Privacy Policy

Last Updated: 30 January 2026

Welcome to CampEx. We value your privacy and are committed to protecting your personal information in accordance with the Protection of Personal Information Act (POPIA) of South Africa, as well as relevant international data protection principles.

CampEx ("we," "us," or "our") operates a peer-to-peer (P2P) digital marketplace designed exclusively for the university student community. This Privacy Policy serves as a comprehensive explanation of how we collect, process, safeguard, and manage your data within this specialised campus ecosystem.

1. Information We Collect

To maintain a verified, high-trust environment and power our automated features, we collect and process several categories of data:

Account & Identity Verification Information: We require your university-issued email address (e.g., @sun.ac.za) to authenticate your status as an active student. This is a mandatory gateway to ensure the marketplace remains a "walled garden" restricted to the campus community. We also store your name and chosen "handle" (public profile name).
Listing Content & Visual Media: We collect images, titles, and text descriptions of the items you list for sale. Users should be aware that uploaded images may contain "Exif" metadata (such as time and device details) or visual background identifiers. We encourage users to photograph items against neutral backgrounds.
Automated Metadata & AI Processing (AI Auto-Fill): Our proprietary "AI Auto-Fill" system utilises advanced machine learning to analyse uploaded images. This processing extracts visual features to generate suggested metadata, including item titles, detailed condition descriptions, and recommended price points based on historical market trends within the campus.
Communication & Interaction Logs: To facilitate safe and transparent transactions, we store comprehensive logs of all in-app chat communications. These logs include message content, timestamps, and read statuses. This data is critical for providing an audit trail for dispute resolution.
Voluntary Location & Meetup Data: CampEx does not utilise real-time, background GPS tracking or "live" location sharing. However, we store static location markers or specific text-based meeting points (e.g., "Meet at the Rooiplein") that you voluntarily share within the chat interface.

2. How We Use Your Information (Purpose Specification)

We process your personal information for the following specific and legitimate business purposes:

Ecosystem Integrity & Verification: We use your university credentials to protect the community from non-student third parties, commercial "spammers," and potential bad actors.
Platform Optimisation & Searchability: We categorise your listings to enhance the "discovery" experience. This includes granular filtering (e.g., sorting textbooks by Faculty, Year, or Module) to ensure that your items reach the most relevant student buyers.
AI Feature Refinement: We use the interactions with our AI Auto-Fill (such as whether you accept, edit, or reject an AI-generated title) as training feedback. This allows the system to better understand campus-specific jargon and textbook editions.
Safety, Auditing, & Compliance Monitoring: We proactively monitor platform activity and chat logs to identify "Prohibited Items" (such as counterfeit textbooks, exam banks, or illegal substances). These logs also serve as an evidentiary record in the event of a reported safety incident.
Monetisation & Ad Targeting (Future-Proofing): To keep the platform sustainable, we may use anonymised activity data to display relevant advertisements in your product feed. For example, if you frequently browse the "Science Faculty" category, we may show you "Sponsored" content related to lab equipment. This is done without sharing your private identity with third-party advertisers.

3. Financial Information & Peer-to-Peer Disclaimer

Offline Trading Notice

CampEx does not act as a financial intermediary, escrow agent, or payment processor. We do not handle, collect, or store any banking details, credit card numbers, or EFT information. All financial transactions occur entirely offline through means chosen and agreed upon by the students (e.g., Cash, EFT, or Trade).

No Verification: CampEx cannot verify the successful completion of a payment or the authenticity of an EFT "Proof of Payment."
The "Caveat Emptor" Rule: Buyers and sellers are reminded that they trade at their own risk. We strongly recommend that users verify that funds have cleared in their own banking app before handing over goods.
Safety Recommendation: All physical exchanges should be performed in well-lit, high-traffic, and monitored campus areas during daylight hours.

4. Data Sharing, Third Parties, & Operators

We do not sell, rent, or trade your personal information to third parties for their independent marketing. Data sharing is limited to the following contexts:

Legal & Law Enforcement Requests: If we receive a valid legal process or are compelled by South African law enforcement, we may disclose account details, verification status, or chat logs to aid in investigations.
Technical Service Providers (Operators): We utilise secure third-party infrastructure—such as cloud hosting (AWS/Firebase) and AI processing APIs—to host and operate the platform. These entities are "Operators" under POPIA and are contractually bound to process your data only according to our strict security instructions.

5. Data Retention & "The Right to be Forgotten"

We adhere to a strict data minimisation principle:

Active Listing Data: All data associated with a listing is retained for as long as the listing is marked as "Active" or "Pending." Once a user marks an item as "Sold" or "Deleted," the images and public descriptions are removed from the live feed.
User-Initiated Account Deletion: You may request the deletion of your account at any time. Upon deletion, your profile data is obfuscated and removed from public view immediately.
Administrative & Legal Archiving: In accordance with the South African Prescription Act, we may retain encrypted, non-public archives of transaction logs and account data for up to 3 years. This is done solely for the purpose of defending against legal claims, investigating historical safety reports, or complying with statutory audit and tax requirements.

6. Advertisements, Analytics, & Transparency

As CampEx grows, we intend to integrate a revenue model based on "In-Feed" advertisements.

Relevance over Intrusion: We may use your browsing history on the platform to ensure that the ads you see are useful to your student life.
Ad Labeling: In compliance with the Consumer Protection Act (CPA), all paid or sponsored content will be clearly distinguished from organic student listings with a "Sponsored," "Ad," or "Promoted" tag.
Analytics: We may use anonymised, aggregated data to track platform health and user growth, which may be shared with potential partners or university stakeholders.

7. Your Statutory Rights Under POPIA

As a data subject in South Africa, you possess the following legally enforceable rights:

Right to Access: You may request a summary of the personal information we hold about you at any time.
Right to Rectification: You have the power to update your profile, handle, and listing data to ensure accuracy.
Right to Object: You may object to the processing of your data for direct marketing or "Sponsored" content profiling.
Right to Restriction: You may request that we limit the processing of your data under specific legal circumstances.
Right to Complaint: You have the right to lodge a formal complaint with the South African Information Regulator if you believe your privacy rights have been infringed.

8. Security, Breach Notification, & User Responsibility

We implement robust technical and organisational measures, including end-to-end encryption for certain data paths and secure authentication protocols, to protect the CampEx database.

Security Breach Protocol: In the unlikely event of a data breach, we are legally required to notify both the Information Regulator and the affected users as soon as reasonably possible, as mandated by Section 22 of POPIA.
User Responsibility: Security is a shared responsibility. Users are responsible for maintaining the confidentiality of their login credentials and exercising extreme discretion when sharing personal contact information within the in-app chat.

9. Contact and Information Officer

For any privacy-related queries, data access requests, or to report a potential data concern, please contact our team. In accordance with POPIA, our primary point of contact for data protection and information management is:

Email: support@campex.live