1. Who we are
This site is operated by Kabelo More trading as Kabelo More — AI Visibility Consulting, based in Pretoria, South Africa. For the purposes of POPIA (Protection of Personal Information Act, South Africa) and GDPR (General Data Protection Regulation, applicable to EU/UK visitors), Kabelo More is the responsible party / data controller for any personal information collected through this site.
Privacy queries: kabelo@kabelomore.com.
2. What we collect
When you submit a Free AI Visibility Scan
We ask for what we need to run the scan and email you the result: business name, your name, email address, (optionally) phone number, industry, location, website and social URLs, and a free-text description of the services you offer. We may also infer publicly-available information about your business from search results during the scan.
When you subscribe to the newsletter
Just your email address, plus the source page so we know which content prompted you to subscribe.
When you browse the site
Two analytics tools record how you use the site:
- Microsoft Clarity records anonymised session replays (mouse movement, scroll, clicks), heatmaps, and aggregate behavioural insights. Clarity automatically masks form inputs and sensitive text by default. We use Clarity to find usability bugs and understand what visitors actually do — not to identify individuals.
- Google Analytics 4 (GA4) records pseudonymous behavioural events (page views, clicks, referrer, approximate location at city level, device type).
Neither tool sees the data you type into the scan form while you're typing — that submission is captured separately when you click submit. Our admin dashboard and any URL that contains an admin authentication token are excluded from Clarity recording entirely by code-level guards.
Server logs
Standard web-server logs (IP address, user agent, timestamp, requested URL) are retained transiently by our hosting provider for operational and security purposes. We don't use these for marketing or profiling.
3. Why we collect it (purposes + lawful basis)
- Delivering your scan — contract / performance of a service you requested. Without this data we can't run the scan or email the result.
- Replying to your enquiries — legitimate interest (responding to people who contact us).
- Improving the site — legitimate interest (fixing bugs, understanding what works). Analytics and session replays are aggregated, not used for individual profiling or advertising decisions.
- Sending you the newsletter — only with your explicit consent (your email opt-in). You can unsubscribe at any time from a link inside every newsletter we send.
- Operating the business — security, fraud prevention, legal obligations.
We do not sell your data, rent it, barter it, or share it with brokers. Ever. We don't build advertising profiles of you.
4. Who else processes your data
We use the following operators / sub-processors. Each operates under its own published privacy terms; we don't share more than the listed purpose requires.
| Processor | What they do | Where data sits |
|---|---|---|
| Microsoft Clarity | Session replays, heatmaps, behavioural insights | Microsoft Azure (global) |
| Google Analytics 4 | Pseudonymous usage analytics | Google (global) |
| Resend | Transactional email delivery (confirmations, scan reports, replies) | USA / EU |
| Anthropic | Powers the AI scan engine (Claude + live web search). Processes your business profile during a scan; doesn't see anything outside the scan inputs. | USA |
| Google Places API | Looks up your Google Business Profile to read public rating, reviews, categories, hours | Google (global) |
| Vercel | Hosting, edge delivery, and KV storage of scan submissions + results | USA / EU |
| Upstash (via Vercel KV) | Backing store for scan data (Redis) | USA / EU |
Several of these processors are based in the United States. Where applicable, transfers rely on Standard Contractual Clauses (GDPR) and POPIA s72 conditions for cross-border transfers (binding agreements + adequate protection in the recipient's domestic law).
5. Cookies and similar technologies
We use a small number of cookies. Plain list:
kabelomore_admin— strictly necessary. Used only on/admin/*to keep the admin signed in. HttpOnly + Secure + SameSite=Strict. 30-day expiry. Visitors never receive this._ga/_ga_*— Google Analytics 4. Pseudonymous client ID for usage analytics._clck/_clsk/CLID— Microsoft Clarity. Anonymous session identifiers and replay tracking.
You can clear these at any time from your browser's cookie settings. We do not currently show a cookie consent banner — analytics and session replay are configured under legitimate interest with the masking and minimisation described in section 2. If you prefer not to be tracked by analytics, use your browser's “Do Not Track” / Global Privacy Control setting or a tracker-blocking extension; we will treat these as a valid objection signal.
6. How long we keep your data
- Scan submissions and results: 30 days in our storage, then automatically deleted.
- Email correspondence: retained as long as needed to handle your enquiry, then archived per normal business retention.
- Newsletter subscriptions: until you unsubscribe.
- Analytics data: per the default retention of GA4 and Clarity (typically 14 months and up to ~13 months respectively). We don't extend these.
- Invoiced engagements: kept as long as tax and accounting law require (typically 5 years in SA).
7. Your rights
Under POPIA and GDPR you have the right to:
- Access — ask what data we hold about you and get a copy.
- Correct — fix anything inaccurate.
- Delete — ask us to remove your data (subject to tax / legal retention).
- Object — to processing based on legitimate interest, including analytics.
- Withdraw consent — for anything that relied on your consent (newsletter, etc.).
- Portability — get your data in a machine-readable form.
- Lodge a complaint — with the South African Information Regulator (inforegulator.org.za) or your local EU/UK data protection authority.
To exercise any of these, email kabelo@kabelomore.com with the subject line “Privacy request”. We respond within 30 days (usually much sooner).
8. Security
The site runs over HTTPS. Scan submissions are stored with TTL-based deletion (30 days). The admin dashboard is gated by a long random token, HttpOnly + Secure + SameSite=Strict cookies, and constant-time verification. We don't store passwords from visitors because we don't have visitor accounts. No system is perfect, but we apply the principle of collecting only what we need and keeping it only as long as we need to.
9. Children
This is a B2B consulting service. We don't market to or knowingly collect information from anyone under 18. If you believe a child has submitted information, email us and we'll delete it.
10. Changes to this notice
When we change this notice in a material way, we update the “last updated” date at the top. For significant changes (e.g. adding a new processor, a new category of data, or a new purpose) we'll also flag it in the next newsletter and / or on the homepage.
11. Contact
Kabelo More — AI Visibility Consulting
Pretoria, South Africa
kabelo@kabelomore.com
See also: our Terms of Service.