POPIA & Data

PAIA Manual

Version 1.3 · Effective 2026-05-28 · Last updated 2026-05-28

Your right to request records we hold, under the Promotion of Access to Information Act 2 of 2000 (PAIA). This manual tells you what records we keep, how to ask for them, and what to do if we refuse.

Working draft. This document is a first draft intended for internal review. It must be reviewed by an admitted South African attorney before it governs a live user relationship.
On this page11 sections

Introduction

This is the manual of Social Bounty (Pty) Ltd (trading as Social Bounty) published in compliance with section 51 of the Promotion of Access to Information Act 2 of 2000 (PAIA).

PAIA gives effect to the constitutional right of access to information. It lets any person request records held by a public body, and any person request records held by a private body where the record is required to exercise or protect a right. Social Bounty is a private body. This manual explains what records we hold and how to ask for them.

The structure of this manual follows the template issued by the Information Regulator of South Africa. If a heading seems oddly formal, that is why — the Regulator asks for a specific layout so that manuals across the country are comparable.

Read this together with our Privacy Policy (which covers POPIA and your personal-information rights) and our Information Officer page (which explains how to exercise your POPIA access and correction rights specifically).

Particulars of the private body

  • Registered name: Social Bounty (Pty) Ltd
  • Trading name: Social Bounty
  • Type of body: Private company incorporated under the Companies Act 71 of 2008
  • CIPC registration number: 2026/301053/07
  • Date of incorporation: 2026-04-14
  • Financial year-end: 28 February
  • VAT status: Not currently VAT-registered
  • Registered office / domicilium citandi et executandi: 2 Alyth Road, Forest Town, Johannesburg, Gauteng, 2193, South Africa
  • Website: https://socialbounty.cash
  • General contact: hello@socialbounty.cash

Information Officer

The Information Officer is the designated contact for all PAIA and POPIA matters.

  • Name: Nicholas Paul Carl Schreiber
  • Role: Director (Acting Information Officer)
  • Email: privacy@socialbounty.cash
  • Postal address: 2 Alyth Road, Forest Town, Johannesburg, Gauteng, 2193, South Africa

For the role's statutory responsibilities under POPIA sections 55 and 56 and PAIA section 17, and for the practical way to submit a POPIA data-subject rights request, see our Information Officer & Data Subject Rights page.

Records held by Social Bounty

The categories below summarise the records we hold. Some records are available on request; others are subject to one of the grounds for refusal in Chapter 4 of PAIA. The fact that a record appears in this list does not by itself entitle you to access — you still need to establish the requirement set by section 50 of PAIA.

User records

  • Account registration data: name, email, hashed password, email-verification state.
  • Profile data supplied by the user.
  • Session and authentication logs.
  • Role assignments (Participant / Business Admin / Super Admin).

Brand records

  • Brand registered name, trading name, CIPC registration number, VAT number.
  • Brand-member roles and access permissions.
  • Brand subscription tier and payment history (snapshot of plan state).
  • Product-level KYB documentation supplied during brand onboarding.

Bounty records

  • Bounty title, description, reward, channels, formats, and eligibility rules.
  • Bounty lifecycle state (draft, live, paused, closed, cancelled).
  • Funding records linking the bounty to a TradeSafe transaction reference.

Submission records

  • Submission text, URLs, uploaded media, and hunter-supplied metrics.
  • Verification and scraping results from Apify, per URL.
  • Brand review decisions (approved / rejected / needs more info) and reviewer notes.
  • Post-visibility check history and any auto-refund events.

Financial and ledger records

  • Append-only double-entry ledger capturing every bounty funding, payout, fee, and refund.
  • TradeSafe transaction identifiers, allocation identifiers, and webhook payloads that settled each ledger entry.
  • Fee calculations per transaction (hunter commission, brand admin fee, transaction fee, global platform fee).
  • Reconciliation reports and exception investigations.
  • Subscription and recurring-billing records.
  • Refund and chargeback records.

Audit logs

  • Administrative actions taken by staff on user accounts and bounties.
  • Financial state transitions and the actor, timestamp, and reason for each.
  • Access to sensitive records by authorised staff.

System logs

  • Web server request logs.
  • Application-level error logs and stack traces.
  • Background-job run records.
  • Webhook receipt and delivery logs.

