Legal
Last updated: May 2026
Effective date: May 2026
This Privacy Policy describes how Zenith Digital (Pty) Ltd collects, uses, and protects your personal information when you use The Content Factory platform. Please read this policy carefully.
The Content Factory is a social media content automation platform operated by Zenith Digital (Pty) Ltd ("we", "us", or "our"), a company registered in South Africa. This Privacy Policy explains how we collect, use, store, and protect your personal information when you use our platform at content-factory.zenithdigi.co.za. We are committed to protecting your privacy in accordance with the Protection of Personal Information Act 4 of 2013 (POPIA) and other applicable data protection laws. By using The Content Factory, you agree to the collection and use of information as described in this policy. If you have any questions about this policy, contact us at taahir@zenithdigi.co.za.
Business Name: Zenith Digital (Pty) Ltd Platform: The Content Factory (content-factory.zenithdigi.co.za) Location: Johannesburg, Gauteng, South Africa, 1514 Contact Email: taahir@zenithdigi.co.za Data Responsible Party: Taahir Ally, Zenith Digital (Pty) Ltd
We collect the following categories of personal information: Account Information When you register for The Content Factory, we collect your name, email address, display name, and company name. This information is used to create and manage your account. Social Media Account Data When you connect your Facebook, Instagram, LinkedIn, or TikTok accounts to our platform, we collect and store OAuth access tokens, refresh tokens, token expiry dates, and your social media account identifiers (user IDs and page IDs). These tokens are stored encrypted and are used solely to publish content on your behalf to the connected platforms. Company and Brand Information We collect information you provide about your business, including your company name, website, description, industry, target audience, brand colours, and logo. This information is used to personalise AI-generated content for your brand. Content Data We store social media posts, captions, images, and videos generated through our platform, as well as your content prompts, preferences, and scheduling information. Usage Data We collect information about how you use our platform, including pages visited, features used, actions taken, and timestamps. This data is used to improve our service. Google Account Data If you connect your Google account to use our lead form generation feature, we collect your Google email address and OAuth tokens to access Google Drive and Google Sheets on your behalf. This access is used solely to create and manage lead capture spreadsheets. Device and Technical Data We collect your IP address, browser type, device type, and operating system for security and fraud prevention purposes.
We use your personal information for the following purposes: — To provide our services, including AI-powered content generation, scheduling, and publishing to your connected social media accounts — To personalise content to match your brand identity and audience — To authenticate and maintain your connected social media platform accounts — To generate and manage lead capture forms and associated Google Sheets on your behalf — To send you important service notifications, updates, and security alerts — To improve and develop our platform and services — To ensure the security of your account and prevent fraud — To comply with our legal obligations under POPIA and applicable platform terms We will not use your personal information for any purpose not described in this policy without first obtaining your consent.
Our platform integrates with the following third-party social media platforms to provide publishing and content management services: Facebook and Instagram (Meta) When you connect your Facebook or Instagram account, we access these platforms via Meta's Graph API using OAuth 2.0 authentication. We store your access tokens securely to publish content on your behalf. We access only the permissions you explicitly grant during the OAuth flow. Your use of Facebook and Instagram features is also governed by Meta's Privacy Policy (https://www.facebook.com/privacy/policy/) and Terms of Service. LinkedIn When you connect your LinkedIn account, we access LinkedIn's API using OAuth 2.0 authentication to publish posts to your LinkedIn profile or company pages. Your use of LinkedIn features is also governed by LinkedIn's Privacy Policy (https://www.linkedin.com/legal/privacy-policy). TikTok When you connect your TikTok account, we access TikTok's API using OAuth 2.0 authentication to publish content to your TikTok profile. Your use of TikTok features is also governed by TikTok's Privacy Policy (https://www.tiktok.com/legal/page/global/privacy-policy/en). Google When you connect your Google account, we access Google Drive and Google Sheets APIs to create and manage lead capture spreadsheets. Your use of Google features is also governed by Google's Privacy Policy (https://policies.google.com/privacy). We do not share your personal information with these platforms beyond what is necessary to provide the publishing and content management services you have requested. We do not sell your data to any social media platform or third party.
Your data is stored on secure servers provided by Supabase, hosted within Amazon Web Services infrastructure. We implement the following security measures to protect your personal information: — Encryption of all data in transit using HTTPS/TLS — Encryption of sensitive data at rest, including OAuth access tokens and API keys — Row Level Security (RLS) policies ensuring users can only access their own data — JWT-based authentication for all API requests — Rate limiting to prevent abuse — reCAPTCHA v3 on public-facing forms to prevent automated submissions — Regular security reviews and access controls Despite our security measures, no system is completely secure. If you become aware of any security breach affecting your account, please contact us immediately at taahir@zenithdigi.co.za.
