Privacy Policy
Last updated: 6 June 2026
FokOffMense("we", "us") operates https://fokoffmense.co.za and the FokOffMense Android mobile app. This policy explains what personal information we collect, how we use it, and your rights under the Protection of Personal Information Act (POPIA). The website and app share one account — data you add in either place appears in both.
1. Information we collect
- Account data: email address, name, authentication identifiers (via Supabase Auth), subscription status, and settings you provide.
- Profile data: optional contact details (phone, province, city) used for POPIA requests and household plans.
- Spam reports: numbers, sender details, categories, and content you submit when reporting spam.
- POPIA requests: subject details, company names, and correspondence related to opt-out or deletion requests we send on your behalf.
- Spam export (Google Takeout) uploads: when you upload a spam/promotions export, we parse sender addresses and related metadata from that file to identify companies and populate your dashboard. We do not keep the uploaded file after processing — it is deleted from our servers once parsing completes.
- Breach monitoring: if you enable it, we store the email address you choose to check against Have I Been Pwned (HIBP) and breach results returned by that service.
- Gmail blocking (optional): if you connect Gmail, we store an encrypted OAuth refresh token, your connected Gmail address, and a list of sender email addresses you opted to block via filters. We do not read, store, or analyse the contents of your Gmail messages.
- Usage and technical data: logs, audit records, and analytics needed to operate and secure the service.
- Support messages: content you send when opening a support ticket in the app or on the website.
- Push notifications (mobile): if you allow notifications, we store a device push token (via Expo) to send POPIA updates, breach alerts, and other in-app alerts you opt into.
2. Android mobile app
The FokOffMense Android app is optional. It uses the same account and backend as the website. Additional processing on Android includes:
- Call log and SMS (optional, on your device): if you grant permission, the app reads recent calls and SMS on your phone to show an inbox so you can pick items to report. This data is processed on your device. We do not upload your full call log or SMS history to our servers — only what you choose to submit in a spam report (number, description, and related fields). Your messages are never stored on our servers — the inbox is a convenience view on your phone only.
- Phone state: used to support call-related features on Android when permitted.
- Call screening and blocked numbers (optional):if you enable call screening, incoming calls from numbers you block may be rejected on your device using Android's call-screening role and the system blocked-numbers list. Block lists stay on your phone unless you report a number to us separately.
- Notifications: POPIA replies, breach monitoring, and product alerts — you can disable these in Android settings at any time.
You can revoke call log, SMS, phone, or notification permissions in Android Settings without deleting yourFokOffMense account.
3. Google Takeout spam uploads
You choose when to upload a Google Takeout export (spam/promotions folders only). We extract sender addresses and match them to our company directory where possible. Uploads are processed on our servers and the file is not retained. Parsed sender lists may remain on your account so you can send POPIA requests or manage Gmail filters.
4. Gmail connection (filters and labels only)
If you opt in to "handle these in Gmail", you authorise FokOffMense to use the Google Gmail API with these permissions only:
- Manage email settings and filters — create and update Gmail filters for sender addresses you chose from your upload.
- Manage labels — create and apply a user-visible label named FokOffMense.
We use this access solely to:
- Route matching incoming mail to the FokOffMense label and skip the inbox.
- Trash mail that carries the FokOffMense label (via a second filter you can see in Gmail settings).
- Update those filters when you upload new Takeout data.
We do not use Gmail access to read message bodies, download your mailbox, send email on your behalf, or scan your inbox for marketing intelligence. You can disconnect Gmail at any time from your dashboard; we remove the filters we created and delete stored OAuth tokens. Filters and labels may remain in Gmail until you delete them manually.
5. Google API Services — Limited Use
FokOffMense's use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. We only use Google user data to provide the Gmail filter and label features you explicitly request. We do not use it for advertising, sell it, or transfer it except as needed to provide the service, comply with law, or as part of a merger with notice to users.
6. Lawful processing (POPIA)
We process personal information in accordance with POPIA. Our lawful bases include your consent (including Gmail connection and Takeout upload), legitimate interest in providing privacy and anti-spam tools, and contractual necessity to deliver the service you signed up for.
7. Data security
Sensitive fields (including Gmail OAuth tokens) are encrypted at rest using AES-256-GCM. Passwords are managed by Supabase Auth with industry-standard hashing. Administrative actions are audit logged. Access to production systems is restricted to authorised operators.
8. Data retention
We retain account and activity data while your account is active and as needed for legal, billing, and audit purposes. Takeout upload files are not retained after processing. Gmail OAuth tokens are deleted when you disconnect Gmail. You may request deletion of your account and associated data by contacting us.
9. Your rights
You may request access, correction, deletion, or objection to processing, and withdraw consent where processing is consent-based (including Gmail connection), by contacting our Information Officer. You may also revoke FokOffMense's access to Gmail at Google Account permissions.
10. Data sharing
We share data with service providers who help us operate the service, under appropriate agreements:
- Supabase (hosting, database, authentication)
- Paystack (payments)
- Email and SMS providers (POPIA and transactional mail)
- Have I Been Pwned (breach lookups you enable)
- OpenAI (optional classification, breach guidance, and company-name suggestions where configured)
- Expo / push notification infrastructure (mobile alerts, when enabled)
- Google (Gmail API — only when you connect Gmail for filter/label management)
We do not sell personal information.
11. Cookies
We use essential cookies for authentication and session management. We record consent choices where required.
12. Refunds
Paid subscriptions are billed via Paystack. Cancel anytime in Settings; access continues until the end of your billing period. Refund requests: contact support@fokoffmense.co.za within 7 days of a charge if the service did not work as described.
13. Contact
Information Officer: popia@fokoffmense.co.za · Support: support@fokoffmense.co.za