Skip to main content
Paid It

Privacy Policy

Effective Date: February 2026

1. Introduction

Paid It is committed to protecting your personal information in accordance with the Protection of Personal Information Act, 2013 (POPIA). This Privacy Policy explains how we collect, use, store, and share your personal information when you use our invoicing platform. By using Paid It, you consent to the practices described in this policy.

2. Responsible Party

The responsible party for the processing of your personal information is:

  • Name: Paid It (Sole Proprietorship)
  • Address: [Business Address]
  • Email: support@paidit.co.za

3. Personal Information We Collect

We collect the following categories of personal information when you use our platform:

Business Details

  • Business or trading name
  • VAT registration number
  • Company registration number
  • Business address

Contact Information

  • Full name
  • Email address
  • Phone number
  • WhatsApp number

Financial Information

  • Bank account details (for invoice display purposes)
  • Invoice data and line items
  • Payment records and transaction history

Usage Data

  • Login times and session information
  • Feature usage and interaction patterns

Device Data

  • Browser type and version
  • Device type and operating system
  • IP address

4. Purpose of Processing

We process your personal information for the following purposes:

  • Providing invoicing, quoting, and business management services
  • Processing payments through our payment partners
  • Sending invoices and quotes via email and WhatsApp on your behalf
  • Generating PDF documents for invoices and quotes
  • Providing AI-powered features such as invoice assistance and smart suggestions
  • Ensuring compliance with SARS requirements for tax invoices
  • Improving our services, diagnosing technical issues, and enhancing user experience
  • Communicating service updates, billing notifications, and important changes

5. Legal Basis for Processing

We process your personal information on the following legal grounds under POPIA:

  • Consent: You provide consent when you create an account and agree to this Privacy Policy.
  • Contract Performance: Processing is necessary to fulfil our obligations under the service agreement when you subscribe to Paid It.
  • Legal Obligation: We are required to retain certain financial records in compliance with the Tax Administration Act (Section 29) and the Companies Act.
  • Legitimate Interest: We may process data where it is in our legitimate business interest, such as improving services and preventing fraud, provided this does not override your rights.

6. Data Recipients and Third-Party Services

We share your personal information with the following third-party service providers who assist us in operating the platform:

  • Supabase — Database hosting and authentication (AWS infrastructure, hosted in various regions)
  • Vercel — Application hosting and deployment (United States)
  • OpenAI — AI-powered features including invoice assistance and smart suggestions (United States)
  • PayFast — Payment processing for subscriptions (South Africa)
  • Resend — Email delivery for invoices, quotes, and notifications (United States)
  • Meta / WhatsApp — WhatsApp message delivery for invoices and quotes (United States)

Each service provider processes data only as necessary to perform their specific function and is bound by their own privacy and security obligations.

7. Cross-Border Transfers

Your personal information may be transferred to and processed in countries outside of South Africa, including the United States and the European Union, by our service providers listed above. These transfers are protected by contractual obligations that ensure a level of protection equivalent to POPIA standards, in accordance with Section 72 of POPIA. We take reasonable steps to ensure that your personal information is treated securely and in accordance with this Privacy Policy when transferred internationally.

8. Data Retention

We retain your personal information for as long as necessary to fulfil the purposes described in this policy, subject to the following retention periods:

  • Invoice and financial records: Retained for a minimum of 5 years in compliance with the Tax Administration Act (Section 29) requirements for SARS.
  • Company records: Retained for 7 years in compliance with the Companies Act.
  • Account data: Deleted within 30 days of an account deletion request, except for records we are legally required to retain under South African tax and company legislation.

9. Your Rights Under POPIA

As a data subject under POPIA, you have the following rights:

  • Right of Access: You may request confirmation of whether we hold your personal information and request a copy of it.
  • Right to Correction: You may request that inaccurate or incomplete personal information be corrected or updated.
  • Right to Deletion: You may request the deletion of your personal information where it is no longer necessary for the purpose it was collected, subject to legal retention requirements.
  • Right to Object: You may object to the processing of your personal information on reasonable grounds.
  • Right to Complain: You have the right to lodge a complaint with the Information Regulator if you believe your personal information has been mishandled.

To exercise any of these rights, please contact us at support@paidit.co.za. We will respond to your request within a reasonable time and no later than 30 days.

10. Data Security

We take appropriate technical and organisational measures to protect your personal information against unauthorised access, loss, destruction, or damage. These measures include:

  • Encryption at rest using AES-256 encryption standards
  • Encryption in transit using TLS (Transport Layer Security)
  • Row-level security (RLS) for multi-tenant data isolation, ensuring your data is only accessible to your organisation
  • Strict access controls and authentication mechanisms
  • Regular security reviews of our infrastructure and service providers

11. Cookies

Paid It uses only essential cookies that are strictly necessary for the operation of our platform, specifically for authentication and session management. We do not use tracking cookies, advertising cookies, or any non-essential cookies. No cookie consent banner is required as we only use essential cookies necessary for service delivery.

12. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or for legal, regulatory, or operational reasons. For material changes, we will notify you via email at the address associated with your account. The updated policy will be posted on this page with a revised effective date. We encourage you to review this policy periodically.

13. Contact

If you have any questions about this Privacy Policy or wish to exercise your rights, please contact our Information Officer:

  • Email: support@paidit.co.za
  • Address: [Business Address]

You may also contact the Information Regulator of South Africa:

  • Address: JD House, 27 Stiemens Street, Braamfontein, Johannesburg, 2001
  • Email: enquiries@inforegulator.org.za
  • Website: https://inforegulator.org.za