IKARUS_LABS
START_A_PROJECT
// Legal

Privacy Policy

Last updated 2026-06-12 · Ikarus Labs · The Ikarus Project (Pty) Ltd

We collect as little as possible, we don’t sell it, and we tell you exactly what we have.

0. Responsible Party & Information Officer (POPIA s.55)

Under the Protection of Personal Information Act 4 of 2013 (“POPIA”), the Responsible Party for personal information processed through this site is the company, and the Information Officer is its director (POPIA s.56 requires a natural person).

  • Responsible Party: The Ikarus Project (Pty) Ltd, trading as Ikarus Labs
  • CIPC registration number: 2026/350044/07
  • Information Officer: Nikkash Poonee, in his capacity as director
  • Registered office / postal address: 4 Pike Street, Lenasia Ext 7, Johannesburg, Gauteng, 1820, South Africa
  • Contact email: admin@theikarusproject.com

Address all data subject requests (access, correction, deletion under POPIA s.23–25) and Information Regulator correspondence to the contact email above. If we cannot resolve a complaint, you may lodge it with the Information Regulator (South Africa) at inforegulator.org.za.

1. What we collect

Browsing the public site (no account)

The Brand Discovery Engine, gallery favourites and perception dials store your draft choices in your own browser’s localStorage. While you browse anonymously, that draft never leaves your device — we cannot see it. Standard, short-lived hosting logs (IP address, request path) are processed by our host to serve and secure the site.

When you create a portal account

  • Email address — required for authentication and transactional email.
  • Full name — used to address your project.
  • Password hash — we never see your plaintext password.

When you save or submit a brief

  • The brief contents: your answers, style and palette selections, perception values, personas and mission copy.
  • Reference files you upload (images, PDFs), stored privately per project.
  • Project records, messages you exchange with the studio, and deliverable files.

When you pay

  • Card payments are processed by Stripe. We never receive or store your card number — we store the invoice, amount, currency, payment status and Stripe’s payment reference.

When you contact us

  • The contact form delivers your name, email and message to the studio’s Google Workspace mailbox. WhatsApp conversations are governed by WhatsApp’s own terms and privacy policy.

2. What we don’t collect

  • Card numbers (Stripe processes payments)
  • Government ID, KYC documents or biometric data
  • Audio — the site’s voice narration is pre-recorded; nothing you do is recorded or sent to a voice provider
  • Location beyond the coarse country inferred from your IP
  • Advertising identifiers or cross-site tracking data

3. How we use it

  • To scope, produce and deliver the design work you engage us for
  • To operate your client portal (projects, files, messages, billing)
  • To send transactional email (receipts, project updates, replies to your enquiries)
  • To meet our legal and tax record-keeping obligations

4. Who we share with

We share minimal data with these processors, each engaged for the purpose stated:

  • Supabase — database, authentication and private file storage (US region)
  • Vercel — web hosting (US)
  • Stripe — card payment processing (US)
  • Google Workspace — the studio mailbox and calendar that receive your enquiries and correspondence (US/global)
  • ElevenLabs — used by the studio to pre-render the site’s narration audio; no visitor data is sent to it

We do not sell your data and do not share it with advertisers or data brokers.

5. International transfers (POPIA s.72)

The processors above operate outside the Republic of South Africa, principally in the United States. Each is engaged under contractual safeguards requiring standards substantially similar to POPIA; where the destination has not been recognised as adequate, the transfer relies on those safeguards and on your consent, which you may withdraw by closing your account.

6. Your rights

  • Request a copy of what we hold about you
  • Correct inaccurate data
  • Delete your account and associated personal data (project records we must retain for legal or tax purposes are kept only as long as required)
  • Clear your local brief draft at any time by clearing your browser’s site data

7. Retention

Account data is retained while your account exists. Engagement records (briefs, invoices, correspondence) are retained for the duration of the engagement and thereafter as required for legal, accounting and tax purposes, then deleted.

8. Security

Data is encrypted in transit (TLS) and at rest. Row-Level Security restricts portal data to your own account; uploaded files live in private storage accessed via expiring signed URLs; administrative access is restricted to the studio.

9. Children

The studio’s services are directed at businesses and adults. We do not knowingly collect data from minors.

10. Changes

Material changes to this policy will be notified to portal account holders by email at least 14 days in advance.

11. Contact

Privacy questions or data requests: admin@theikarusproject.com. See also the Cookie Policy and Terms of Service.