy of the personal information we hold about you
- Right to correction: Request that we correct inaccurate or incomplete information
- Right to deletion: Request that we delete your personal information
- Right to object: Object to the processing of your personal information
- Right to withdraw consent: Withdraw consent for marketing communications at any time
- Right to complain: Lodge a complaint with the Information Regulator
To exercise your rights regarding data held by an Event Organiser, please contact them directly. For data we hold as the responsible party, contact us at [email protected].
8. Marketing Communications
We only send marketing communications from Event Organisers to attendees who have explicitly opted in. You can opt out at any time by:
- Replying "STOP" to any WhatsApp message
- Unchecking the marketing preference in any RSVP form
- Contacting the Event Organiser directly
- Emailing us at [email protected]
Note that opting out of marketing does not affect transactional messages related to events you've RSVP'd to (such as reminders and updates).
9. International Data Transfers
Our platform infrastructure is hosted on Cloudflare's global edge network, which may process data in multiple jurisdictions. WhatsApp messages are processed by Meta's global infrastructure. We ensure appropriate safeguards are in place for any international transfers in compliance with POPIA Section 72.
10. Children's Privacy
Our platform is not intended for use by children under 18 without parental consent. If an event involves minors, the Event Organiser is responsible for obtaining appropriate consent from parents or guardians.
11. Changes to This Policy
We may update this privacy policy from time to time. We will notify Event Organisers of significant changes. The "last updated" date at the top of this page indicates when the policy was last revised.
12. Contact Us
If you have questions about this privacy policy or our data practices, please contact us:
Idea Farm CC
PO Box 51874, Waterfront, 8002
South Africa
Privacy Policy Β· Terms of Use
Email: privacy@doubletick.rsvp
General enquiries: [email protected]
For complaints about how your personal information has been handled, you may also contact the Information Regulator of South Africa:
Information Regulator (South Africa)
Website: inforegulator.org.za
Email: complaints.IR@justice.gov.za