Data Deletion Policy
1. Your Right to Deletion
Under the Protection of Personal Information Act (POPIA), you have the right to request deletion of your personal information held by Bartholos Pty Ltd (trading as Staya).
We take this right seriously and will process all deletion requests promptly and transparently. Where full deletion is not possible due to legal obligations, we will anonymise your data so it can no longer be linked to you personally.
2. What Can Be Deleted
Upon a valid deletion request, the following data can be deleted or anonymised:
- Personal profile information (name, phone number)
- Contact details where no longer required for legal purposes
- Device information and push notification tokens
- Notification preferences
- Message history with the Cara assistant (after 2 years, or on request)
- ID and licence photos (after 90 days post-checkout, or on request)
- Booking history where not required for legal or financial records
- Vehicle registration information
3. What Cannot Be Deleted
Certain data must be retained regardless of a deletion request due to legal obligations:
Legally required retention:
• Financial transaction records — retained for 5 years (SARS requirement)
• Completed booking records — retained for 5 years (legal and dispute purposes)
• Information required for active legal proceedings or regulatory compliance
• Data required to honour any outstanding or active booking
Where full deletion is not possible, we will anonymise your data so that it can no longer be attributed to you as an individual, and inform you of this in writing.
4. How to Request Deletion
You can submit a data deletion request in two ways:
• Full name
• Email address used when registering or booking
• Booking code (if applicable)
• Reason for deletion request (optional but helpful)
5. What Happens After You Request
6. Effect on Active Bookings
If you have an active or upcoming booking at the time of your deletion request:
- We will complete your deletion after your stay has concluded
- Data required to manage your booking will be retained until checkout
- You will be notified of this delay and given an expected deletion date
If you wish to cancel your booking as part of your deletion request, please also submit a cancellation request as per our Cancellation Policy.
7. Third-Party Data
Where your data has been shared with third-party service providers, we will request deletion from those providers where technically possible and contractually permitted.
| Provider | Deletion outcome |
|---|---|
| Supabase | Data deleted from our database within 30 days |
| Resend | Email delivery logs removed on request |
| Expo / Firebase | Push notification tokens deleted |
| Yoco | Yoco retains payment transaction records independently under their own legal obligations. We cannot instruct Yoco to delete transaction data on your behalf. |
8. Push Notification Tokens
To remove your device from our push notification system immediately — without waiting for a full deletion request — you can disable notifications in your device settings:
- iOS: Settings → Notifications → Staya → Allow Notifications (toggle off)
- Android: Settings → Apps → Staya → Notifications (toggle off)
Your push notification token will also be deleted as part of any full data deletion request.
9. Information Regulator
If you are not satisfied with how we have handled your deletion request, you have the right to lodge a complaint with the Information Regulator of South Africa:
Information Regulator (South Africa)
JD House, 27 Stiemens Street, Braamfontein, Johannesburg, 2001
Email: inforeg@justice.gov.za
Website: inforegulator.org.za
Summary: Email info@staya.co.za with subject "Data Deletion Request" and your name and email address. We will acknowledge within 5 business days and complete deletion within 30 days.
10. Contact
| info@staya.co.za | |
| Subject line | Data Deletion Request |
| Address | Korhaan Crescent 67, Hartswater, 8570, Northern Cape, South Africa |
| Response time | Within 5 business days |