Privacy policy
Plain-English summary
This is a short overview. The detail follows below:
- We collect personal information (such as your name, contact details, delivery address, order history, and payment confirmation data) so that we can sell our products to you, deliver it, support you afterwards, and meet our legal obligations.
- We do not store your card details. Card payments are handled by Yoco and Paystack, who are PCI DSS-compliant payment processors.
- Because our customers are often trying to conceive, pregnant, or breastfeeding, we sometimes receive health-related information through our customer support channels. We handle that information with extra care and only use it to respond to you.
- We share your information only with the providers we need to fulfil your order, such as our payment processors and couriers, and only where legally required.
- We will never sell your personal information.
- We use cookies on our website to help it work properly, understand performance, and (with your consent) personalise advertising and improve future visits.
- You have rights over your personal information, including access, correction, deletion, objection, and the right to complain to the Information Regulator.
- Our Information Officer is Dhanyal Davidson - dhanyal@thismoment.co.za
Definitions
"Applicable Law" means the Protection of Personal Information Act, 2013 ("POPIA") and any other applicable laws of the Republic of South Africa, together with any other data-protection law that applies to us in a particular case.
"Data Subject" means any person whose personal information is processed by Moment Supplements.
"Information Officer" means the individual appointed in terms of POPIA. Our Information Officer is Dhanyal Davidson, contactable at dhanyal@thismoment.co.za.
Regulator" means the Information Regulator (South Africa) and, where relevant, any other supervisory authority with jurisdiction.
Purpose
Moment Supplements processes personal information in compliance with POPIA. We collect, hold, and process information relating to customers, suppliers, staff, stakeholders, and visitors. This policy sets out our commitment to lawful, fair, and secure processing.
Data protection principles
We commit to processing personal information in line with POPIA's eight conditions for lawful processing:
- Process lawfully, fairly, and transparently.
- Collect only for specified, explicit, and legitimate purposes.
- Limit processing to what is necessary (data minimisation).
- Keep personal information accurate and up to date.
- Retain personal information only for as long as necessary for the purposes for which it was collected, or as required by law.
- Maintain appropriate security safeguards.
- Be open and accountable about how we process personal information.
- Respect the rights of data subjects.
Lawful basis for processing
We process personal information on at least one of the following lawful grounds:
- Consent (for example, when you sign up to our newsletter or WhatsApp updates).
- Contractual necessity (for example, processing and delivering your order, and managing your account or subscription).
- Legal obligation (for example, tax records, invoicing, and consumer-protection requirements).
- Legitimate interests (for example, fraud prevention, customer service, and improving our products and service).
Where we rely on consent, we keep evidence of opt-in. You may withdraw your consent at any time by contacting us at hello@thismoment.co.za or by using the unsubscribe link in any marketing message.
Marketing communications
We send marketing communications (such as newsletters, product updates, and promotions) only to people who have opted in. We use sign-up forms on our website for our newsletter and our WhatsApp channel. At the point of sign-up we describe the messages you will receive and the channel you are signing up to, and we record your opt-in. You can unsubscribe from email marketing at any time using the unsubscribe link in any message, and from WhatsApp updates by replying "STOP" or by contacting us at hello@thismoment.co.za. These mechanisms are intended to comply with section 69 of POPIA.
How we use your data
- Order fulfilment: to process, confirm, deliver, and manage your purchases.
- Customer support: to respond to enquiries, complaints, refund or return requests, including through our website, WhatsApp, email, phone, live chat, and chatbots.
- Account management: to maintain your online account, subscriptions, and preferences.
- Legal compliance: to meet obligations under tax, company, and consumer-protection laws.
- Marketing communications: to send newsletters, promotions, and updates, where you have opted in.
- Service improvement: to analyse usage, measure performance, and improve our offerings.
- Fraud prevention and security: to detect and prevent unauthorised or unlawful activity.
Where you interact with us via WhatsApp, live chat, our chatbot, or other messaging channels, we may collect and store the information you share with us for order management, customer service, and product support. This information is not sold or shared with third parties except as needed to process your requests or to comply with law.
