1. Who We Are
On The Rox (Pty) Ltd ("On The Rox", "we", "our", "us") operates the On The Rox platform — including the website at ontherox.app, mobile applications, and related services (collectively, the "Platform").
We are committed to protecting your personal information and your right to privacy. If you have any questions or concerns, contact us at [email protected].
2. Information We Collect
Information you provide directly
- Account data: name, email address, password (hashed — never stored in plain text)
- Profile data: fitness level, training mode, goals, disciplines, WhatsApp number (if opted in)
- Onboarding data: plan selection, Rep wallet preferences
- Coach/seller data: professional bio, package details, payout information
- Check-in data: mood, energy, sleep, hydration logs you submit
- AI Coach messages: text you send to the AI coaching assistant
- Marketplace data: purchases, listings, reviews, order history
Information collected automatically
- Usage data: pages visited, features used, session duration
- Device data: browser type, operating system, IP address
- Cookies and similar technologies: session cookies for authentication, preference cookies
3. How We Use Your Information
We use the information we collect to:
- Create and manage your account and deliver the Platform services
- Personalise your AI Coach responses and training recommendations
- Process marketplace transactions and manage Rep wallet balances
- Send transactional communications (account confirmations, purchase receipts)
- Send WhatsApp accountability messages — only if you explicitly opt in
- Maintain leaderboards and community features
- Detect and prevent fraud, abuse, and security incidents
- Comply with legal obligations
- Improve and develop the Platform
We do not sell your personal data to third parties. We do not use your data for targeted advertising.
4. Legal Basis for Processing (POPIA / GDPR)
We process your personal information on the following lawful bases:
- Contract performance: to provide the services you signed up for
- Legitimate interests: platform security, fraud prevention, service improvement
- Consent: WhatsApp notifications, optional marketing communications
- Legal obligation: where required by applicable law
5. Data Sharing
We share your data only in the following circumstances:
- Coaches you engage: your profile and check-in data is shared with coaches you explicitly connect with
- Service providers: hosting, database, email delivery, and payment processors — bound by data processing agreements
- Legal requirements: if required by law, court order, or to protect rights and safety
- Business transfers: in the event of a merger or acquisition, with notice to you
6. Data Retention
We retain your personal data for as long as your account is active or as needed to provide services. If you delete your account, we will delete or anonymise your personal data within 30 days, except where we are required to retain it by law (e.g. financial records for 5 years).
AI Coach message history is retained for 90 days to provide context continuity, after which it is automatically purged.
7. Your Rights
Depending on your location, you may have the following rights:
- Access: request a copy of the personal data we hold about you
- Correction: request correction of inaccurate data
- Deletion: request deletion of your personal data ("right to be forgotten")
- Portability: receive your data in a structured, machine-readable format
- Objection: object to processing based on legitimate interests
- Withdraw consent: at any time for consent-based processing (e.g. WhatsApp opt-in)
To exercise any of these rights, email us at [email protected]. We will respond within 30 days.
8. Cookies
We use the following cookies:
- Session cookies: required for authentication — expire when you close your browser or sign out
- Preference cookies: remember your mode (Everyday / Athlete) and UI preferences
We do not use advertising or third-party tracking cookies. You can disable cookies in your browser settings, but this will prevent you from signing in.
9. Security
We implement industry-standard security measures including TLS encryption in transit, hashed passwords, HTTP security headers (CSP, HSTS, X-Frame-Options), and access controls. No system is 100% secure — if you discover a vulnerability, please report it responsibly to [email protected].
10. Children's Privacy
The Platform is not directed at children under 16. We do not knowingly collect personal data from children under 16. If you believe a child has provided us with personal data, contact us and we will delete it promptly.
11. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by email or by a prominent notice on the Platform at least 14 days before the change takes effect. Continued use of the Platform after the effective date constitutes acceptance.
12. Contact Us
For privacy-related questions, requests, or complaints:
On The Rox (Pty) Ltd
Email: [email protected]If you are not satisfied with our response, you have the right to lodge a complaint with the Information Regulator (South Africa) or your local data protection authority.