1. Introduction

Tora Technologies (Pty) Ltd ("Rebill", "we", "us") is committed to protecting your personal information in accordance with the Protection of Personal Information Act 4 of 2013 (POPIA). This Privacy Policy explains how we collect, use, store, and protect information when you use Rebill.

2. Information We Collect

We collect the following categories of information:

Account information: name, email address, business name, phone number
Business information: VAT registration number, company registration number, business address
Invoice and financial data: invoice content, client details, payment records
Client data: names, email addresses, and contact details of your clients that you enter into the system
Usage data: log data, IP address, browser type, pages visited
Payment information: processed by our payment providers; we do not store full card details

3. How We Use Your Information

To provide and operate the Rebill service
To process payments and send invoices on your behalf
To send service notifications and support communications
To improve the Service and develop new features
To comply with legal obligations including SARS record-keeping requirements
To detect and prevent fraud or abuse

4. POPIA Compliance

We process personal information lawfully and transparently. As the responsible party, we ensure that personal information is collected for specific, defined purposes; is not processed in ways incompatible with those purposes; is adequate, relevant, and not excessive; and is kept accurate and up to date. See our full POPIA Compliance Policy for more detail.

5. Data Sharing with Third Parties

We share your data with the following third parties only as necessary to provide the Service:

Payment gateways: Paystack, Yoco, and PayFast process payments and are subject to their own privacy policies and PCI-DSS compliance
Email delivery: we use a third-party SMTP provider to deliver invoice emails
WhatsApp: WhatsApp Business API is used to deliver invoice messages when you choose this delivery method
Cloud infrastructure: hosted on Google Cloud Platform within data centres with appropriate security certifications

We do not sell your personal information to third parties.

6. Data Retention

We retain your account and invoice data for 5 years from the date of creation, in line with SARS record-keeping requirements for tax invoices. After this period, data is securely deleted. You may request deletion of your account data; however, data required for legal compliance will be retained for the applicable statutory period.

7. Data Security

All data is encrypted in transit using TLS. Data at rest is encrypted using industry-standard encryption. Access to production systems is restricted and logged. We conduct regular security reviews.

8. Your Rights Under POPIA

You have the right to:

Access the personal information we hold about you
Request correction of inaccurate information
Request deletion of your information (subject to legal retention obligations)
Object to the processing of your information
Lodge a complaint with the Information Regulator of South Africa

To exercise these rights, contact us at [email protected].

9. Cookies

We use essential cookies for authentication and session management. We do not use advertising or tracking cookies. You can control cookies through your browser settings.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or in-app notification. Continued use of the Service after changes constitutes acceptance of the updated policy.

11. Contact

Privacy queries: [email protected]
Tora Technologies (Pty) Ltd, Cape Town, South Africa.