Privacy Policy

1. Who We Are

AutoInvoice ("we", "us", "our") is a South African software service that provides motor vehicle invoicing tools for car dealers and private sellers. AutoInvoice is operated as an online service accessible at autoinvoice.co.za.

We are committed to protecting your personal information in accordance with the Protection of Personal Information Act, 4 of 2013 (POPIA) and all applicable South African data protection laws.

2. Information We Collect

Information you provide directly:

• Account information — full name, email address, password (stored encrypted)
• Business details — business name, contact details, VAT number, company registration number, banking details, business address
• Client information — names, contact details, VAT numbers, company registration numbers, SA ID numbers or passport numbers of your clients
• Invoice data — vehicle details, pricing, transaction records, notes
• Company logo — uploaded images used on invoices

Information collected automatically:

• Login activity and session data
• Device type and browser information
• Usage patterns within the application

Payment information:

Payment processing is handled entirely by PayFast (by Network). AutoInvoice does not store, process or have access to your credit card or banking payment details. All payment data is governed by PayFast's privacy policy.

3. How We Use Your Information

We use your personal information only for the following purposes:

• To provide and operate the AutoInvoice service
• To create and manage your account
• To generate invoices on your behalf
• To process subscription payments via PayFast
• To send transactional emails (account confirmation, password resets, subscription notices)
• To improve and maintain the service
• To comply with legal obligations

We do not sell, rent or share your personal information with third parties for marketing purposes.

4. Legal Basis for Processing

Under POPIA, we process your personal information on the following lawful grounds:

• Contract performance — processing necessary to provide the service you signed up for
• Legitimate interest — improving the service, preventing fraud, ensuring security
• Legal obligation — complying with South African law
• Consent — where you have explicitly agreed, such as marketing communications

5. Data Storage & Security

Your data is stored securely using Supabase, a cloud database service with enterprise-grade security including:

• Encryption at rest and in transit (TLS/SSL)
• Row-level security — your data is only accessible with your login credentials
• Regular automated backups
• Servers located in the European Union (compliant with international transfer requirements)

We implement reasonable technical and organisational measures to protect your personal information against unauthorised access, loss, or disclosure. However, no system is 100% secure and we cannot guarantee absolute security.

6. Third-Party Services

AutoInvoice uses the following third-party services to operate:

• Supabase — database and authentication (supabase.com)
• PayFast by Network — payment processing (payfast.co.za)
• Resend — transactional email delivery (resend.com)
• Netlify — website hosting (netlify.com)

Each third party operates under their own privacy policy and data protection practices. We only share the minimum information necessary for each service to function.

7. Your Rights Under POPIA

As a data subject under POPIA, you have the following rights:

• Right to access — request a copy of the personal information we hold about you
• Right to correction — request that inaccurate information be corrected
• Right to deletion — request that your personal information be deleted (subject to legal requirements)
• Right to object — object to the processing of your personal information
• Right to data portability — request your data in a structured, machine-readable format
• Right to withdraw consent — where processing is based on consent

To exercise any of these rights, contact us at [email protected]. We will respond within 30 days.

You also have the right to lodge a complaint with the Information Regulator of South Africa at www.justice.gov.za/inforeg/.

8. Data Retention

We retain your personal information for as long as your account is active or as needed to provide the service. If you close your account:

• Your account data is deleted within 30 days of account closure
• Invoice records may be retained for up to 5 years for legal and tax compliance purposes
• Anonymised, aggregated data may be retained indefinitely for service improvement

9. Cookies

AutoInvoice uses minimal cookies and local browser storage solely for:

• Keeping you logged in (session management)
• Remembering your app preferences (currency, PDF colours)

We do not use advertising cookies or tracking pixels. We do not use Google Analytics or any behavioural tracking tools.

10. Children's Privacy

AutoInvoice is a business tool intended for use by adults (18 years and older). We do not knowingly collect personal information from children under the age of 18. If you believe a minor has provided us with personal information, please contact us immediately.

11. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify registered users by email and update the "Last updated" date at the top of this page. Continued use of AutoInvoice after changes constitutes acceptance of the updated policy.