Legal
Privacy Policy
Last updated 10 April 2026 · Version 1.0
1. Who we are
RankSmith ("RankSmith", "we", "us", "our") is a digital agency operated by Tapnet Solutions (Pty) Ltd, a South African company. RankSmith builds premium Next.js websites and runs ranking programmes for brands in South Africa and abroad. Tapnet Solutions (Pty) Ltd is the responsible party as defined in the Protection of Personal Information Act 4 of 2013 ("POPIA"). This policy applies to ranksmith.co.za and to any engagement between RankSmith and a client.
Responsible party: Tapnet Solutions (Pty) Ltd
Information Officer: Wynand de Beer
Phone: 079 174 8357
Email: wynand@tapnet.co.za
Registered office: 594 Bombani Street, Elarduspark, Pretoria, 0181, South Africa
2. What personal information we collect
2.1 Information you provide directly
- Contact form data: Your full name, email address, company, budget band, starting point, and the short brief you write.
- Engagement data: For clients in an active engagement, the contact details of the primary decision maker, billing details, and any personal information included in briefs or content.
- Correspondence: Emails, call notes, and messages exchanged during a strategy call or active engagement.
2.2 Information collected automatically
- Analytics data: With your consent, aggregated page views, navigation paths, and performance metrics through Vercel Analytics and Vercel Speed Insights. No personal identifiers are collected.
- Server logs: Standard web server logs for security and abuse monitoring, retained for 30 days.
- Cookies: A single first party cookie that stores your cookie consent decision. See Section 9.
3. Why we collect your information
| Data | Purpose | Legal basis |
|---|---|---|
| Contact form data | Respond to your brief, prepare for a strategy call | Consent |
| Engagement data | Deliver the services you hired us to deliver | Contract performance |
| Analytics data | Understand site performance, measure Core Web Vitals | Consent (via cookie banner) |
| Server logs | Security, abuse prevention, incident investigation | Legitimate interest |
| Consent cookie | Record your cookie choice so we do not ask twice | Legitimate interest + POPIA obligation |
4. Who we share your information with
We share personal information only with the operators listed in our Operator Agreements page, and only to the extent necessary. We do not sell, rent, or trade personal information.
5. Cross border data transfers
Some of your personal information is stored and processed outside of South Africa. We use international cloud service providers (primarily Vercel for hosting) because they provide the reliability, edge network, and security guarantees our clients need. See the Operator Agreements page for the full list and exact locations.
5.1 How we protect data during transfers (Section 72 of POPIA)
In terms of Section 72 of POPIA we rely on the following legal bases:
- Binding contractual agreements: Data Processing Agreements with every operator contractually bind them to protection standards equivalent to POPIA.
- Adequate protection: Our hosting provider operates in jurisdictions covered by comprehensive data protection law (EU GDPR).
- Your explicit consent: By submitting the contact form or entering into an engagement, you consent to the cross border transfer of your personal information as described.
- Contractual necessity: The transfer is necessary to perform our contract with you.
5.2 Your right to object
If you object to cross border transfer, email wynand@tapnet.co.za. We will explore South African hosting alternatives with you. In some cases we may not be able to deliver the service if cross border transfer is refused.
6. How long we keep your information
| Data type | Retention period |
|---|---|
| Contact form submissions | 24 months from submission |
| Engagement correspondence | Duration of engagement plus 5 years (tax law) |
| Invoices and financial records | 5 years from creation (South African tax law) |
| Analytics data | 24 months, then automatically deleted |
| Consent records | 12 months from your last choice |
| Server logs | 30 days |
When data is deleted, it is destroyed so it cannot be reconstructed, in accordance with Section 14(4) of POPIA.
7. Your rights under POPIA
As a data subject, you have the right to:
- Access: Request a copy of all personal information we hold about you
- Correction: Request correction of inaccurate or incomplete information
- Deletion: Request deletion of your personal information (subject to legal retention requirements)
- Object: Object to the processing of your personal information on reasonable grounds
- Withdraw consent: Withdraw any consent you have given, at any time, including analytics cookie consent via the Cookie settings link in the footer
- Complain: Lodge a complaint with the Information Regulator
To exercise any of these rights, email wynand@tapnet.co.za with the subject line "POPIA request". We respond within 30 days, free of charge.
Information Regulator (South Africa)
Email: enquiries@inforegulator.org.za
Website: https://inforegulator.org.za
8. Security
- All traffic served over HTTPS (TLS encryption in transit)
- Strict security headers: CSP, X-Frame-Options DENY, X-Content-Type-Options, Referrer-Policy, Permissions-Policy
- No client side storage of personal data beyond the consent cookie
- All engagement files stored in encrypted cloud storage with access restricted to the engagement lead
- Access to any production system is revoked within one working day of an engagement ending
- Third party operators used for hosting, email, and payments are all SOC 2 or equivalent certified
9. Cookies
9.1 Strictly necessary cookies
- ranksmith-consent - records your cookie preferences. Set only after you click a button on the cookie banner. Expires after 12 months.
9.2 Analytics cookies (require consent)
- Vercel Analytics and Vercel Speed Insights - aggregated page views, navigation, and Core Web Vitals. No personal identifiers. Only loaded after you opt in through the cookie banner.
9.3 Marketing cookies
We do not set marketing cookies and we do not use any third party advertising or remarketing tags.
You can manage your cookie preferences at any time via the Cookie settings link at the bottom of every page.
10. Direct marketing
We do not run a marketing newsletter. If that ever changes, we will only send marketing communications to users who have explicitly opted in, and every email will include a one click unsubscribe. Transactional emails (responses to your brief, invoices, engagement updates) are not marketing and will be sent as part of the service.
11. Children
RankSmith's services are intended for businesses and adults. We do not knowingly collect personal information from children under 18. If we become aware that a child under 18 has provided us with personal information, we will delete it.
12. Data breach notification
If we become aware of a security breach that compromises your personal information, we will notify the Information Regulator and affected data subjects as soon as reasonably possible, in accordance with Section 22 of POPIA. Notifications will include the nature of the breach, potential consequences, and recommended protective measures.
13. Changes to this policy
We may update this privacy policy from time to time. If we make material changes we will announce them on this page and, where appropriate, by email to active clients. Continued use of the site or an engagement after an update constitutes acceptance of the updated policy.
14. Contact us
- Responsible party: Tapnet Solutions (Pty) Ltd
- Information Officer: Wynand de Beer
- Phone: 079 174 8357
- Email: wynand@tapnet.co.za
- Registered office: 594 Bombani Street, Elarduspark, Pretoria, 0181, South Africa