Corporate and statutory records

  • Memorandum of Incorporation and Companies Act registers (directors, shareholders).
  • CIPC annual returns and beneficial-ownership declarations.
  • Tax records, VAT records where applicable, and correspondence with SARS.
  • Commercial contracts with operators, suppliers, and partners.
  • Insurance policies.

Records voluntarily made available

Under section 52 of PAIA, a private body may publish a list of the records it makes available without a formal request. Social Bounty voluntarily publishes the following on socialbounty.cash:

How to request a record

A PAIA request must be made on Form 2 of the PAIA Regulations (the official "Request for access to record of private body" form). You can download Form 2 from the Information Regulator's website at https://inforegulator.org.za, or request a copy by emailing us. Submit the completed form by email to privacy@socialbounty.cash or by post to the Information Officer at our registered address.

To help us respond quickly, include:

  • Your full name and identity number (or passport number if not a SA citizen).
  • An address, email, and phone number at which we can reach you and deliver the record.
  • A description of the record sought, in enough detail for us to identify it. "All records about me" is not specific enough — tell us the category, date range, and the context.
  • The right you are seeking to exercise or protect, and a brief explanation of how the record is required for that right (section 50 of PAIA).
  • The form in which you would like to receive the record (email, printed copy).
  • Whether you need any assistance to complete the form (we must help under section 18(2) of PAIA if English is not your first language or if you have a disability that makes written requests impracticable).

We will acknowledge the request within a reasonable period and respond with a decision within thirty (30) days as required by section 56 of PAIA. We may extend the period once by a further thirty days in the circumstances described in section 57.

Fees

PAIA prescribes two kinds of fees. The rates below are the Regulations as they stood at the effective date of this manual; if the Regulations are updated, the current gazetted amounts apply.

  • Request fee — a fixed fee payable when you submit the request, set by the Regulations. We will tell you the exact amount when we acknowledge your request. The request fee is not payable for a request made in terms of POPIA for a record of personal information about yourself.
  • Access fee — payable if the request is granted. It covers the reasonable cost of searching for, reproducing, and (if applicable) preparing the record. We will send you a written estimate before we start the work; if the access fee is likely to exceed the threshold set in the Regulations, we will require a deposit before proceeding.

The fee schedule in the Regulations also prescribes rates for photocopying, transcription, computer readable output, postage, and search-and-preparation time. We follow those rates and do not add any mark-up.

Grounds for refusal

Chapter 4 of PAIA sets out the grounds on which a private body must or may refuse access to a record. The grounds most often relevant in our context are:

  • Protection of personal information about a third party (section 63) — we must refuse if disclosure would unreasonably disclose a third party's personal information.
  • Protection of commercial information about a third party (section 64) — for example, a brand's trade secrets, pricing, or commercial strategy.
  • Protection of our own commercial information (section 68) — trade secrets, financial, commercial, scientific, or technical information the disclosure of which would likely harm our competitive position.
  • Protection of confidential information (section 65) — information we received in confidence under an obligation to keep it confidential.
  • Protection of research information (section 69).
  • Protection of the safety of individuals and property (section 66).
  • Protection of records privileged from production in legal proceedings (section 67).
  • Mandatory disclosure in the public interest (section 70) — even if a ground for refusal applies, access must still be granted if the public-interest override in section 70 is engaged.

Where part of a record falls under a ground for refusal and part does not, section 28 of PAIA requires us to sever the protected part and disclose the rest.

Internal appeal

PAIA does not provide an internal appeal against a private body's refusal. If you are dissatisfied with our decision you may either (a) ask us to reconsider by writing to the Information Officer with any additional reasons or information, or (b) approach the Information Regulator under section 77A of PAIA, or (c) apply to the Magistrate's Court or High Court under section 78.

We prefer (a) in the first instance — it is usually faster and costs you nothing. Write to privacy@socialbounty.cash explaining why you think the original decision was wrong.

Escalation to the Information Regulator

Under section 77A of PAIA, you may lodge a complaint with the Information Regulator if we refuse access or fail to respond within the statutory time period.

A complaint to the Regulator must be lodged on the prescribed form and within one hundred and eighty (180) days of becoming aware of the matter, subject to the Regulator's discretion to allow a late complaint under section 77B.

Availability of this manual

This manual is available:

The manual has also been lodged with the Information Regulator as required by section 51(3) of PAIA.

Current version: 1.3, effective 2026-05-28. We review this manual at least annually and update it when our records, structure, or practice changes.

← Back to LegalContact us