Privacy Policy

Last updated: January 2026

POPIA & GDPR Compliant: This privacy policy complies with South Africa's Protection of Personal Information Act (POPIA) and the European Union's General Data Protection Regulation (GDPR).

1. Introduction

Rebill ("we," "our," or "us") is committed to protecting your privacy and personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our invoicing service.

We understand that as a business owner, you're entrusting us with sensitive information — your business details, your clients' contact information, and your financial data. We take this responsibility seriously. Our approach to privacy is simple: we collect only what we need to provide you with a great invoicing service, we protect it with strong security measures, and we never sell your data to anyone.

This policy is written to be clear and understandable, not full of legal jargon. If you have questions about anything in this policy, please contact us at privacy@rebill.co.za — we're happy to explain.

2. Information We Collect

We collect different types of information depending on how you use Rebill. Here's a complete breakdown of what we collect and why we need it.

Personal Information

This is information that identifies you or your business. We collect this when you sign up and use Rebill:

  • Account Information: Name, email address, phone number, business name — needed to create and manage your account
  • Business Information: VAT number, business address, banking details — needed for invoice generation and compliance
  • Client Information: Client names, addresses, contact details (as entered by you) — stored to help you manage your client relationships
  • Invoice Data: Line items, amounts, dates, payment status — the core data needed for invoicing
  • Payment Information: Payment processing is handled by Paystack, Yoco, and PayFast — we don't store your clients' card details
  • Usage Data: How you interact with our service — helps us improve the product and provide support

Automatically Collected Information

Like most web services, we automatically collect certain technical information when you use Rebill. This helps us keep the service running smoothly and secure:

  • Log data (IP addresses, browser type, pages visited) — for security monitoring and troubleshooting
  • Device information (device type, operating system) — to ensure Rebill works well on your device
  • Cookies and similar tracking technologies — to maintain your login session and remember preferences
  • Usage patterns and feature utilization — to understand which features are most useful and improve the product

We don't use this information to build advertising profiles or share it with third-party advertisers. It's purely for operating and improving Rebill.

3. How We Use Your Information

We believe in using data responsibly and only for purposes that benefit you. Here's exactly how we use the information we collect:

Service Provision

The primary use of your data is to provide you with Rebill's invoicing service. This includes:

  • Creating and managing your account so you can log in and use Rebill
  • Providing invoicing and billing services — generating, sending, and tracking invoices
  • Processing payments through Paystack, Yoco, and PayFast when your clients pay
  • Generating invoices, quotes, and financial reports
  • Sending WhatsApp messages when you choose to deliver invoices that way
  • Customer support and communication — responding to your questions and helping you use Rebill
  • Sending important service notifications (payment received, subscription renewal, etc.)

Legal and Compliance

  • Complying with South African tax and business laws
  • Maintaining records as required by SARS and other authorities
  • Preventing fraud and ensuring security
  • Responding to legal requests and court orders

Service Improvement

  • Analyzing usage patterns to improve our service
  • Developing new features and functionality
  • Conducting research and analytics
  • Sending service updates and important notifications

We process your personal information based on:

  • Consent: When you sign up for our service and agree to these terms
  • Contract Performance: To provide the invoicing services you've requested
  • Legal Obligation: To comply with South African tax and business laws
  • Legitimate Interest: To improve our service and prevent fraud

5. Information Sharing and Disclosure

We do not sell your personal information. We may share your information in these circumstances:

Service Providers

  • Paystack: For payment processing (subject to their privacy policy)
  • Cloud Hosting: For secure data storage and service delivery
  • Email Services: For transactional emails and notifications
  • Analytics Providers: For service improvement (anonymized data)

Legal Requirements

  • When required by South African law or regulation
  • In response to valid legal process (court orders, subpoenas)
  • To protect our rights, property, or safety
  • To prevent fraud or illegal activities

6. Data Security

Security isn't an afterthought at Rebill — it's built into everything we do. We use enterprise-grade security measures to protect your data, because we know that a breach of your business information could be devastating.

Here's how we protect your information:

  • Encryption in transit: All data sent between your browser and our servers is encrypted using TLS 1.3
  • Encryption at rest: Your data is encrypted when stored in our database
  • Field-level encryption: Sensitive personal information (names, emails, addresses) is encrypted with per-account keys
  • Regular security audits and vulnerability assessments to identify and fix potential issues
  • Strict access controls — only authorized personnel can access customer data, and only when necessary
  • Strong authentication mechanisms and secure password storage (we never store passwords in plain text)
  • Employee training on data protection and security best practices
  • Incident response procedures so we can act quickly if a security issue is detected
  • Regular backups to prevent data loss

We host Rebill on Google Cloud Platform, which provides additional layers of physical and network security, compliance certifications, and redundancy. For more details about our security practices, visit our Security page.

7. Data Retention

We keep your data only as long as we need it. Here's our approach to data retention:

  • Active accounts: We retain your data while your account remains active
  • After cancellation: Your data is available for export for 90 days, then deleted
  • Financial records: Retained for 5 years as required by South African law and SARS requirements
  • Legal obligations: Some data may be retained longer if required by law or legal proceedings
  • Backups: Deleted data may persist in encrypted backups for up to 30 days before permanent deletion

If you close your account, we'll delete your personal information according to this schedule. However, we may retain anonymized, aggregated data (like total invoice counts across all users) indefinitely for business analytics — this data cannot be traced back to you.

8. Your Rights (POPIA/GDPR)

You have significant rights over your personal information under South African law (POPIA) and, if applicable, European law (GDPR). We respect and support these rights — here's what you can do:

  • Access: Request a copy of all personal information we hold about you — we'll provide it in a readable format
  • Correction: Update or correct any inaccurate information — you can do this yourself in Settings, or ask us
  • Deletion: Request deletion of your personal information — we'll delete it unless we're legally required to keep it
  • Portability: Request your data in a portable format (CSV/JSON) so you can move it to another service
  • Restriction: Ask us to limit how we process your information in certain circumstances
  • Objection: Object to certain types of processing, such as direct marketing
  • Withdraw Consent: Where processing is based on your consent, you can withdraw it at any time

To exercise any of these rights, email us at privacy@rebill.co.za. We'll respond within 30 days (or sooner in most cases). We don't charge for reasonable requests.

9. Cookies and Tracking

We use cookies and similar technologies to:

  • Maintain your login session
  • Remember your preferences
  • Analyze service usage
  • Improve user experience

You can control cookies through your browser settings.

10. International Transfers

Your data is primarily processed within South Africa. If we transfer data internationally, we ensure appropriate safeguards are in place to protect your information.

11. Children's Privacy

Our service is not intended for children under 18. We do not knowingly collect personal information from children under 18. If you believe we have collected such information, please contact us immediately.

12. Changes to This Privacy Policy

We may update this Privacy Policy periodically. We will notify you of significant changes via email or through our service. The "Last updated" date indicates when changes were made.

13. Contact Information

For privacy-related questions or to exercise your rights, contact us:

  • Email: privacy@rebill.co.za
  • Data Protection Officer: dpo@rebill.co.za
  • Address: Cape Town, South Africa

14. Regulatory Information

Information Regulator (South Africa): If you believe we have not handled your personal information properly, you may lodge a complaint with the Information Regulator at inforeg.org.za.

Questions About Privacy?

We're committed to transparency about our privacy practices. If you have any questions or concerns, please contact our privacy team.