Last updated: 6 July 2026
iHeart CNTRL (accessible at
cntrl.iheartdigital.co.za) is a social media management platform and a wholly owned product of
IHEART DIGITAL (PTY) LTD (Registration No. 2026/453657/07), a company registered in the Republic of South Africa. All references to "the Service", "the Platform", or "iHeart CNTRL" in this policy refer to this product and its associated services.
IHEART DIGITAL (PTY) LTD ("we", "us", "our"), trading as iHeart Digital, is committed to protecting your personal information in accordance with the Protection of Personal Information Act 4 of 2013 (POPIA) and other applicable data protection laws. This Privacy Policy describes how iHeart CNTRL collects, uses, stores, and protects your personal information.
1. Information We Collect
| Category | Examples | Purpose |
| Account info | Name, email address, password (hashed) | Authentication, account management |
| Workspace data | Workspace name, team members, brand settings | Service functionality |
| Social media tokens | OAuth access & refresh tokens | Publishing and analytics on your behalf |
| Social media profile data | Profile name, profile picture, page/account identifiers | Displaying connected accounts, publishing content |
| Content | Post text, images, videos you upload | Scheduling, publishing, storage |
| Analytics data | Post performance metrics, engagement statistics | Reporting and insights |
| Usage data | Pages visited, features used, browser type | Service improvement, debugging |
2. How We Use Your Information
- To provide, operate, and maintain the iHeart CNTRL platform.
- To authenticate your identity and manage your account.
- To connect to and interact with third-party social media platforms on your behalf, including publishing posts, retrieving analytics, and managing page content.
- To send transactional emails (e.g., password resets, notifications).
- To improve the Service and develop new features.
- To comply with legal obligations.
3. Third-Party Platform Integrations
iHeart CNTRL integrates with the following third-party social media platforms to provide its core functionality:
3.1 Supported Platforms
- Facebook (Meta Platforms, Inc.) — Page management, content publishing, and analytics.
- Instagram (Meta Platforms, Inc.) — Business account content publishing (Posts, Reels, Stories, Carousels) and analytics.
- LinkedIn (LinkedIn Corporation / Microsoft) — Profile and Company Page content publishing, page management, and analytics.
- X (formerly Twitter) — Profile content publishing and analytics.
- TikTok (ByteDance) — Content publishing and analytics.
- YouTube (Google LLC) — Video publishing and channel analytics.
- Google Business Profile (Google LLC) — Business listing management, post publishing, and review monitoring.
- Google Analytics (Google LLC) — Website analytics integration.
- WhatsApp Business (Meta Platforms, Inc.) — Business messaging notifications.
3.2 How We Use Platform Data
When you connect a social media account to iHeart CNTRL, we access and use platform data strictly for the following purposes:
- Content Publishing: To create, schedule, and publish posts, images, videos, and other content to your connected social media accounts on your behalf.
- Page & Profile Management: To retrieve and display your connected account information (name, profile picture, page details) within iHeart CNTRL for identification and management purposes.
- Analytics & Reporting: To retrieve engagement metrics (likes, comments, shares, impressions, reach) and present them in dashboards and reports within the platform.
- Account Health Monitoring: To monitor the connection status of your linked accounts and notify you when re-authorisation is required.
We do not sell, rent, or share your social media data with any third party. Platform data is only accessed, stored, and used to provide the iHeart CNTRL service to you.
3.3 Additional Third-Party Services
- Cloud storage — to securely store uploaded media assets.
- Email delivery (Resend) — to send transactional notifications and account communications.
- Link shortening (ihrt.link) — to provide branded short links with click tracking and UTM attribution.
4. Data Security
- All social media credentials (OAuth tokens) are encrypted at rest using envelope encryption (AES-256).
- All data in transit is encrypted via TLS/HTTPS.
- Passwords are hashed using industry-standard one-way hashing algorithms and are never stored in plain text.
- Access to production systems is restricted to authorised personnel of iHeart Digital (Pty) Ltd.
- We regularly review and update our security practices.
- Database access is restricted by firewall rules and requires authenticated credentials.
5. Data Retention
We retain your data for as long as your account is active. If you delete your account, we will delete or anonymise your personal data within 30 days, except where retention is required by law. Social media OAuth tokens are immediately revoked and deleted upon account disconnection.
6. Your Rights (POPIA)
Under the Protection of Personal Information Act (POPIA) of South Africa, you have the right to:
- Access your personal information we hold.
- Request correction of inaccurate information.
- Request deletion of your personal information.
- Object to the processing of your personal information.
- Withdraw consent for any processing based on consent.
- Lodge a complaint with the Information Regulator of South Africa.
To exercise any of these rights, contact us using the details in Section 12 below.
7. Cookies
We use essential cookies for authentication and session management. We do not use third-party advertising or tracking cookies.
8. Children's Privacy
The Service is not intended for individuals under the age of 18. We do not knowingly collect personal information from children.
9. International Data Transfers
Your data may be processed on servers located outside South Africa. Where this occurs, we ensure appropriate safeguards are in place as required by POPIA, including ensuring that the recipient country has adequate data protection legislation or that contractual protections are in place.
10. Data Breach Notification
In the event of a data breach that poses a risk to your rights and freedoms, we will notify the Information Regulator and affected data subjects as required by POPIA, without undue delay.
11. Changes to This Policy
We may update this Privacy Policy from time to time. Material changes will be communicated via email or in-app notification. The "Last updated" date at the top of this page indicates when the policy was last revised.
12. Contact Us
For privacy-related enquiries, data access requests, or to exercise your POPIA rights, contact us at: