BuFf0k Privacy Policy

Effective date: 10 July 2026 |

Website: https://buff0k.co.za

1. Who we are

BuFf0k.co.za is a personal website operated by Eben van Deventer under the name BuFf0k from Mpumalanga, Republic of South Africa. For purposes of the Protection of Personal Information Act 4 of 2013 (POPIA), Eben van Deventer is the responsible party and privacy contact for the website.

Privacy enquiries, requests and complaints may be

sent to buff0k@gmail.com.

2. Scope of this Privacy Policy

This Privacy Policy applies to the BuFf0k website

at https://buff0k.co.za, including its personal blog, development hub, how-to

guides, open-source project showcases, invited-user accounts, comments and

profile descriptions.

This policy explains what personal information is collected, why it is processed, how Google user data is handled, how long information is retained, and the rights available to data subjects.

3. Information we collect

We may collect and process the following categories of personal information:

•     Account information, including name, email address, profile image, profile description, user roles and account status.

•     Authentication information received through Google Sign-In, limited to the openid, email and profile scopes.

•     Content submitted by invited users, limited to comments and profile descriptions.

•     Technical and security information, including IP address, login timestamps, browser or device information, session information, audit records, server logs and error logs.

•     Website usage information collected through Google Analytics 4.

We do not use the website for paid services, subscriptions, advertising, remarketing or targeted marketing.

4. Google Sign-In and Google user data

Invited users may authenticate through Google Sign-In. The website requests only the openid, email and profile scopes. This allows the website to verify identity and receive a user's basic Google account information, such as email address, display name and profile image.

Google user data obtained for sign-in is used only to authenticate the user, create or maintain the corresponding Frappe user account, operate invited-user features, maintain security and administer access permissions.

BuFf0k does not retain Google OAuth access tokens or refresh tokens for ordinary users. The website does not access an invited user's Google Drive, Gmail, Calendar, Contacts or other Google service content.

Google Drive APIs are used separately by administrators for site backup purposes. Ordinary invited users do not grant Google Drive access. Administrative backups may contain information already stored in the website database, but the backup process does not access users' personal Google Drive files.

Google user data is not sold, used for advertising, used for credit or lending decisions, or transferred for unrelated purposes. It is shared only as necessary with service providers that support website operation, or where disclosure is required by law.

5. Why we process personal information

Personal information is processed only where reasonably necessary for legitimate website operations, performance of the user relationship, compliance with legal obligations, protection of the website and its users, or with consent where consent is the appropriate basis.

The principal purposes are to authenticate invited users, manage accounts and permissions, publish user comments and profile descriptions, secure and troubleshoot the website, measure aggregate website usage, maintain backups and respond to privacy requests.

6. Google Analytics 4 and cookies

The website uses Google Analytics 4 to understand how visitors use the website and to improve content and performance. Google Analytics may collect information such as approximate location, device and browser information, pages viewed, referral source, interaction events and IP-derived information in accordance with Google's own terms and privacy practices.

The website does not use Google Analytics for advertising, remarketing or targeted marketing. Frappe also uses essential cookies and session identifiers required for authentication, security and normal website operation.

Users may restrict or delete cookies through their browser settings, although doing so may prevent login or other essential features from working correctly.

7. User comments and profile descriptions

Invited users may submit comments and profile descriptions. Information intentionally published in these areas may be visible to other visitors or invited users, depending on the relevant page and permissions.

Users must not publish personal information about another person without a lawful basis or appropriate permission. BuFf0k may moderate, edit, hide or remove content that is unlawful, abusive, unsafe, misleading, infringing or contrary to the Terms of Service.

8. Hosting, DNS and service providers

The website is self-hosted on a server physically located at the operator's home in Mpumalanga, South Africa. DNS services are provided by Home-Connect. Google services are used for user authentication, analytics and administrative backups.

Some service providers may process information outside South Africa. Where cross-border processing occurs, reasonable steps are taken to ensure that the recipient is subject to appropriate legal, contractual or other safeguards consistent with POPIA.

9. Retention and deletion

Active account information is retained for as long as the invited account remains active or as reasonably necessary for the purposes described in this policy.

Users may delete their own accounts. Deletion removes the active user account and associated personal details from the live website. Information contained in rolling backups may remain for no longer than five days before being overwritten or deleted through the normal backup cycle. Backups are used only for disaster recovery and are not searched or restored to recover information about an individual user unless required for a legitimate recovery or legal purpose.

Technical, audit and security logs are retained only for a reasonable operational period and may be retained longer where necessary to investigate abuse, a security incident, a legal claim or a legal obligation. Public comments may be anonymised or removed when an account is deleted, depending on technical and contextual requirements.

10. Security

Reasonable technical and organisational measures are used to protect personal information against loss, misuse, unauthorised access, alteration or destruction. Measures include HTTPS, access controls, role-based permissions, authentication controls, software updates, logging, restricted administrative access and limited backup retention.

No internet service can guarantee absolute

security. Users should protect their Google accounts and immediately report

suspected unauthorised access to buff0k@gmail.com.

11. Your rights under POPIA

Subject to applicable law, a data subject may request confirmation of whether personal information is held, request access to it, request correction or deletion of inaccurate or unlawfully processed information, object to certain processing, withdraw consent where processing is based on consent, or lodge a complaint with the Information Regulator of South Africa.

Requests may be sent free of charge to

buff0k@gmail.com. Sufficient information may be requested to verify identity

and locate the relevant records. Some information may need to be retained where

required by law or reasonably necessary for the establishment, exercise or

defence of a legal claim.

12. Children

The website and invited-user accounts are intended

only for persons aged 18 years or older. BuFf0k does not knowingly invite or

register children as users. If personal information relating to a child is

discovered, please contact buff0k@gmail.com so that appropriate action can be

taken.

13. Security compromises

Where there are reasonable grounds to believe that personal information has been accessed or acquired by an unauthorised person, BuFf0k will investigate and will notify the Information Regulator and affected data subjects where required by POPIA.

14. Changes to this policy

This Privacy Policy may be updated when website functionality, legal requirements or service providers change. The current version will be published on buff0k.co.za with its effective date. Material changes affecting invited users may also be communicated through the website or by email.

15. Contact and complaints

Responsible party and privacy contact: Eben van Deventer, operating as BuFf0k, Mpumalanga, South Africa.

Email: buff0k@gmail.com.

A data subject may also lodge a complaint with the Information Regulator of South Africa using the contact and complaint channels published by the Regulator.

16. Legal and policy references

This policy is intended to reflect the requirements of the Protection of Personal Information Act 4 of 2013 and the Google API Services User Data Policy, including Google's requirements that an application privacy policy clearly explain how Google user data is accessed, used, stored and shared.