EvHub

Legal

Privacy Policy

Last updated: 20 April 2026

1. Introduction

This Privacy Policy explains how EvHub collects, uses, shares and safeguards personal information. It is written in accordance with the Protection of Personal Information Act, 2013 ("POPIA") of the Republic of South Africa.

2. Who we are

The responsible party for your personal information is Hassa Holdings (Pty) Ltd, trading as EvHub, incorporated in the Republic of South Africa and based in Cape Town.

3. Personal information we collect

We try to collect as little as we can. Depending on how you use the Services, we may process:

  • Account holders (tracker and admin users): name, email address, securely hashed password, role flags, and records of your activity in the admin area.
  • Launch-update subscribers: email address, optional interest flag (e.g., "property partner"), and the source page you subscribed from.
  • Location suggestions: province, city and location name, optional notes, optional email address, and the IP address and user-agent string of your request.
  • Visitors: server log entries (IP address, URL path, referrer, browser user-agent, timestamp) and basic analytics required to operate the site and detect abuse.
  • Cookies and similar technologies: see our Cookie Policy.

We do not knowingly collect special personal information (e.g., race, religion, health) or the personal information of children under 18 without appropriate consent.

4. How we use it

  • To provide, operate and secure the EvHub website and tracker.
  • To authenticate you and manage your account.
  • To communicate essential service messages (password resets, invitations, verification emails).
  • To improve and prioritise our network (e.g., deciding where to put the next charging station based on location suggestions).
  • To debug, detect abuse and protect our systems and users.
  • To comply with our legal obligations.

We don't sell your personal information, and we don't share it with third parties for their own marketing.

5. Legal basis

We process personal information on one or more of these lawful bases under POPIA: consent (e.g., when you subscribe to updates), performance of a contract (e.g., provisioning your tracker account), compliance with law, protection of our legitimate interests (e.g., security and abuse prevention), and — in the case of publicly-available charging station operator data — the public-domain source.

6. Who we share with

We share personal information with a small number of operators that help us run the Services. Each is bound by a written agreement and may only process personal information on our instructions:

  • Amazon Web Services (AWS) — application hosting, database storage, object storage, DNS (Route 53), the map tile service and authenticated map access (Cognito Identity Pool).
  • Amazon Simple Email Service (SES) — sending transactional email such as password resets and invitations.
  • Laravel Cloud / Forge — infrastructure tooling used to run the application.
  • Open Charge Map — we fetch publicly-available station metadata from their API; we don't send your personal information to them.

We may also disclose personal information when required by law, court order or legitimate regulatory request.

7. Cross-border transfers

Our primary application region is af-south-1 (Cape Town). Some AWS services we rely on — such as Cognito Identity Pools, SES's control plane, and certain CDN edges — are operated from outside South Africa. Where personal information is transferred across borders, we rely on POPIA section 72 protections, including binding contractual safeguards with the receiving party.

8. Retention

We keep personal information only as long as reasonably needed for the purpose it was collected. Account data is retained while the account is active, then de-identified or deleted. Server logs are kept for a short operational window. Location suggestions are kept for as long as they remain useful to planning decisions.

9. Your rights under POPIA

You have the right to:

  • Confirm whether we hold personal information about you and request a copy.
  • Request correction or deletion of information that is inaccurate, out of date, misleading or unlawfully obtained.
  • Object to processing, including for direct marketing.
  • Withdraw consent where we process on the basis of consent.
  • Lodge a complaint with the Information Regulator of South Africa (inforegulator.org.za).

To exercise these rights, email our Information Officer at the address below. We'll respond within a reasonable time, usually within 30 days.

10. Security

We apply reasonable technical and organisational measures to protect personal information, including encryption in transit (TLS), password hashing, role-based access to the admin area, two-factor authentication support, regular patching, and infrastructure-level isolation. No system is perfectly secure; if we ever become aware of a security compromise affecting personal information, we will notify the Information Regulator and affected data subjects as required by POPIA.

11. Children

The Services are aimed at adults. We do not knowingly collect personal information from children under 18. If you believe a child has provided us personal information, please contact us so we can remove it.

12. Cookies

We use a small number of cookies to run the site and keep you signed in. Details are in our Cookie Policy.

13. Changes to this policy

We may update this policy from time to time. When we do, we'll update the "Last updated" date above. If changes are material, we'll highlight them on the site.

14. Information Officer and contact

Hassa Holdings (Pty) Ltd
Attention: Information Officer
Cape Town, South Africa
Email: privacy@evhub.africa