We do not use personal information for automated decision-making that produces legal or similarly significant effects without your consent.
Special personal information - health-related information
Because our products are made for women who are trying to conceive, pregnant, or breastfeeding, customers sometimes share health-related information with us through our support channels - for example, when asking whether a product is suitable in their circumstances, mentioning a medical condition, or sending a product review describing a pregnancy or fertility journey.
Health information is "special personal information" under section 26 of POPIA and we treat it with extra care:
- We collect and process this information only on the basis of your consent (which is given when you share the information with us for the purpose of receiving a response).
- We use it only to respond to your query, provide customer support, and handle your order - never for marketing, profiling, or product targeting.
- We do not share it with third parties except where strictly necessary to assist you (for example, where you authorise us to escalate a concern to a healthcare-qualified contact, or where we are required by law).
- We keep it only for as long as needed to address the matter you raised, in line with the retention periods set out below.
If you would prefer not to share health-related information with us, please do not include it in your messages. Our customer support team is not medically trained, and any general information we share through our support channels is not medical advice - please see the disclaimer in our Terms.
Information about children
Our products and website are intended for adults only.
Payments and card security
We accept Visa, Mastercard, debit cards, instant EFT, and supported digital wallets. Payments are processed by Yoco Technologies (Pty) Ltd and/or Paystack.
Moment Supplements does not store customer card details. Sensitive payment data is processed only by Yoco or Paystack, under PCI DSS (Payment Card Industry Data Security Standard) compliance.
We keep personal details (such as name, email, and address) separate from cardholder data at all times.
Paystack is PCI DSS Level 1 certified, ISO 27001 and ISO 27701 certified, and GDPR compliant. Paystack's Privacy Policy is linked on their website.
Yoco provides secure payment APIs and integrations with end-to-end encryption and complies with relevant card scheme and industry security requirements. Yoco's Privacy Policy is linked on their website.
Our website is hosted on Shopify, which enforces PCI DSS compliance, secure HTTPS connections, regular security updates, and optional two-factor authentication for admin access.You agree to provide current, complete, and accurate payment and account information, and to update it promptly when it changes.
Data sharing
We share personal information with the following categories of recipients:
- Payment processors (Yoco, Paystack) to take payment for your order.
- Couriers and logistics providers to deliver your order.
- Our hosting and software providers (such as Shopify) for the operation of the website and our store backend.
- Marketing, analytics, and customer engagement platforms - currently including Google Analytics, Meta (Facebook) Pixel, TikTok Pixel, Judge.me, Klaviyo, and other tools we may use from time to time - to understand site usage, send marketing communications you have consented to, and improve our service.
- Professional advisers (for example, accountants and lawyers) where reasonably necessary.
- Government authorities or regulators where we are legally required to do so.
We require these recipients to apply protections that are no less stringent than those set out in this policy. We will never sell your personal information.
Cross-border transfers
Some of the providers we use to operate our business store or process information outside South Africa. In particular:
- Shopify (e-commerce platform) hosts data on servers located outside South Africa, including in the United States and the European Union.
- Paystack hosts on Amazon Web Services infrastructure outside South Africa.
- Google (Google Analytics and related services), Meta (Facebook Pixel and related services), TikTok (TikTok Pixel), Judge.me and Klaviyo are based outside South Africa and process data internationally.
Where personal information is transferred outside South Africa, we rely on the bases set out in section 72 of POPIA, in particular:
- That the recipient is subject to a law, binding corporate rules, or binding agreement that provides an adequate level of protection comparable to POPIA; and/or
- That the transfer is necessary for the performance of a contract between you and us (for example, processing your payment), or for the implementation of pre-contractual measures taken in response to your request; and/or
- That you have consented to the transfer.
We will not disclose personal information to foreign authorities for any purpose other than where compelled by law or as part of legitimate compliance obligations such as cross-border tax or customs requirements.
