Privacy Policy

Who we are

Effective date: 13 October 2025
Who we are: MELIA Health (Pty) Ltd (“MELIA”, “we”, “us”, “our”)
Website: https://meliahealthos.com
Contact: [email protected] (for privacy requests and general queries)
Registered in: South Africa

What this policy covers

This explains what personal data we collect, why we collect it, how we use it, who we share it with, how long we keep it, your rights, and how to contact us.

What we collect

  • Waitlist / Contact forms (Fluent Forms): your email address (no names by default).
  • Technical data: IP address, browser/OS, pages viewed, timestamps (generated by our hosting and security providers for security and performance).
  • Embedded media: We embed YouTube videos using privacy-enhanced mode and a click-to-load pattern. When you press Play, YouTube (Google) may process your IP and set cookies or similar identifiers.
  • External links: If you visit our Buy Me a Coffee (BMC) page, BMC (and payment processors like Stripe) may collect payment and device data. That processing is governed by their policies.

Why we collect it (legal bases)

  • Consent: to join the waitlist.
  • Legitimate interests: to keep the site secure and functional (host logs, Cloudflare protection), to understand aggregated site performance (Cloudflare Web Analytics), and to show embedded media after you choose to interact.
  • Legal obligations: to respond to lawful requests or enforce our terms.

How we use your data

  • To manage the waitlist and notify you of our app beta or launch.
  • To protect, maintain and improve the website.
  • To show embedded video only when you click to load/play it.
  • To keep records required by law.

Who processes your data (service providers)

  • Hosting: Hostinger (infrastructure, server logs).
  • Security / performance / analytics: Cloudflare (WAF, CDN, DDoS protection, cookie-free Web Analytics).
  • Forms: Fluent Forms (data stored in our WordPress database on Hostinger).
  • Media embeds: YouTube/Google (only after you click Play).
  • Donations: Buy Me a Coffee (and Stripe/PayPal under BMC) if you choose to donate off-site.

We don’t sell your personal data.

International transfers

We operate from South Africa and use global providers. Where data leaves your country, we rely on appropriate safeguards offered by those providers (e.g., Standard Contractual Clauses).

Retention

  • Form submissions: kept until we action your request or you ask us to delete them, or for as long as needed to maintain the waitlist.
  • Server/security logs: typically 30–90 days.
  • Aggregated analytics: non-identifying.
    We keep data longer if required for legal, security or fraud-prevention reasons.

Cookies and similar tech

  • We do not set first-party tracking cookies.
  • Cloudflare Web Analytics is cookie-free.
  • YouTube may set cookies or use similar tech after you click Play.
  • You can block third-party cookies in your browser if you prefer.
  • Essential cookies only (no tracking)
    • LiteSpeed Cache: cookies beginning with _lscache or litespeed help the site decide which cached version to serve (e.g., mobile/desktop, logged-in state) so pages load correctly and fast. These do not contain personal data and usually expire quickly or at session end.
    • Cloudflare: security/performance cookies such as __cf_bm, cf_clearance, or __cflb may be set to mitigate bots and balance traffic. These are strictly necessary and not used for advertising.
    • YouTube embeds (click-to-load): we block YouTube until you press Play. After you interact, YouTube (on youtube-nocookie.com) may set cookies like YSC or VISITOR_INFO1_LIVE. See Google’s Privacy Policy for details.
      You can control cookies in your browser settings. Blocking essential cookies may affect site functionality.

Your rights

Depending on your location (POPIA/GDPR), you can: request access, correction, deletion; withdraw consent; object to or restrict certain processing; and lodge a complaint with your regulator.
Contact: [email protected]

Children

This site is for general audiences and not directed at children. Do not submit children’s personal data.

Security

We use HTTPS, reputable infrastructure (Hostinger, Cloudflare), and least-access principles. No method is 100% secure, but we work to protect your data.

Changes

We may update this policy. The “Effective date” shows when it last changed. Material changes will be highlighted on this page.

Contact: [email protected]