Advertiser privacy
RYDCAST Advertiser Privacy Policy
Version: 2026-07-09
The RYDCAST service for South African businesses is provided by RYDCAST South Africa (Pty) Ltd. The RYDCAST platform technology is developed and licensed by CastTech Inc. RYDCAST™ and the RYDCAST logo are trademarks of CastTech Inc.
This policy explains what advertiser, director, campaign, payment, proof-of-play, security, and audit data RYDCAST stores and how it is used.
1. Who controls the data
RYDCAST South Africa (Pty) Ltd is the responsible party/controller for advertiser account, campaign, wallet, proof-of-play, safety, billing, and compliance records in South Africa. CastTech Inc. develops and licenses the RYDCAST platform technology.
RYDCAST operators and trusted service providers may process advertiser data only for RYDCAST platform purposes and under access controls, instructions, confidentiality duties, or other appropriate safeguards.
2. Data we collect
RYDCAST collects and stores advertiser account data, including:
- Company name, trading name, company registration number, country, VAT or tax number, business category, business address, branch locations, contact details, and onboarding status.
- Director or authorized representative name, phone number, ID or passport reference, role, authority declarations, and uploaded or referenced verification documents.
- Campaign names, objectives, scripts, voice choices, audio, image, video, QR offers, URLs, targeting settings, schedules, budgets, moderation decisions, policy decisions, and change history.
- Wallet top-ups, payment provider references, balances, reserves, spend, verified plays, invoices, ledger entries, disputes, and reconciliation records.
- Proof-of-play records, including timestamps, GPS/proximity evidence, hashed driver or device identifiers, vehicle and media-player delivery evidence, media asset fingerprints, QR sessions, and QR scans.
- Anonymous audience measurement summaries, such as broad estimated age bands, gender bands, and screen-view attention counts, only where approved RYDCAST media players provide reviewed local detector signals.
- Login/session records, IP address, user agent, device and browser information, rate-limit events, API logs, consent logs, operator actions, and security/audit events.
3. How data is stored
Advertiser records are stored in the RYDCAST platform database. Passwords are stored as PBKDF2-SHA256 hashes. Session tokens are stored as hashes.
Director details and verification documents are encrypted when the RYDCAST KYC encryption service is available and encryption is required in production. Uploaded media and generated assets are stored as campaign assets with access limited to platform delivery, moderation, billing, audit, and support workflows.
Proof-of-play and billing records are retained as platform evidence so campaigns can be billed only after verified plays or approved billable events.
4. How data is used
RYDCAST uses advertiser data to:
- Create, secure, and administer advertiser accounts.
- Verify director authority and company documents.
- Classify business categories and apply restricted-category policy controls.
- Create, moderate, approve, reject, deliver, pause, or report campaigns.
- Route approved media to drivers and media players.
- Generate QR codes and campaign proof logs.
- Calculate spend, reserves, payouts, refunds, disputes, and reconciliation.
- Provide support, audit trails, incident response, fraud prevention, platform reliability, and legal compliance.
5. Anonymous audience measurement
Approved RYDCAST media players may locally estimate broad audience signals, such as age band, gender band, and whether the screen was viewed, only when a reviewed local detector is enabled to choose eligible adverts and report aggregate campaign performance.
RYDCAST does not identify riders, store face images, store faceprints, store biometric templates, or provide individual viewer records to advertisers.
Age-restricted adverts must not target minors. If viewer age is unknown, under 18, or too low-confidence, RYDCAST may withhold restricted adverts and play only safe/general content.
6. Data is not sold
RYDCAST does not sell advertiser personal information, director information, verification documents, payment records, campaign proof logs, customer files, or raw campaign evidence.
RYDCAST does not give raw advertiser data to unrelated advertisers, data brokers, or list buyers.
7. Limited sharing
RYDCAST may share advertiser data only:
- With consent.
- With trusted processors such as hosting, payment, messaging, moderation, mapping, AI voice, analytics, and storage providers.
- With drivers, vehicles, or media players only as needed to run approved campaigns.
- With RYDCAST operators who need access for support, billing, safety, compliance, or administration.
- With regulators, tax authorities, law enforcement, courts, auditors, payment providers, or professional advisers where required or reasonably necessary.
- In connection with a business transfer, provided confidentiality and notice protections continue where required by law.
8. Aggregated reporting
RYDCAST may use aggregated or de-identified platform metrics for operations, route planning, pricing, safety, analytics, investor reporting, and partner reporting.
These reports must not identify an advertiser director or disclose sensitive verification documents.
Audience measurement reports are aggregate and anonymous. They must not include face images, faceprints, exact rider identity, persistent viewer IDs, or passenger-level records.
9. Retention
RYDCAST keeps advertiser account and campaign records while the account is active and afterwards for billing, tax, audit, dispute, proof-of-play, security, fraud-prevention, and legal obligations.
When information is no longer needed, RYDCAST deletes, de-identifies, or archives it according to platform retention and backup controls.
10. Rights and choices
Subject to law, advertisers and directors can request access, correction, export, deletion, restriction, objection, or withdrawal of consent where consent is the legal basis.
Some records may need to be retained where necessary for contract performance, billing, tax, disputes, fraud prevention, safety, or legal compliance.
11. Marketing communications
RYDCAST may send account, security, billing, campaign, and service messages.
Direct marketing by email, SMS, or similar electronic channels is sent only where allowed by law, consent, or an existing customer relationship, and must include an unsubscribe or stop method where required.
12. Children and sensitive data
Advertiser accounts are for authorized business representatives, not children.
RYDCAST does not intentionally collect children's data for advertiser accounts and applies stricter controls to sensitive campaign categories and sensitive placement contexts.
Advertisers must not target children. RYDCAST may force adult-only delivery or withhold restricted adverts where the audience is unknown or likely underage.
13. Cross-border processing
Some processors or infrastructure may operate outside the advertiser's country. Where data is transferred internationally, RYDCAST relies on contractual, technical, organisational, or legal safeguards appropriate to the destination and purpose.
14. Changes and complaints
RYDCAST may update this policy as the platform, law, or service providers change.
Advertisers can contact RYDCAST support to exercise privacy rights or lodge a complaint with the relevant regulator, including the South African Information Regulator or the UK ICO where applicable.
Copyright and trademarks
© 2026 RYDCAST South Africa (Pty) Ltd. All rights reserved. RYDCAST™ and the RYDCAST logo are trademarks of CastTech Inc. Platform technology is licensed from CastTech Inc.
Reference basis for counsel review
- Google Privacy Policy structure: data collected, purposes, sharing limits, security, export, and deletion.
- POPIA: lawful processing conditions, notification at collection, data-subject rights, special personal information, direct marketing, and Information Regulator complaints.
- UK GDPR/ICO guidance: privacy notices should explain purposes, lawful basis, recipients, retention, rights, complaint routes, and whether providing data is mandatory.