Privacy Policy - GreenLine

← Back to Home

XTIAN (PTY) Ltd ("GreenLine", "we", "us", or "our") is committed to protecting your privacy and complying with South Africa's Protection of Personal Information Act, 2013 ("POPIA").

            Your Privacy Matters: We collect only the information necessary to provide our DNS filtering service. We do not sell your personal information to third parties. We do not log the full content of your DNS queries for commercial purposes.
        

1. Information Officer

As required by POPIA, we have designated an Information Officer responsible for ensuring compliance with data protection requirements:

Information Officer: Legal Department, XTIAN (PTY) Ltd
Email: privacy@mygreenline.co.za
Contact for Data Subject Requests: privacy@mygreenline.co.za

2. Responsible Party Details

Name: XTIAN (PTY) Ltd
Trading As: GreenLine
Contact Email: support@mygreenline.co.za
Website: mygreenline.co.za

3. Information We Collect

3.1 Account Information

When you register for GreenLine, we collect:

Full name
Email address
Password (encrypted and hashed)
Billing information (processed securely by Paystack)
Physical address (for billing and firewall device shipping)
Phone number (optional, for account recovery)

3.2 Service Usage Information

To provide and improve our DNS filtering service, we collect:

Device identifiers (for device limit enforcement)
IP addresses (for connection management)
DNS query metadata (domains queried, timestamp, query type)
Filtering actions (blocked/allowed domains)
VPN connection logs
Service configuration preferences

3.3 Technical Information

Browser type and version
Operating system
Device type
Connection timestamps
Service performance metrics

3.4 Mobile App - Accessibility Service and Keyword Monitoring

Important: Our Android mobile app uses Android's Accessibility Service to provide accountability monitoring. This section explains exactly what data is collected and how it is used.

3.4.1 Technical Capabilities

When you enable the Accessibility Service, our app can technically read all text displayed on your screen. However, we have implemented strict limitations on what we actually collect and store:

What we DO collect: Only text that matches your pre-configured accountability keywords
What we do NOT collect: Passwords, credit card numbers, banking information, all screen text, screenshots, or any text that doesn't match your keywords

3.4.2 Exact Data Collected (Keyword Matches Only)

When a keyword match is detected, we collect the following specific data elements:

Data Element	Example	Purpose
Matched text snippet	The exact keyword that was matched	Accountability reporting
Application package name	"com.android.chrome", "com.whatsapp"	Identify source app
Detection timestamp	"2026-01-20 14:30:45"	Time-based reporting
Keyword identifier	Reference to your keyword configuration	Match categorization
Severity level	HIGH / MEDIUM / LOW	Alert prioritization
Action type	NOTIFY / BLOCK / LOG	Response tracking

3.4.3 Data Storage and Transmission

Local Storage: Keyword matches are temporarily stored in an encrypted database on your device
Transmission: Data is transmitted to mygreenline.co.za servers every 60 minutes via encrypted HTTPS connection
Server Location: South Africa

3.4.4 Data Recipients and Sharing

Keyword monitoring data is shared with:

GreenLine Servers: For processing and secure storage
Your Designated Accountability Partner: The person you have specifically chosen to receive accountability reports

Usage: This data is used exclusively for accountability monitoring purposes.

This data is NOT used for:

Advertising or ad targeting
Analytics beyond service improvement
Sale to third parties
Any purpose other than accountability monitoring

3.4.5 Consent Requirements

Before the Accessibility Service is enabled, users must:

View a comprehensive disclosure explaining all data collection practices
Explicitly acknowledge understanding of what data is collected and how it's used
Confirm consent to sharing data with their accountability partner
Manually enable the service in Android Settings

3.5 Information We DO NOT Collect

We do not collect:

Full browsing history beyond DNS queries
Website content you view
Personal messages or communications (except keyword matches)
Passwords or authentication credentials
Credit card or banking information
Screenshots or images
All screen text (only keyword matches)
Race, religious beliefs, or political opinions
Health or biometric information
Criminal history

4. Legal Basis for Processing (POPIA Compliance)

We process your personal information based on:

Processing Activity	Legal Basis
Account management and service delivery	Contractual obligation (Section 11(1)(b))
DNS filtering and threat protection	Legitimate interest (Section 11(1)(f))
Billing and payment processing	Contractual obligation
Customer support	Contractual obligation
Service improvement and analytics	Legitimate interest
Marketing communications	Consent (can be withdrawn)
Accessibility service keyword monitoring	Explicit consent (Section 11(1)(a))
Sharing data with accountability partner	Explicit consent (Section 11(1)(a))
Legal compliance	Legal obligation (Section 11(1)(a))

5. How We Use Your Information

5.1 Service Delivery

Providing DNS filtering and content blocking
Enforcing safe search settings
Managing VPN connections
Configuring and managing firewall devices
Enforcing device limits per subscription plan

5.2 Service Improvement

Identifying and blocking new threats
Improving filter accuracy
Optimizing service performance
Analyzing usage patterns (aggregated and anonymized)

5.3 Account Management

Processing subscriptions and payments
Providing customer support
Sending service notifications
Managing family member accounts

5.4 Legal Compliance

Complying with South African law
Responding to lawful requests from authorities
Protecting our legal rights
Preventing fraud and abuse

6. Data Retention

6.1 Retention Periods

Data Type	Retention Period
Account information	Duration of account + 12 months
DNS query metadata	14 days (rolling window)
Connection logs	90 days
Billing records	7 years (tax law requirement)
Support tickets	3 years
Keyword monitoring data (mobile app)	Retained for accountability reporting; deletable on request
Aggregated analytics	Indefinitely (anonymized)

6.2 Deletion

When retention periods expire, we securely delete or anonymize your data. You may request earlier deletion by exercising your data subject rights (see Section 9).

6.3 Accountability Data Deletion

For mobile app keyword monitoring data specifically, you can request deletion by contacting support@mygreenline.co.za. Upon account termination, all accountability monitoring data associated with your account will be deleted.

7. Information Sharing and Third Parties

7.1 We Share Information With:

Your Accountability Partner (Mobile App Users):

If you use our mobile app's accountability features, keyword match data is shared with the accountability partner you designate
This includes: matched keywords, timestamps, application names, and severity levels
You choose your accountability partner and can change or remove them at any time
This sharing only occurs with your explicit consent

Payment Processor:

Paystack: For processing subscription payments. Paystack has its own privacy policy and POPIA compliance measures.

Service Providers:

Email service providers (for transactional emails and notifications)
Hosting and infrastructure providers
Customer support tools

All third parties are contractually obligated to protect your data and use it only for specified purposes.

7.2 We DO NOT:

Sell your personal information to advertisers
Share your browsing data with marketers
Provide your DNS query data to third parties for commercial purposes
Sell or rent customer lists

7.3 Legal Disclosures

We may disclose information when:

Required by South African law
Ordered by a court or law enforcement
Necessary to protect our legal rights
Needed to prevent fraud or protect safety

We will notify you of legal requests unless prohibited by law.

8. Data Security

8.1 Security Measures

We implement appropriate technical and organizational measures including:

Encryption of data in transit (TLS/SSL)
Encryption of data at rest
Secure password hashing (bcrypt)
Regular security audits
Access controls and authentication
Firewall protection
Regular backups
Employee training on data protection

8.2 Data Breach Notification

As required by POPIA, if we experience a data breach that poses a risk to your rights and freedoms, we will:

Notify the Information Regulator within 72 hours
Notify affected users as soon as reasonably possible
Provide details about the breach and mitigation steps
Report through the Information Regulator's eServices Portal

9. Your Rights Under POPIA

As a data subject under POPIA, you have the following rights:

9.1 Right of Access (Section 23)

You may request confirmation of what personal information we hold about you and access to that information.

9.2 Right to Correction (Section 24)

You may request correction of inaccurate or incomplete personal information.

