Legal

Privacy Policy

Last updated: 10 May 2026POPIA compliantHPCSA framework applied

We built Eliva to give every South African access to the kind of health and financial intelligence that has always been available only to those who could afford it. That means your data — especially your health data — is handled with the same seriousness we would want for our own families.

1. Who we are

Eliva is a South African AI-powered life companion platform. We operate at the intersection of health, food, money, and daily survival. Our registered contact for data matters is privacy@eliva.co.za. This policy applies to the Eliva mobile application, website (eliva.co.za), and all associated services.

2. What we collect

We collect information you provide when you create an account: your name, email address, and optionally a phone number. We collect information you share with Liv: dietary preferences, health goals, family profiles, grocery lists, budget, and any health conditions you choose to disclose. We collect usage data: how you interact with the app, basket history, order history, and Liv conversation history. We collect device information for push notifications (Expo push token). We do not collect payment card details — all payments are processed and held by PayFast.

3. Health data — special handling

Health information (dietary profiles, health goals, chronic condition information, meal logs, food photo analysis) is classified as special personal information under POPIA. We collect it only with your explicit, informed consent given during onboarding. It is stored separately from your general account data with stricter Row Level Security policies. Only you can read your health data — not even Eliva staff can access individual health records without your explicit consent. You can delete all health data at any time from your profile settings. HPCSA disclaimer: Liv's nutritional guidance is for informational purposes only and does not constitute medical advice, a clinical diagnosis, or a professional dietary prescription. Always consult a qualified healthcare professional for medical decisions.

4. How we use your information

We use your information to power Liv's personalised responses and meal planning, to compare grocery prices across Shoprite, Pick n Pay, Checkers, and Woolworths, to track your budget and calculate savings, to score your basket against your health and dietary goals, to send you price drop alerts and order notifications (only if you opt in), to match you with appropriate HPCSA-verified dieticians (with your explicit consent), and to improve Eliva's accuracy for all South African users. We do not use your data for advertising. We do not sell your data to any third party.

5. Who we share your data with

We share data with the following service providers, all of whom are contractually bound to protect your information: Supabase (database, authentication, and storage — data stored in Supabase's cloud infrastructure), Anthropic (the AI that powers Liv — your conversation context and dietary profile are sent to their API to generate responses; Anthropic does not store this data for training without consent), Resend (transactional email delivery), Expo (push notification delivery), and PayFast (payment processing). If you book a dietician session, your relevant health data (basket history, health scores, dietary compliance) is shared with that specific dietician only after your explicit written consent at the time of booking.

6. Data storage and security

Your data is stored in Supabase's secure cloud infrastructure. All data in transit is encrypted using TLS 1.3. All data at rest is encrypted. Database access is protected by Row Level Security (RLS) — at the database level, your data physically cannot be accessed by any other user. We use Supabase Auth with secure token-based sessions. The Anthropic API key that powers Liv is stored only in server-side secrets and is never exposed to client devices. Supabase's infrastructure operates from their cloud regions with ISO 27001 certification.

7. How long we keep your data

We retain your personal data for as long as your account is active. Liv conversation history is retained for 12 months, then automatically deleted. If you delete your account, we delete all personal data within 30 days. Health data is deleted immediately upon your request or within 7 days of account deletion. We do not retain anonymised data beyond 30 days of account deletion. You have the right to request immediate deletion at any time by emailing privacy@eliva.co.za — we will action this within 7 business days.

8. Your rights under POPIA

Under the Protection of Personal Information Act 4 of 2013 (POPIA), you have the right to: know whether we hold personal information about you, access your personal information, correct inaccurate or incomplete information, object to processing of your personal information, request deletion of your information, and lodge a complaint. To exercise any of these rights, email privacy@eliva.co.za with the subject line "POPIA Rights Request". We will respond within 30 days. If you are not satisfied with our response, you may lodge a complaint with the Information Regulator of South Africa at inforeg.org.za or complaints@inforeg.org.za.

9. Cookies and tracking

The Eliva website uses only first-party session cookies for authentication. We do not use third-party advertising or tracking cookies. If we add analytics in future (for example, Vercel Analytics), we will update this policy and notify you. The Eliva mobile application does not use cookies. It uses secure, device-local storage for session tokens and app state.

10. Children

Eliva is not intended for children under 13. The Premium and Family plans require a paying adult account holder. Kids dietary profiles within a Family account are managed by the account-holding adult. We do not knowingly collect personal information directly from children under 13. If you believe we have inadvertently done so, email privacy@eliva.co.za immediately.

11. Changes to this policy

We may update this policy as Eliva evolves — new features, new service providers, new legal requirements. We will notify you of material changes via email and in-app notification at least 14 days before the change takes effect. Continued use of Eliva after a change takes effect constitutes acceptance of the updated policy.

12. Contact

Privacy questions, POPIA rights requests, or data deletion: privacy@eliva.co.za — we respond within 7 business days. Information Regulator of South Africa: inforeg.org.za · complaints@inforeg.org.za · 012 406 4818.

Information Regulator of South Africa
If you are not satisfied with our response to a privacy complaint, you may contact the Information Regulator:
inforeg.org.za · complaints@inforeg.org.za · 012 406 4818