Legal

POPIA Disclosure

Protection of Personal Information Act (POPIA) — Act 4 of 2013

Last updated: July 2026

InvoiceMeNow is committed to protecting your personal information in compliance with the Protection of Personal Information Act (POPIA). This disclosure explains who is responsible for your data, what we collect, why, and how you can exercise your rights.

1. Information officer

The Information Officer responsible for overseeing compliance with POPIA at InvoiceMeNow is:

Maritz van Heerden

InvoiceMeNow

invoicemenow.co.za

hello@invoicemenow.co.za

2. What personal information we process and why

We process personal information only for the purposes listed below:

Account creation and authentication

Name and email address — to create and secure your account.

Business profile

Business name, address, VAT number, banking details — to populate your invoices accurately.

Invoice data

Client names, contact details, service descriptions, and amounts — to generate invoices on your behalf.

Communication

Email address — to send account confirmations, invoice delivery, and payment reminders.

Payment processing

Subscription billing information — processed by PayFast. InvoiceMeNow does not store card details.

3. Legal basis for processing

We process your personal information on the following grounds:

  • 1
    Contractual necessity — processing is required to fulfil the service you signed up for (generating and managing invoices).
  • 2
    Legitimate interest — processing is necessary to maintain account security, prevent fraud, and improve the platform in ways that do not override your fundamental rights.
  • 3
    Legal obligation — retaining invoice records for 5 years as required by SARS.

4. Your rights as a data subject

Under POPIA, you have the following rights with respect to your personal information:

Right to access

You can request a copy of all personal information we hold about you.

Right to correction

You can request that we correct any inaccurate or incomplete personal information.

Right to deletion

You can request that we delete your personal information, subject to legal retention requirements (e.g. invoice records required by SARS).

Right to object

You can object to the processing of your personal information where we rely on legitimate interest as the legal basis.

Right to withdraw consent

Where processing is based on consent, you can withdraw it at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, email hello@invoicemenow.co.za with your request. We will respond within 30 days.

5. How to lodge a complaint

If you believe we have not handled your personal information in accordance with POPIA, please contact us first so we can resolve the matter directly:

If we are unable to resolve your complaint, you have the right to escalate to the Information Regulator of South Africa:

Information Regulator (South Africa)

Website: inforeg.org.za

Email: complaints.IR@justice.gov.za

6. Cross-border data transfers

Some service providers we use (including Supabase, Vercel, Resend, and PayFast) process data outside South Africa. This constitutes cross-border transfers of personal information under POPIA Section 72.

We have satisfied ourselves that adequate measures are in place for each provider: the EU maintains comprehensive data protection laws (GDPR) that provide a level of protection substantially similar to POPIA, and each provider is contractually bound to protect your information. We never share your, or your clients', personal information with third parties for marketing purposes.

7. Security measures

We implement appropriate technical and organisational measures to protect your personal information, including:

  • Row-level security on all database tables — users can only access their own records.
  • HTTPS/TLS encryption for all data in transit.
  • Supabase authentication with secure session management.
  • No storage of payment card details — all payment processing handled by PayFast.