Legal
POPIA Disclosure
Protection of Personal Information Act (POPIA) — Act 4 of 2013
Last updated: July 2026
InvoiceMeNow is committed to protecting your personal information in compliance with the Protection of Personal Information Act (POPIA). This disclosure explains who is responsible for your data, what we collect, why, and how you can exercise your rights.
1. Information officer
The Information Officer responsible for overseeing compliance with POPIA at InvoiceMeNow is:
2. What personal information we process and why
We process personal information only for the purposes listed below:
Account creation and authentication
Name and email address — to create and secure your account.
Business profile
Business name, address, VAT number, banking details — to populate your invoices accurately.
Invoice data
Client names, contact details, service descriptions, and amounts — to generate invoices on your behalf.
Communication
Email address — to send account confirmations, invoice delivery, and payment reminders.
Payment processing
Subscription billing information — processed by PayFast. InvoiceMeNow does not store card details.
3. Legal basis for processing
We process your personal information on the following grounds:
- 1Contractual necessity — processing is required to fulfil the service you signed up for (generating and managing invoices).
- 2Legitimate interest — processing is necessary to maintain account security, prevent fraud, and improve the platform in ways that do not override your fundamental rights.
- 3Legal obligation — retaining invoice records for 5 years as required by SARS.
4. Your rights as a data subject
Under POPIA, you have the following rights with respect to your personal information:
Right to access
You can request a copy of all personal information we hold about you.
Right to correction
You can request that we correct any inaccurate or incomplete personal information.
Right to deletion
You can request that we delete your personal information, subject to legal retention requirements (e.g. invoice records required by SARS).
Right to object
You can object to the processing of your personal information where we rely on legitimate interest as the legal basis.
Right to withdraw consent
Where processing is based on consent, you can withdraw it at any time without affecting the lawfulness of prior processing.
To exercise any of these rights, email hello@invoicemenow.co.za with your request. We will respond within 30 days.
5. How to lodge a complaint
If you believe we have not handled your personal information in accordance with POPIA, please contact us first so we can resolve the matter directly:
Email us at hello@invoicemenow.co.za
If we are unable to resolve your complaint, you have the right to escalate to the Information Regulator of South Africa:
Information Regulator (South Africa)
Website: inforeg.org.za
Email: complaints.IR@justice.gov.za
6. Cross-border data transfers
Some service providers we use (including Supabase, Vercel, Resend, and PayFast) process data outside South Africa. This constitutes cross-border transfers of personal information under POPIA Section 72.
We have satisfied ourselves that adequate measures are in place for each provider: the EU maintains comprehensive data protection laws (GDPR) that provide a level of protection substantially similar to POPIA, and each provider is contractually bound to protect your information. We never share your, or your clients', personal information with third parties for marketing purposes.
7. Security measures
We implement appropriate technical and organisational measures to protect your personal information, including:
- •Row-level security on all database tables — users can only access their own records.
- •HTTPS/TLS encryption for all data in transit.
- •Supabase authentication with secure session management.
- •No storage of payment card details — all payment processing handled by PayFast.