We retain your personal information for as long as your account is active or as needed to provide our services. Specifically: — Account information is retained until you request account deletion — Social media OAuth tokens are retained while your account is active and the connection remains authorised. Tokens are deleted immediately upon disconnection or account deletion — Generated content is retained until you delete it or request account deletion — Usage logs are retained for a maximum of 12 months — Audit logs related to data deletion requests are retained for 3 years for legal compliance purposes When you request deletion of your account, we will permanently delete your personal information within 30 days, except where retention is required by law.
We do not sell, rent, or trade your personal information to third parties. We may share your information only in the following circumstances: Service Providers We use trusted third-party service providers to operate our platform, including Supabase (database and authentication), Vercel (hosting), and n8n (workflow automation). These providers process data on our behalf and are contractually required to protect your information and use it only as directed by us. Social Media Platforms We share your content and account tokens with Facebook, Instagram, LinkedIn, and TikTok solely to publish content on your behalf, as you have authorised. Legal Requirements We may disclose your personal information if required to do so by law, court order, or government authority, or to protect the rights, property, or safety of Zenith Digital, our users, or the public. Business Transfers In the event of a merger, acquisition, or sale of assets, your personal information may be transferred as part of that transaction. We will notify you before your information becomes subject to a different privacy policy. We will never share your personal information with third parties for their own marketing purposes.
As a data subject under the Protection of Personal Information Act (POPIA), you have the following rights: Right to Access You have the right to request a copy of the personal information we hold about you. Right to Correction You have the right to request that we correct any inaccurate or incomplete personal information we hold about you. Right to Deletion You have the right to request that we delete your personal information. We will process deletion requests within 30 days. See Section 11 for details on how to submit a deletion request. Right to Objection You have the right to object to the processing of your personal information in certain circumstances. Right to Restriction You have the right to request that we restrict the processing of your personal information in certain circumstances. Right to Data Portability You have the right to receive your personal information in a structured, commonly used format. To exercise any of these rights, contact us at taahir@zenithdigi.co.za. We will respond to all requests within 30 days.
The Content Factory uses session cookies and local storage to maintain your authentication session and remember your preferences. We do not use third-party advertising cookies or tracking pixels. Our platform uses Google reCAPTCHA v3 on public-facing forms to detect and prevent automated abuse. reCAPTCHA collects hardware and software information and sends it to Google for analysis. This is governed by Google's Privacy Policy. You may disable cookies in your browser settings, but this may affect the functionality of our platform.
You can request deletion of your data through the following methods: In-App Account Deletion Navigate to Settings within the platform to request account deletion. Email Request Send a deletion request to taahir@zenithdigi.co.za with the subject line "Data Deletion Request" and include your registered email address. We will process your request within 30 days and send a confirmation email. Facebook-Specific Data Deletion If you connected your Facebook account to The Content Factory and wish to have your Facebook-related data deleted, you can submit a request through Facebook's settings by removing our app under Settings → Apps and Websites. Facebook will automatically notify us and we will delete your Facebook connection data within 30 days. You can verify the status of your deletion at: https://content-factory.zenithdigi.co.za/api/facebook/data-deletion/status For full details of our data deletion process, see our Data Deletion Policy at: https://content-factory.zenithdigi.co.za/data-deletion
The Content Factory is a business-facing social media management platform and is not directed at children under the age of 13. We do not knowingly collect personal information from children under 13. If you believe we have inadvertently collected information from a child under 13, please contact us at taahir@zenithdigi.co.za and we will delete that information promptly.
Your personal information may be transferred to and processed in countries outside South Africa, including the United States, where our service providers (Supabase, Vercel) operate their infrastructure. Where such transfers occur, we ensure that appropriate safeguards are in place to protect your personal information in accordance with POPIA and applicable data protection laws.
We may update this Privacy Policy from time to time to reflect changes in our practices or applicable laws. We will notify you of material changes by email and by updating the "Last Updated" date on this page. Your continued use of The Content Factory after changes are posted constitutes your acceptance of the updated policy.
If you have any questions, concerns, or requests relating to this Privacy Policy or how we handle your personal information, please contact us: Zenith Digital (Pty) Ltd Johannesburg, Gauteng, South Africa, 1514 Email: taahir@zenithdigi.co.za Website(s): https://zenithdigi.co.za | https://content-factory.zenithdigi.co.za You also have the right to lodge a complaint with the Information Regulator of South Africa if you believe your rights under POPIA have been violated: Website: https://inforegulator.org.za Email: inforeg@justice.gov.za