Last updated: 6 July 2026

iHeart CNTRL (accessible at cntrl.iheartdigital.co.za) is a social media management platform and a wholly owned product of IHEART DIGITAL (PTY) LTD (Registration No. 2026/453657/07), a company registered in the Republic of South Africa. All references to "the Service", "the Platform", or "iHeart CNTRL" in this policy refer to this product and its associated services.

IHEART DIGITAL (PTY) LTD ("we", "us", "our"), trading as iHeart Digital, is committed to protecting your personal information in accordance with the Protection of Personal Information Act 4 of 2013 (POPIA) and other applicable data protection laws. This Privacy Policy describes how iHeart CNTRL collects, uses, stores, and protects your personal information.

1. Information We Collect

CategoryExamplesPurpose
Account infoName, email address, password (hashed)Authentication, account management
Workspace dataWorkspace name, team members, brand settingsService functionality
Social media tokensOAuth access & refresh tokensPublishing and analytics on your behalf
Social media profile dataProfile name, profile picture, page/account identifiersDisplaying connected accounts, publishing content
ContentPost text, images, videos you uploadScheduling, publishing, storage
Analytics dataPost performance metrics, engagement statisticsReporting and insights
Usage dataPages visited, features used, browser typeService improvement, debugging

2. How We Use Your Information

3. Third-Party Platform Integrations

iHeart CNTRL integrates with the following third-party social media platforms to provide its core functionality:

3.1 Supported Platforms

3.2 How We Use Platform Data

When you connect a social media account to iHeart CNTRL, we access and use platform data strictly for the following purposes:

We do not sell, rent, or share your social media data with any third party. Platform data is only accessed, stored, and used to provide the iHeart CNTRL service to you.

3.3 Additional Third-Party Services

4. Data Security

5. Data Retention

We retain your data for as long as your account is active. If you delete your account, we will delete or anonymise your personal data within 30 days, except where retention is required by law. Social media OAuth tokens are immediately revoked and deleted upon account disconnection.

6. Your Rights (POPIA)

Under the Protection of Personal Information Act (POPIA) of South Africa, you have the right to:

To exercise any of these rights, contact us using the details in Section 12 below.

7. Cookies

We use essential cookies for authentication and session management. We do not use third-party advertising or tracking cookies.

8. Children's Privacy

The Service is not intended for individuals under the age of 18. We do not knowingly collect personal information from children.

9. International Data Transfers

Your data may be processed on servers located outside South Africa. Where this occurs, we ensure appropriate safeguards are in place as required by POPIA, including ensuring that the recipient country has adequate data protection legislation or that contractual protections are in place.

10. Data Breach Notification

In the event of a data breach that poses a risk to your rights and freedoms, we will notify the Information Regulator and affected data subjects as required by POPIA, without undue delay.

11. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via email or in-app notification. The "Last updated" date at the top of this page indicates when the policy was last revised.

12. Contact Us

For privacy-related enquiries, data access requests, or to exercise your POPIA rights, contact us at: