Privacy Policy
How SMMart Manager collects, uses, stores, and protects your information.
Effective Date: 11 March 2026 | Version 1.0
This Privacy Policy explains how SMMart Manager collects, uses, stores, and protects information when you use our WordPress plugin and related services. We are committed to handling your data responsibly and in compliance with the Protection of Personal Information Act, 4 of 2013 (POPIA) and, where applicable, the General Data Protection Regulation (GDPR).
Please read this policy carefully before using SMMart Manager. By installing the plugin and connecting your accounts, you confirm that you have read and agree to this policy.
1. Who We Are
Responsible Party / Data Controller: Mediaholic Marketing (Pty) Ltd t/a SMMart Manager
Trading as: SMMart Manager
Registration: Registered in South Africa
Address: 61 Mackeurtan Avenue, Durban North, KwaZulu-Natal, 4051, South Africa
Email: donovan@mediaholic.co.za
Website: https://smmartmanager.ai
For all privacy-related enquiries, requests, or complaints, please contact us at the email address above.
2. What This Policy Covers
This policy applies to:
- The SMMart Manager WordPress plugin installed on your website
- The SMMart Manager licence management service hosted at smmartmanager.ai
- Any data transmitted between your website and our servers in the course of using the plugin
- Data processed by third-party services we use to deliver the plugin’s functionality
This policy does not cover the privacy practices of Meta (Facebook/Instagram), Anthropic, or any other third-party platform. We encourage you to review their privacy policies independently.
3. Information We Collect
We collect the minimum information necessary to operate the plugin.
| Data Type | Purpose | Where Stored |
|---|---|---|
| Name and email address | Account creation, licence delivery, and support communications | SMMart Manager licence server |
| Licence key | Authenticating your plugin installation and enforcing usage limits | Licence server and your WordPress database |
| Meta OAuth access tokens | Authorising the plugin to publish to your Facebook Page and Instagram account on your behalf | Licence server (encrypted) |
| Facebook Page ID and Instagram Account ID | Remembering which accounts to publish to without requiring re-selection each time | Your WordPress database |
| Monthly post usage count | Enforcing free tier limits and paid tier entitlements | Licence server and your WordPress database (cached) |
| Product image URLs | Transmitted to Meta’s Graph API for publishing; submitted to TinyURL for link shortening in post captions | Not stored — transmitted in real time only |
| Plugin error and diagnostic data (optional) | Remote error logging to allow us to diagnose issues without requiring you to provide logs manually. You may opt out at any time in plugin settings. | Licence server — logs retained for 90 days |
| WordPress, WooCommerce, and PHP version numbers | Included in error logs to assist with diagnosis | Licence server — only when error logging is enabled |
We do not collect or store the content of your social media posts, your product descriptions, your captions, or any payment card information.
4. How We Use Your Information
We use the information we collect solely to provide and improve the SMMart Manager plugin.
4.1 Delivering the Plugin Service
- Validating your licence and enforcing usage tier limits
- Storing your OAuth tokens so the plugin can publish to your connected social media accounts
- Remembering your selected Facebook Page and Instagram account between sessions
4.2 Communication
- Sending your licence key and purchase confirmation by email
- Sending important service notifications, such as upcoming deprecations or required re-authentication
- Sending our newsletter or product updates, if you have subscribed
You may unsubscribe from marketing emails at any time using the link in any email we send.
4.3 Diagnostics and Support
- If you have enabled remote error logging, using diagnostic data to identify and resolve issues affecting your plugin installation
- Responding to support requests you submit to us directly
4.4 Legal and Compliance
- Maintaining records required by South African company law
- Responding to lawful requests from regulatory authorities
We do not sell, rent, or trade your personal information to any third party for their own marketing purposes.
5. Third-Party Services
SMMart Manager integrates with the following third-party services to deliver its core functionality. By using the plugin, you acknowledge that data is transmitted to these services as described.
5.1 Meta (Facebook and Instagram)
When you connect your accounts and publish a post, your product images, captions, and account identifiers are transmitted to Meta’s Graph API. Meta’s use of this data is governed by their own Privacy Policy and Platform Terms.
- Meta receives: product image URLs, post captions, your Page ID and Instagram Account ID
- We do not control how Meta stores or uses data once transmitted
5.2 Anthropic (Claude AI)
AI-generated captions are produced by Claude, an AI model operated by Anthropic, PBC. When you generate a caption, your product name and description are sent to Anthropic’s API.
- Anthropic receives: product name and product description
- Anthropic does not use API data to train their models (per their API Terms of Service)
- No personal information about you or your customers is included in the prompt
5.3 TinyURL (Link Shortening)
Where short links are included in post captions, product page URLs from your website are submitted to TinyURL’s API for shortening. TinyURL may log these URLs in accordance with their own privacy policy.
- TinyURL receives: the full URL of the product being published
- No personal information is included in the request
We intend to replace TinyURL with a self-hosted short link service in a future update, which will eliminate this third-party data transfer entirely.
5.4 Payment Processing
Payments for paid licence tiers are processed by our payment gateway provider. We do not receive, store, or process your payment card details at any point. All payment data is handled directly by the payment processor under their own PCI-DSS compliant infrastructure.
6. Lawful Basis for Processing
Under POPIA and GDPR, we process your personal information on the following lawful grounds:
| Processing Activity | POPIA Basis | GDPR Equivalent |
|---|---|---|
| Licence management and service delivery | Contractual necessity | Art. 6(1)(b) — Contract |
| OAuth token storage | Contractual necessity | Art. 6(1)(b) — Contract |
| Transactional emails | Contractual necessity | Art. 6(1)(b) — Contract |
| Remote error logging | Legitimate interest / Consent | Art. 6(1)(a) — Consent |
| Newsletter and marketing emails | Consent | Art. 6(1)(a) — Consent |
| Legal and regulatory compliance | Legal obligation | Art. 6(1)(c) — Legal Obligation |
7. Data Retention
We retain your information only for as long as necessary for the purpose it was collected, or as required by law.
- Account and licence data: retained for the duration of your licence, plus 3 years for legal and accounting purposes
- OAuth access tokens: retained until you disconnect your account, your licence expires, or you request deletion — whichever comes first
- Remote error logs: automatically deleted after 90 days
- Email correspondence: retained for 3 years
- Transient usage cache data: expires after 5 minutes (WordPress transient)
When your data reaches the end of its retention period, it is permanently deleted from our systems.
8. Data Security
We take reasonable technical and organisational measures to protect your information, including:
- OAuth tokens are stored encrypted at rest on our licence server
- All data transmitted between your website and our servers uses HTTPS/TLS encryption
- Access to the licence server and its database is restricted to authorised personnel only
- Remote error log payloads are sanitised before transmission to remove potentially sensitive content
No method of transmission over the internet is completely secure. In the event of a data breach that is likely to result in harm to you, we will notify you and the relevant authorities in accordance with POPIA requirements.
9. Your Rights
Under POPIA (and GDPR where applicable), you have the following rights:
9.1 Right to Access
You may request a copy of the personal information we hold about you at any time.
9.2 Right to Correction
You may ask us to correct inaccurate or incomplete information.
9.3 Right to Deletion
You may request that we delete your personal information. The SMMart Manager plugin includes a built-in data deletion endpoint compliant with Meta’s platform requirements. When invoked, this endpoint permanently deletes your OAuth tokens, account linkage data, and usage records from our licence server.
9.4 Right to Withdraw Consent
Where processing is based on consent (such as remote error logging or marketing emails), you may withdraw consent at any time via the plugin settings or by contacting us. Withdrawal does not affect prior processing.
9.5 Right to Object
You may object to processing based on legitimate interests. We will consider and respond to your objection.
9.6 Right to Deauthorise
You may disconnect SMMart Manager from your Meta accounts at any time through the plugin settings or directly via your Facebook Security Settings. Your OAuth tokens are deleted from our system upon deauthorisation.
9.7 Right to Lodge a Complaint
If you are based in South Africa and believe we have not handled your information lawfully, you have the right to lodge a complaint with the Information Regulator:
- Information Regulator (South Africa) — www.justice.gov.za/inforeg/ — complaints.IR@justice.gov.za
If you are based in the European Union, you have the right to lodge a complaint with your local Data Protection Authority.
To exercise any of the above rights, please contact: donovan@mediaholic.co.za. We will respond to all legitimate requests within 30 days.
10. Cookies and Tracking
The SMMart Manager plugin does not set cookies on your website or your visitors’ browsers.
The smmartmanager.ai website may use standard cookies for session management and analytics. A separate cookie notice applies to the website.
11. International Data Transfers
SMMart Manager is operated from South Africa. Some third-party services we use (including Meta and Anthropic) process data on servers located outside South Africa, including in the United States.
By using SMMart Manager, you acknowledge that your data may be processed in jurisdictions with different data protection laws than your own. Where data is transferred internationally, we rely on the contractual commitments and data processing agreements maintained by those third-party services.
12. Children’s Privacy
SMMart Manager is a business tool intended for use by adults operating WooCommerce stores. It is not directed at individuals under the age of 18. We do not knowingly collect personal information from minors. If you believe a minor has provided us with personal information, please contact us and we will delete it promptly.
13. Changes to This Policy
We may update this Privacy Policy from time to time. When we do, we will:
- Update the Effective Date at the top of this document
- Publish the updated policy on our website
- Notify active licence holders by email where the changes are material
Your continued use of SMMart Manager after changes take effect constitutes acceptance of the updated policy.
14. Contact Us
For any questions, concerns, or requests relating to this Privacy Policy, please contact us:
Mediaholic Marketing (Pty) Ltd t/a SMMart Manager
Email: donovan@mediaholic.co.za
Address: 61 Mackeurtan Avenue, Durban North, KwaZulu-Natal, 4051, South Africa
Website: https://smmartmanager.ai
© 2026 Mediaholic Marketing (Pty) Ltd t/a SMMart Manager. All rights reserved. This document was last reviewed on 11 March 2026.