Legal
Privacy Policy
Last updated: 2026-04-29
This Privacy Policy explains how Solid Gold Performance ("we", "us") collects, uses and protects your personal information when you use AURUMCOACH (the "Platform"). It is published in compliance with the Protection of Personal Information Act, 4 of 2013 ("POPIA").
1. Who we are
Solid Gold Performance is the responsible party (data controller) for personal information processed via AURUMCOACH. You can contact us at support@aurumcoach.co.za.
2. What we collect
| Category | Examples | Why we collect it |
|---|---|---|
| Account information | Name, email, phone, password (hashed), role | To create and secure your account |
| Coach business information | Business name, registration / VAT number, banking details, Yoco API key | To generate invoices and process payments to your account |
| Health and training data | Health screening answers, injuries, measurements, workout logs, movement-screen videos | So your coach can program safely and track progress |
| Booking and payment data | Sessions booked, invoices, transactions, refunds | To deliver the service and meet our tax/accounting obligations |
| Messages and chat content | Direct messages and image attachments between you and your coach | To enable in-app communication |
| Technical data | IP address, device type, browser, push subscription tokens, error logs | To operate, secure and debug the Platform |
3. Special personal information
Health information is treated as "special personal information" under POPIA. By submitting a health assessment or movement screen, you give explicit consent for your coach and Solid Gold Performance to process this information for the sole purpose of training programming and safety. You can withdraw consent at any time by contacting support@aurumcoach.co.za; we may then be unable to continue providing the service.
4. How we use your information
- To provide the Platform: account access, scheduling, programming, payments, communications.
- To process payments via Yoco (or other authorised payment service provider).
- To send service messages: receipts, invoices, booking confirmations, password resets.
- To diagnose problems and improve the Platform.
- To comply with legal obligations: tax records, anti-fraud, regulatory requests.
5. Marketing communications
We send service-related emails (receipts, invoices, password resets) to all users — these are necessary for the contract and do not require opt-in. Any marketing emails (newsletters, promotional content) are opt-in and you can unsubscribe at any time using the link at the bottom of those emails.
6. Sharing your information
We share data only with:
- Your assigned coach (or admin) — for the obvious purpose of training delivery.
- Yoco / payment processors — to process transactions. They are independent responsible parties.
- Hosting providers (Oracle Cloud, Cloudflare) — purely as operators with no independent right to use your data.
- Email providers (Google / Zoho) — to deliver transactional emails.
- Authorities — only when legally compelled.
We do not sell or rent personal information to third parties.
7. International transfers
Some of our service providers (e.g. Cloudflare, Google) may process data outside South Africa. We rely on POPIA-compliant transfer mechanisms or contractual safeguards to ensure your data is protected to a standard equivalent to South African law.
8. Cookies and tracking
We use:
- Strictly necessary cookies — for login sessions and CSRF protection. These cannot be disabled.
- Local storage — for offline workout logging and to remember dismissed prompts.
- No third-party advertising or tracking cookies.
9. How long we keep your data
- Account data: while your account is active, plus up to 5 years for tax records.
- Health data: while your account is active. Deleted within 30 days of account closure unless you request earlier deletion.
- Chat messages: indefinitely while your account is active.
- Financial transaction records: 5 years (SARS retention requirement).
- Server logs and security data: 90 days.
10. Your rights as a data subject
Under POPIA you have the right to:
- Access the personal information we hold about you
- Correct or update inaccurate information
- Object to processing on legitimate grounds
- Withdraw any consent you previously gave
- Request deletion of your data, subject to legal retention obligations
- Lodge a complaint with the Information Regulator (South Africa)
To exercise any of these rights, email support@aurumcoach.co.za. We will respond within 30 days.
If you are not satisfied with our response, you can contact the Information Regulator at inforeg@justice.gov.za or inforegulator.org.za.
11. Security
We protect personal information using TLS encryption in transit, hashed passwords, encrypted secret storage, role-based access control, and regular backups stored encrypted off the live server. Despite reasonable measures, no online service is 100% secure — please use a strong, unique password and enable 2FA where available.
If we become aware of a security compromise that affects you, we will notify you and the Information Regulator as required by POPIA.
12. Children's data
The Platform is not intended for children under 13. If you are between 13 and 17, you must have parental or guardian consent to use AURUMCOACH and to share your data with a coach.
13. Changes to this Policy
We may update this Privacy Policy. Material changes will be notified via in-app message or email at least 14 days before they take effect.
14. Contact
Information Officer
Solid Gold Performance
Email: support@aurumcoach.co.za
Questions? Email support@aurumcoach.co.za.