MITER & SCALEby DTK ReFresh
← Back to sign up

Privacy Policy

Effective: 1 April 2026  ·  DTK ReFresh (Pty) Ltd  ·  Johannesburg, South Africa

1. Information We Collect

Account information: When you register, we collect your first name, surname, email address, and password (hashed). Optional fields include company name, job title, WhatsApp number, VAT number, and work specialisation.

Usage and project data: We store the cabinet projects, cut lists, BOMs, and quotes you create. This data is linked to your account and is used to provide the core Service.

Technical data: We collect browser type, device identifiers, IP address, and usage logs for security and performance purposes. This data is processed anonymously where possible.

2. How We Use Your Information

We use your information to:

  • Provide, maintain, and improve the Miter & Scale Service
  • Authenticate your identity and protect your account
  • Send transactional emails (account confirmation, password reset)
  • Respond to support requests via email or WhatsApp
  • Analyse anonymised usage patterns to improve the product
  • Process subscription payments (via Stripe — payment details are not stored by us)

We do not sell, rent, or trade your personal information to third parties for marketing purposes.

3. POPIA Compliance

DTK ReFresh (Pty) Ltd is the Responsible Party as defined by the Protection of Personal Information Act 4 of 2013 (POPIA). We process your personal information lawfully, fairly, and in a manner that does not infringe your privacy.

Your rights under POPIA (Section 23):

  • Right of access: Request a copy of your personal information held by us
  • Right to correction: Request correction of inaccurate or outdated information
  • Right to deletion: Request deletion of your personal information (subject to legal retention obligations)
  • Right to object: Object to the processing of your personal information
  • Right to complain: Lodge a complaint with the Information Regulator (complaints.IR@justice.gov.za)

To exercise these rights, contact our Information Officer at privacy@dtkrefresh.com. We will respond within 10 business days.

4. GDPR Compliance (EU Users)

If you are in the European Union or EEA, the General Data Protection Regulation (GDPR) applies. Our legal bases for processing are: (a) contract performance — necessary to provide the Service; (b) legitimate interests — security, fraud prevention, product improvement; (c) consent — for optional communications.

GDPR rights you may exercise:

  • Access (Art. 15) — obtain a copy of your data
  • Rectification (Art. 16) — correct inaccurate data
  • Erasure (Art. 17) — "right to be forgotten" where applicable
  • Restriction (Art. 18) — limit how we process your data
  • Portability (Art. 20) — receive your data in a structured, machine-readable format
  • Object (Art. 21) — object to processing based on legitimate interests

We do not transfer personal data outside South Africa to countries that do not offer an adequate level of protection without appropriate safeguards. Our infrastructure partners (Supabase, Vercel) operate under standard contractual clauses for EU data transfers.

5. Data Sharing & Third Parties

We share your data only with the following service providers, under data processing agreements:

  • Supabase Inc. — database hosting and authentication (PostgreSQL, Row Level Security)
  • Vercel Inc. — application hosting and anonymous analytics
  • Stripe Inc. — payment processing (we do not store card details)
  • SMTP provider — transactional email delivery (configured per your account settings)

We do not sell personal information. We do not share data with advertising networks or data brokers.

6. Data Retention

Active accounts: We retain your personal information and project data for the duration of your account.

Free tier projects: Projects created on the free tier are automatically deleted after 7 days of inactivity.

Deleted accounts: Upon account deletion, your personal information is permanently purged within 30 days. Anonymised usage statistics may be retained for analytics purposes.

Legal retention: Certain data may be retained longer where required by South African law (e.g. financial records for tax purposes).

7. Security Measures

We implement industry-standard technical and organisational measures to protect your data:

  • All data in transit encrypted via TLS 1.2+
  • Data at rest encrypted in Supabase (AES-256)
  • Row Level Security (RLS) ensures users can only access their own data
  • Passwords hashed using bcrypt (managed by Supabase Auth)
  • Access to production systems restricted to authorised personnel

In the event of a data breach affecting your personal information, we will notify you and the Information Regulator within 72 hours as required by POPIA.

8. Cookies & Analytics

Session cookies: We use cookies to maintain your authentication session. These are essential for the Service to function and cannot be disabled.

Analytics: We use Vercel Analytics, which collects anonymised, aggregated usage data (page views, performance metrics). No personally identifiable information is tracked. No advertising cookies are used.

We do not use third-party advertising trackers or social media pixels.

9. Children's Privacy

Miter & Scale is a professional business tool not directed to persons under the age of 18. We do not knowingly collect personal information from minors. If you believe a minor has created an account, please contact us at privacy@dtkrefresh.com and we will delete the account promptly.

10. Contact / Data Protection Officer

DTK ReFresh (Pty) Ltd — Information Officer

Jan Kotze

Email: privacy@dtkrefresh.com

WhatsApp: +27 67 020 3973

Johannesburg, Gauteng, South Africa

Information Regulator (SA): complaints.IR@justice.gov.za

This Privacy Policy was last updated on 1 April 2026. We will notify registered users of material changes.