9.3 Right to Deletion (Section 24)

You may request deletion of your personal information when:

It's no longer necessary for the purpose collected
You withdraw consent (where consent was the basis)
You object to processing
The information was unlawfully obtained

9.4 Right to Object (Section 11(3))

You may object to processing of your personal information on reasonable grounds.

9.5 Right to Restriction

You may request restriction of processing in certain circumstances.

9.6 Right to Data Portability

You may request your data in a structured, commonly used format.

9.7 How to Exercise Your Rights

To exercise any of these rights, contact us at:

Email: privacy@mygreenline.co.za
Subject Line: "Data Subject Request"
Response Time: We will respond within 30 days

10. Cookies and Tracking

10.1 Cookies We Use

Cookie Type	Purpose	Consent Required
Session cookies	Authentication and security	No (strictly necessary)
CSRF tokens	Security protection	No (strictly necessary)
Preference cookies	Remember your settings	Yes (optional)
Analytics cookies	Service improvement	Yes (optional)

10.2 Managing Cookies

You can control cookies through your browser settings. Note that disabling essential cookies may affect service functionality.

11. Mobile App Privacy (Android & iOS)

This section provides additional disclosures required by Google Play and Apple App Store policies.

11.1 Android App - Accessibility Service

Our Android app uses the Accessibility Service API to provide keyword monitoring for accountability purposes. Before this service is enabled:

A prominent disclosure dialog explains all data collection
Users must explicitly consent with a checkbox agreement
Users must manually enable the service in Android Settings
Users can disable the service at any time

11.2 iOS App - Screen Time and Monitoring

Our iOS app uses Apple-approved frameworks for monitoring and filtering. On iOS:

Screen monitoring is performed using approved Apple APIs
Network filtering uses Network Extension framework
All iOS privacy permissions are requested with clear explanations
Data collection follows the same principles as Android (keyword matches only)

11.3 App Store Privacy Disclosures

In compliance with Apple App Store and Google Play requirements, we disclose:

Data Type	Collected	Linked to User	Used for Tracking
Contact Info (Email)	Yes	Yes	No
Identifiers (Device ID)	Yes	Yes	No
Usage Data (App activity)	Yes (keyword matches only)	Yes	No
Diagnostics	Yes	No	No

Third-Party Sharing: Accountability data is shared with your designated accountability partner only.

Tracking: We do not track users across other companies' apps or websites for advertising purposes.

12. Children's Privacy

GreenLine is a family safety service. We collect minimal information about child users:

Children under 18 must have parental consent
Parents/guardians control child accounts
We collect only information necessary for filtering
Children's data receives enhanced protection
Parents may access and delete children's data at any time

13. International Data Transfers

Your data is primarily stored and processed in South Africa. If we transfer data internationally:

We ensure adequate data protection measures
We use standard contractual clauses where applicable
We comply with POPIA's cross-border transfer requirements

14. Marketing Communications

We may send you marketing emails about:

New features and services
Special offers and promotions
Service tips and best practices

You can opt out at any time by:

Clicking "unsubscribe" in any marketing email
Contacting support@mygreenline.co.za
Updating preferences in your account settings

Note: You cannot opt out of essential service emails (security alerts, billing notifications, service changes).

15. Changes to This Privacy Policy

We may update this policy to reflect:

Changes in our services
Legal or regulatory updates
Best practice improvements

We will notify you of material changes via:

Email to your registered address
Prominent notice on our website
In-app notification

16. Contact Us

For privacy-related questions or concerns:

Privacy Inquiries: privacy@mygreenline.co.za
Information Officer: privacy@mygreenline.co.za
General Support: support@mygreenline.co.za
Website: mygreenline.co.za

17. Complaints to the Information Regulator

If you believe we have violated POPIA, you may lodge a complaint with:

Information Regulator (South Africa)
Email: inforeg@justice.gov.za
Website: www.justice.gov.za/inforeg
Phone: +27 (0)10 023 5200

We encourage you to contact us first so we can address your concerns directly.

18. Governing Law

This Privacy Policy is governed by the laws of the Republic of South Africa, including POPIA and related regulations.