Retention of personal information
We retain personal information only for as long as necessary for the purposes for which it was collected, or for longer where we are required to by law. Our general retention periods are:
- Order, transaction, and invoicing records: 5 years from the date of the transaction, in line with tax and consumer-protection record-keeping requirements.
- Account information: retained while your account is active. We will delete your account data on request, subject to any records we are required to retain under law (such as transaction records, which will be kept for the period set out above).
- Marketing consents and contact details: retained until you withdraw your consent or unsubscribe, after which we keep a minimal record of the unsubscribe itself so that we do not contact you again.
- Customer support correspondence (including WhatsApp, email, live chat, and chatbot interactions): 2 years from the date of the last interaction.
- Security incident and breach records: 5 years, to support investigations and regulatory reporting.
Where information is no longer required, we delete or de-identify it in line with POPIA.
Data security
We apply reasonable technical and organisational measures to protect your personal information against loss, unauthorised access, and unlawful processing. No system is completely secure, and we cannot guarantee absolute protection.
Security breaches
If we become aware of a security compromise that involves personal information in our control, we will, in line with section 22 of POPIA, notify the Information Regulator and the affected data subjects as soon as reasonably possible after the compromise has been discovered, taking into account the legitimate needs of law enforcement and any measures reasonably required to determine the scope of the compromise and to restore the integrity of our systems.
Your rights
Subject to the conditions in POPIA, you have the right to:
- Be notified that your personal information is being collected, or that it has been accessed or acquired by an unauthorised person.
- Request access to the personal information we hold about you, and to be informed about who has had access to it.
- Request that we correct or delete personal information that is inaccurate, irrelevant, excessive, out of date, incomplete, misleading, or obtained unlawfully.
- Object, on reasonable grounds, to the processing of your personal information.
- Object to the processing of your personal information for direct marketing purposes, including by unsubscribing at any time.
- Not be subject to a decision based solely on automated processing that has legal or similarly significant effects.
- Submit a complaint to the Information Regulator.
To exercise any of these rights, please contact our Information Officer, Dhanyal Davidson, at dhanyal@thismoment.co.za. We will respond as soon as reasonably possible, and in any event within 30 days of receiving your request.
Information Regulator contact details
If you are unhappy with how we have handled your personal information, you may contact the Information Regulator (South Africa):
- Website: inforegulator.org.za
- Email (complaints): complaints.IR@inforegulator.org.za
- Email (general): enquiries@inforegulator.org.za
Cookies and similar technologies
This section explains how we use cookies and similar tracking technologies on our website. It forms part of this Privacy Policy.
What cookies are
Cookies are small text files stored on your device when you visit a website. They help the site work properly, keep it secure, improve your experience, and let us understand how the site is being used. Similar technologies such as pixels, tags, and local storage perform comparable functions and are covered by this section.
How we use cookies
Our website uses both first-party and third-party cookies. First-party cookies are mainly necessary for the website to function. Third-party cookies help us understand performance, keep services secure, deliver relevant advertising, and improve future visits. Some of the third-party services we use that may set cookies or similar identifiers include Google Analytics, Meta (Facebook) Pixel, TikTok Pixel, Judge.me and Klaviyo, as set out in the Data sharing and Cross-border transfers sections above.
Categories of cookies we use
- Essential/required cookies: required for the site to work, including maintaining sessions, log-in, your basket, and secure checkout. These do not collect personal information for marketing purposes and cannot be switched off.
- Analytics cookies: help us understand how the website is performing, such as visitor numbers and which pages are visited.
- Marketing cookies: used to personalise advertising shown to you and to measure the effectiveness of campaigns. These cookies may also be used by third-party ad providers on other websites.
- Functional cookies: support non-essential functionality such as embedded video and social-media sharing.
- Personalisation cookies: remember settings such as language preferences for a smoother future visit.
Your cookie choices
When you first visit our website, a cookie banner will appear. Non-essential cookies (analytics, marketing, functional, and personalisation cookies) are off by default and will only be set if you accept them through the banner. You can change your preferences at any time through the banner, and you can also disable or delete cookies through your browser settings, although doing so may affect site functionality.
Last updated: 7 May 2026