Privacy Policy
Effective date: 1 May 2026 · GloWorm Guard (Pty) Ltd
This Privacy Policy explains how GloWorm Guard (Pty) Ltd collects, uses, stores, and shares your personal information when you use the GloWorm Guard Service. It should be read together with our POPIA Compliance Policy.
1. Information We Collect
Account data: your name, email address, hashed password, and assigned Family ID.
Billing data: billing address and payment method details — handled directly by our third-party payment processor. We do not store full card numbers or bank account details on our servers.
Device data: device names, WireGuard public keys, assigned IP addresses, and connection timestamps.
Usage data: DNS query logs (domain names queried and timestamps), per-device data-usage statistics, parental-control schedule configurations, and content-blocking settings you apply.
Log data: server access logs, application error logs, and audit logs of administrative actions taken within the platform (e.g. blocking a device, changing a schedule).
Communication data: emails or messages you send to our support team.
2. How We Use Your Information
- To provision and operate your VPN and DNS-filtering services;
- To enforce the parental-control schedules and content-blocking rules you configure;
- To process billing and issue payment receipts;
- To send transactional communications (trial expiry notices, billing reminders, security alerts);
- To provide customer support;
- To detect and prevent fraud, abuse, and security incidents;
- To improve the Service through aggregated, anonymised analytics.
We do not sell your personal information to third parties.
3. Legal Bases for Processing
- Contract performance — necessary to deliver the Service you subscribed to;
- Legitimate interest — security monitoring, fraud prevention, and service improvement;
- Legal obligation — compliance with applicable South African law;
- Consent — where we have obtained your explicit consent (e.g. marketing emails; withdrawal does not affect prior processing).
4. Children's Data
GloWorm Guard is designed to be administered by adults (parents or guardians) to protect children's online safety. Accounts are only created by persons aged 18 or older. DNS query logs and device usage data may relate to children's internet activity. This data is processed solely to provide the parental-control functionality and is never used for profiling, advertising, or any purpose unrelated to the Service.
5. Data Sharing
We share personal information only with:
- Payment processors — for the purpose of billing, under their own privacy policies;
- Cloud infrastructure providers — who process data on our behalf under binding data-processing agreements;
- Law enforcement or regulators — where required by a valid legal obligation, court order, or to protect the rights, property, or safety of GloWorm Guard, its users, or the public.
6. International Data Transfers
Your data is stored on servers located in South Africa and/or within the European Union (which provides adequate data-protection standards). Where data is transferred outside South Africa, we ensure appropriate safeguards are in place in accordance with POPIA and applicable data-protection law.
7. Retention Periods
- Account data — retained for the duration of your Subscription plus 12 months after cancellation, or longer if required by law.
- DNS query logs — retained for up to 90 days; you may request earlier deletion at any time.
- Billing records — retained for 5 years to comply with South African tax and financial legislation.
- Audit logs — retained for 12 months.
8. Security
We implement appropriate technical and organisational security measures, including:
- TLS encryption for all data in transit;
- Bcrypt-hashed passwords (never stored in plaintext);
- Role-based access control limiting internal data access to authorised personnel;
- Regular security reviews and penetration testing.
No system is perfectly secure. We encourage you to use a strong, unique password and to notify us immediately at info@gloworm.co.za if you suspect any security issue with your Account.
9. Your Rights
Subject to POPIA and other applicable law, you have the right to:
- Access the personal information we hold about you;
- Correct inaccurate or incomplete information;
- Request deletion of your data (subject to lawful retention obligations);
- Object to or request restriction of certain processing activities;
- Withdraw consent where processing is based on consent (without affecting the lawfulness of prior processing);
- Lodge a complaint with the Information Regulator of South Africa.
To exercise any of these rights, email info@gloworm.co.za. We will respond within 30 calendar days.
10. Cookies
We use only essential session cookies required for authentication and platform operation. We do not use advertising cookies, cross-site tracking cookies, or third-party analytics cookies.
11. Changes to This Policy
We may update this Privacy Policy. Material changes will be communicated via email or in-app notification at least 14 days before they take effect.
GloWorm Guard (Pty) Ltd — www.gloworm.co.za — info@gloworm.co.za
Effective date: 1 May 2026 · All rights reserved.