Under POPIA §18, every Responsible Party must tell you what they’re doing with your personal information at the point of collection. This is that notice, in one place. The Privacy Policy is the detailed version.
The Responsible Party
Blow The Ref (Pty) Ltd, reg. no. 2025/XXXXXX/07, of 1 Bree Street, Cape Town, 8001.
Information Officer: [TO BE REGISTERED]. Contact: privacy@blowtheref.com. Registration with the Information Regulator of South Africa pending.
Purposes of processing
Account management. Pool entry and settlement. Wallet operations. Fraud prevention. Aggregated editorial. Service communications. Marketing only with consent.
- Creating and maintaining your BTR account.
- Operating predictions, pools, the whistle and mini-games.
- Processing wallet top-ups, pool entries, payouts and refunds.
- KYC, AML and FICA compliance.
- Fraud prevention and platform security.
- Aggregated editorial coverage of community consensus.
- Service notifications (essential).
- Marketing communications (only with your consent).
Categories of personal information collected
Identification, contact, financial, transactional, device and network. We do not collect special personal information unless required by FICA for KYC.
- Identifying information: name, ID number (KYC only), date of birth.
- Contact: email, optional phone number.
- Financial: tokenised card reference, bank account details (withdrawal), transaction history.
- Transactional: predictions, pool entries, whistle records, mini-game scores, lobby chat.
- Device & network: IP-derived geolocation, browser, OS, app version.
How to exercise your rights
Email the Information Officer or use Account → Privacy in the app. We respond inside 30 days.
You may at any time:
- Ask what information we hold (POPIA §23) — sign in and use Account → Privacy → Export, or email the Information Officer.
- Ask us to correct or delete information (§24).
- Object to processing on legitimate-interest grounds (§11(3)).
- Withdraw consent for marketing or non-essential cookies.
- Complain to the Information Regulator: complaints.IR@inforegulator.org.za, 010 023 5200.
Recipients of personal information
Operators only — hosting, payments, email, KYC, error logging. Regulators where legally required. No advertisers.
See the operator list in our Privacy Policy §4. We disclose to the Information Regulator, the National Gambling Board, the SARB and the FIC only when legally compelled.
Cross-border transfers
Primary storage in af-south-1 (Cape Town). Any cross-border transfers that occur for service delivery are governed by POPIA §72 (adequacy / SCC).
Personal information is stored primarily in South Africa. Cross-border transfers that occur for service delivery (e.g. payments via Stripe, KYC via Onfido) are subject to POPIA §72 safeguards (adequacy assessment or standard contractual clauses).
Mandatory vs voluntary information
Email and password are required to have an account. KYC documents are required by law to play paid pools above the threshold. Everything else is optional.
Email and password are mandatory to create and use a BTR account. ID and proof-of-address documents become mandatory if you wish to play paid pools above the KYC thresholds set by FICA. Marketing preferences, phone number, avatar, bio and team picks are voluntary.
Changelog
Talk to a human.
Email privacy@blowtheref.com. For data-subject requests under POPIA or GDPR, see POPIA §4 — your rights.