Privacy Policy

1. Information Officer

Our Information Officer is responsible for ensuring compliance with POPIA. You may contact them at: support@trailbill.com.

2. What Personal Information We Collect

We collect the following categories of personal information:

3. How We Collect Personal Information

• Directly from business account holders when registering or updating their profile
• From businesses when they add client records to their account
• Automatically when clients access payment links (access time, device type)
• Through use of the Platform (activity logs, payment events)

4. Why We Process Personal Information

We process personal information for the following lawful purposes:

• To provide, operate, and improve the TrailBill Platform
• To send automated payment reminders and follow-up emails to clients on behalf of businesses
• To generate automated reports for business account holders
• To calculate payment behaviour patterns and reliability scores
• To comply with legal obligations (e.g. SARS financial record retention)
• To respond to support queries and account management requests

5. Sharing of Personal Information

We do not sell, rent, or trade personal information. We share data only where necessary:

• Supabase — our database and authentication provider (data stored in EU-West region)
• Resend — our transactional email provider, used to send reminders and reports
• Vercel — our hosting platform
• Law enforcement or regulatory authorities where required by law

All third-party providers are bound by appropriate data processing agreements.

6. Data Retention

• Client personal information (name, email, phone) is automatically anonymised after 12 months of inactivity
• Financial records (payment amounts, dates, balances) are retained for 5 years as required by SARS
• Business account data is retained for the duration of the subscription and deleted upon written request after cancellation
• System logs are retained for up to 90 days

7. Security

We implement industry-standard security measures including encrypted data transmission (TLS), password hashing, role-based access control, and row-level security on our database. Access to production data is restricted to authorised personnel only. Despite these measures, no system is completely secure and we cannot guarantee absolute data security.

8. Your Rights Under POPIA

As a data subject, you have the right to:

• Access — request a copy of personal information we hold about you
• Correction — request correction of inaccurate or incomplete information
• Deletion — request erasure of your personal information (subject to legal retention obligations)
• Objection — object to the processing of your personal information
• Complaint — lodge a complaint with the Information Regulator of South Africa

To exercise any of these rights, contact us at support@trailbill.com. We will respond within 30 days.

9. Information Regulator

If you are unsatisfied with how we handle your personal information, you may contact the Information Regulator of South Africa at inforeg@justice.gov.za or visit inforegulator.org.za.

10. Cookies

We use cookies to operate the Platform. See our Cookie Statement for full details.

11. Changes to This Policy

We may update this Privacy Policy periodically. We will notify users by email of material changes. Continued use of the Platform after changes constitutes acceptance.

12. Contact Us

For privacy-related queries, contact our Information Officer at support@trailbill.com.