LEGAL MAMORU
— On data & trust

Privacy policy.

Wolf Mark is a South African product. We treat your members' information with the same care a coach treats their gym — quietly, deliberately, and only as far as the work requires. This policy explains what we collect, why we collect it, and the rights you and your members have under the Protection of Personal Information Act, 2013 (POPIA).

Effective 2026-05-11 Last updated 2026-05-11 Jurisdiction South Africa

01Who we are

"Wolf Mark" (also referred to here as "we", "us" or "our") is the operator of the marketing site at wolf-mark.com and the Wolf Mark mobile application for gym owners, coaches and members. We are based in Cape Town, South Africa, and we act as the responsible party under POPIA for the personal information described below.

For privacy queries, deletion requests, or to raise a complaint, write to [email protected]. We aim to respond within seven business days.

02What we collect

We only collect information that we need to operate the service. Specifically:

From everyone

  • Account details — name, email address, mobile number, profile photo and the role you sign up as (owner, coach, student).
  • Device and session data — IP address, device type and operating system, app version, and basic usage events so we can debug and improve the product.
  • Communications — the contents of messages you send through the in-app inbox or to our support address.

From gym owners and coaches

  • Gym profile — gym name, location, disciplines, class schedule, lineage, and photographs you upload.
  • Verification documents — coaching certificates and proof of lineage submitted for the verified-gym directory.
  • Member roster — the people you add to your gym, their plan tier, rank, training history, and payment state.
  • Proof-of-payment slips — the EFT screenshots uploaded by members or by you on their behalf.

From members

  • Membership data — the gyms you belong to, the plans you are on, your rank, attendance, and payment history.
  • POP uploads — proof-of-payment images you submit to your gym's queue.

From the marketing site

  • Waitlist signups — when you submit the form on wolf-mark.com we record your email address, the discipline you selected, the source ("marketing-site"), and the time of submission.

We do not collect payment-card numbers. Once card payments are enabled, those are handled directly by our certified PCI-DSS payment processor and Wolf Mark never sees the full card number.

03Why we collect it

We process personal information for the following purposes only:

  1. To run the gym for you. Roster, plans, billing settings, POP review, public gym profile, and direct messaging are the core of the product.
  2. To verify gyms. Certificates and lineage proofs let us mark a gym as verified in the directory so prospects can trust who they are talking to.
  3. To send transactional emails. Welcome emails, account alerts, invite emails, and admin notifications.
  4. To keep the service safe. Detect abuse, prevent spam (including via the honeypot on our marketing form), and recover from incidents.
  5. To improve the product. Aggregated, de-identified usage analysis. We do not sell or rent personal information to anyone.

04Lawful basis under POPIA

We rely on the following grounds, depending on the data and the purpose:

  • Performance of a contract — to deliver the service you signed up for.
  • Consent — when you submit the waitlist form, upload a verification document, or opt in to marketing emails.
  • Legitimate interest — for product analytics, fraud prevention and securing the platform.
  • Legal obligation — where retention or disclosure is required by South African law.

05Who we share it with

We share personal information only with the operators we rely on to run the service. Each is bound by data-processing terms and is permitted to use your information only for the purpose we set:

  • Supabase — primary database and authentication. Hosted on infrastructure with EU/US data centres.
  • Cloudflare — hosting for the marketing site, our API Worker, file storage (R2) and email routing.
  • Our email provider — for delivering transactional and notification emails.
  • The verified-gym directory. Your gym's public profile (name, disciplines, location, photos, class schedule) is visible to anyone using the directory. Coach lineage and uploaded certificates are not public — they are visible only to our admin reviewers.

We do not sell personal information. We do not share it with advertisers. We will only disclose information to a competent authority when compelled by a valid South African court order or as otherwise required by law.

06Where it lives

Personal information is processed and stored on infrastructure operated by Supabase and Cloudflare. Some of this infrastructure is located outside South Africa. Where we transfer personal information across borders, we rely on the conditions permitted under section 72 of POPIA — typically because the recipient is subject to laws or binding rules providing an adequate level of protection.

07How long we keep it

  • Account data — for as long as your account is active, and for up to 30 days after you delete it, after which it is permanently erased except where retention is required by law (e.g. tax records).
  • Waitlist signups — until we have either onboarded you or until you ask us to remove your email, whichever comes first.
  • POP slips and verification documents — for the duration of the member's active enrolment plus 12 months, to support dispute resolution.
  • Server logs — for up to 90 days.

08How we protect it

  • All traffic to wolf-mark.com and api.wolf-mark.com is served over HTTPS.
  • Passwords are never stored in plain text. Authentication is handled by Supabase using salted hashes.
  • Database access is restricted by row-level security policies — a coach at one gym cannot read data from another gym.
  • Administrative access is limited to a small number of named staff, each with separate credentials.
  • We log security-relevant events and review them for anomalies.

09Your rights under POPIA

You have the right to:

  • Access the personal information we hold about you.
  • Correct any inaccurate or incomplete information.
  • Delete your account and have your personal information erased, subject to the retention rules above.
  • Object to processing on legitimate-interest grounds.
  • Withdraw consent at any time, where processing is based on consent.
  • Lodge a complaint with the Information Regulator of South Africa at inforegulator.org.za.

To exercise any of these rights, email [email protected] from the address tied to your account, or use the in-app delete-account flow.

10Cookies & tracking

The marketing site at wolf-mark.com does not set marketing cookies or run third-party advertising trackers. The mobile app uses local storage on your device to keep you signed in and to remember your preferences — this never leaves your phone.

11Children

Wolf Mark is sold to gyms, not directly to minors. Where a gym enrols a member under 18 years of age, the responsibility for obtaining parental consent and providing appropriate notice rests with the gym as the relationship owner. If you believe a minor's information has been added to Wolf Mark without proper authority, write to [email protected] and we will remove it.

12Changes to this policy

We may update this policy from time to time. The "Last updated" date at the top of the page reflects the most recent change. Material changes will be communicated by email to gym owners and by an in-app notice. Continued use of the service after a change takes effect constitutes acceptance of the revised policy.

Contact

Privacy queries · [email protected]
Postal · Cape Town, South Africa
Regulator · Information Regulator of South Africa