Privacy Policy

Last updated: December 2024

1. Introduction

Rebill ("we," "our," or "us") is committed to protecting your privacy and personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our invoicing service.

2. Information We Collect

Personal Information

We may collect the following personal information:

• Account Information: Name, email address, phone number, business name
• Business Information: VAT number, business address, banking details
• Client Information: Client names, addresses, contact details (as entered by you)
• Payment Information: Payment processing data (handled by Paystack)
• Usage Data: How you interact with our service, IP address, browser type

Automatically Collected Information

• Log data (IP addresses, browser type, pages visited)
• Device information (device type, operating system)
• Cookies and similar tracking technologies
• Usage patterns and feature utilization

3. How We Use Your Information

We use your personal information for the following purposes:

Service Provision

• Creating and managing your account
• Providing invoicing and billing services
• Processing payments through Paystack
• Generating invoices and financial reports
• Customer support and communication

Legal and Compliance

• Complying with South African tax and business laws
• Maintaining records as required by SARS and other authorities
• Preventing fraud and ensuring security
• Responding to legal requests and court orders

Service Improvement

• Analyzing usage patterns to improve our service
• Developing new features and functionality
• Conducting research and analytics
• Sending service updates and important notifications

4. Legal Basis for Processing (POPIA/GDPR)

We process your personal information based on:

• Consent: When you sign up for our service and agree to these terms
• Contract Performance: To provide the invoicing services you've requested
• Legal Obligation: To comply with South African tax and business laws
• Legitimate Interest: To improve our service and prevent fraud

5. Information Sharing and Disclosure

We do not sell your personal information. We may share your information in these circumstances:

Service Providers

• Paystack: For payment processing (subject to their privacy policy)
• Cloud Hosting: For secure data storage and service delivery
• Email Services: For transactional emails and notifications
• Analytics Providers: For service improvement (anonymized data)

Legal Requirements

• When required by South African law or regulation
• In response to valid legal process (court orders, subpoenas)
• To protect our rights, property, or safety
• To prevent fraud or illegal activities

6. Data Security

We implement appropriate security measures to protect your information:

• Encryption of data in transit and at rest
• Regular security audits and vulnerability assessments
• Access controls and authentication mechanisms
• Employee training on data protection
• Incident response procedures

7. Data Retention

We retain your personal information for as long as:

• Your account remains active
• Required to provide our services
• Mandated by South African law (typically 5 years for financial records)
• Necessary for legal, regulatory, or legitimate business purposes

8. Your Rights (POPIA/GDPR)

You have the following rights regarding your personal information:

• Access: Request a copy of your personal information
• Correction: Update or correct inaccurate information
• Deletion: Request deletion of your personal information (subject to legal requirements)
• Portability: Request your data in a portable format
• Restriction: Limit how we process your information
• Objection: Object to certain types of processing
• Withdraw Consent: Withdraw consent where processing is based on consent

To exercise these rights, contact us at privacy@rebill.co.za.

9. Cookies and Tracking

We use cookies and similar technologies to:

• Maintain your login session
• Remember your preferences
• Analyze service usage
• Improve user experience

You can control cookies through your browser settings.

10. International Transfers

Your data is primarily processed within South Africa. If we transfer data internationally, we ensure appropriate safeguards are in place to protect your information.

11. Children's Privacy

Our service is not intended for children under 18. We do not knowingly collect personal information from children under 18. If you believe we have collected such information, please contact us immediately.

12. Changes to This Privacy Policy

We may update this Privacy Policy periodically. We will notify you of significant changes via email or through our service. The "Last updated" date indicates when changes were made.

13. Contact Information

For privacy-related questions or to exercise your rights, contact us:

• Email: privacy@rebill.co.za
• Data Protection Officer: dpo@rebill.co.za
• Address: Cape Town, South Africa

14. Regulatory Information

Information Regulator (South Africa): If you believe we have not handled your personal information properly, you may lodge a complaint with the Information Regulator at inforeg.org.za.