Last updated: 1 April 2026 · Governed by POPIA Act 4 of 2013 (South Africa)
DigitalProductPassports.co.za is operated by LinkDaddy LLC, registered at 509 N Prescott Avenue, Suite B, Clearwater, Florida 33755. We operate the National Forensic Trust Registry for South African Digital Product Passports (DPP), providing compliance infrastructure for South African exporters under the EU Ecodesign for Sustainable Products Regulation (ESPR) (EU) 2024/1781.
For all POPIA-related enquiries, contact our Information Officer at [email protected].
We collect only what is necessary to operate the registry:
| CIPC Registration Number | Identity verification for SME onboarding | Mandatory |
| Director Smart ID Number | Biometric identity anchor for passport minting | Mandatory |
| Business Name & Address | Registry entity node creation | Mandatory |
| Email Address | Account communication and compliance alerts | Mandatory |
| Declared Shipment Value | 2% transaction fee calculation and royalty ledger | Mandatory |
| Document SHA-256 Hash | Forensic fingerprint — the document itself is never stored | Mandatory |
| IP Address (hashed) | POPIA consent logging and rate limiting — not stored in raw form | Automatic |
| Session Tokens | Authentication — stored in Cloudflare KV, expire after 24 hours | Automatic |
We do not store uploaded documents. All documents are hashed client-side using SHA-256 via the Web Crypto API. Only the hash is transmitted to our servers. The original document never leaves your device.
Your information is used exclusively for:
We do not sell, rent, or share your personal information with third parties for marketing purposes. Ever.
The declared shipment value you provide is used solely to calculate the 2% registry transaction fee — the same way PayFast or Peach Payments calculate their processing fees. This value is logged to the Founder's Royalty Dashboard for financial reporting purposes. It is not shared with any third party, including the South African Revenue Service (SARS), unless we are legally compelled to do so.
The DPP AI assistant is powered by a consensus chain of five AI models (Perplexity, Anthropic, OpenAI, Gemini, and Grok). Before using the assistant, you are asked to provide explicit POPIA consent.
We do not store your conversation with DPP. We store only the consent event (timestamp, session ID, and hashed IP address) as required for POPIA compliance. Your questions and DPP's answers are processed in-memory and discarded after each session.
| Passport Registry Records | Indefinite — these are permanent forensic records | |
| POPIA Consent Logs | 5 years — as required by POPIA Section 14 | |
| Session Tokens | 24 hours — auto-expired in Cloudflare KV | |
| Rate Limit Records | 1 hour — auto-expired in memory | |
| Royalty Ledger Entries | 7 years — as required by SA tax law |
As a data subject under POPIA Act 4 of 2013, you have the right to:
To exercise any of these rights, contact us at [email protected]. We will respond within 30 days as required by POPIA.
All data is encrypted in transit (TLS 1.3) and at rest. The registry operates on Cloudflare's global edge network with enterprise-grade DDoS protection and Web Application Firewall (WAF) rules. Document hashes are stored in Cloudflare D1 (SQLite) with row-level access controls.
LinkDaddy LLC is incorporated in the United States. Data processed through the DPP registry may be transferred to and stored on servers in the United States and European Union (Cloudflare edge nodes). These transfers are made in compliance with POPIA Section 72 and are subject to appropriate safeguards.
We will notify registered users by email of any material changes to this policy at least 30 days before they take effect. The current version is always available at digitalproductpassports.co.za/legal/privacy-policy.
We use essential cookies to keep you logged in and functional cookies to personalise your DPP experience. No advertising or tracking cookies. Ever. Cookie Policy · Privacy Policy