§ Privacy Policy

Privacy Policy

Last updated: 27 April 2026 · v1

◉ Status — Published v1, pre-attorney review This policy describes our actual practices, in plain English. A formal review by South African legal counsel is scheduled. Material updates will be marked with a new version date and a notice on the home page. The substance won't change; the wording may.

Context Design Co is operated by Yield SPM (Pty) Ltd (registration number 2024/185151/07), a private company registered in the Republic of South Africa with operations across Cape Town, Stellenbosch, Bloemfontein, and Johannesburg. This policy explains what personal information we collect when you interact with this website or engage us for work, and how we use, share, and protect it. The policy is written to comply with the Protection of Personal Information Act 4 of 2013 (POPIA) and reflects our defaults for clients in any jurisdiction.

1. What we collect

This website is intentionally minimal. We collect:

Email correspondence. If you email info@contextdesign.tech, we keep that thread until the engagement is concluded plus a sensible records-retention period (typically seven years for tax and audit purposes), and then we delete it.
Engagement records. If we work together, we keep contracts, invoices, and the records required by South African tax and corporate law. These are kept securely and only for as long as the law requires.
Server logs. Our hosting provider keeps standard request logs (IP, timestamp, user agent, page) for short retention periods. We do not run analytics scripts on this website. We do not set cookies for tracking.

That's it. We don't run advertising pixels, marketing automation, behavioural-tracking tools, or third-party analytics. We don't build a profile of you.

2. What we don't do

We don't sell, rent, or trade your personal information.
We don't share data with marketing-tech partners.
We don't run third-party tracking scripts on this site.
We don't send unsolicited marketing email.

3. Substrate engagement work — how we treat client data

When we build a Substrate for a client, that work is governed by a separate Data Processor Agreement signed at the start of the engagement. Defaults that apply to every engagement:

The Substrate runs on hardware the client controls. No client data ever sits on Context Design Co infrastructure.
Substrate code is licensed to the client (MIT) from the moment it is written. The client owns it.
Every command our tooling runs against client systems is logged in an append-only, hash-chained audit log on the client's hardware.
Credentials never pass through our hands. The substrate refuses to type passwords or 2FA; OAuth flows hand back to the human operator.
Destructive operations are gated through an outbox the client must approve before anything fires.
If the engagement ends, the client keeps the substrate, the runbook, the audit log, and the source code. We don't hold context hostage.

4. Your POPIA rights

If you've corresponded with us or engaged us for work, you have the right to ask what personal information we hold, ask us to correct it, ask us to delete it (subject to our legal record-keeping duties), object to its processing, and complain to the Information Regulator of South Africa. We respond to such requests within 30 days.

To exercise any of these rights, email privacy@contextdesign.tech.

5. Information Officer

The Information Officer for Yield SPM (Pty) Ltd handles all POPIA matters and may be reached at privacy@contextdesign.tech.

6. Updates

Material changes to this policy will be marked with a new last-updated date at the top. If a change materially affects how we use your information, we'll notify clients we've worked with directly.

7. Contact

Privacy questions: privacy@contextdesign.tech
General contact: info@contextdesign.tech