Privacy Policy

Last updated: 29 May 2026

RapidFlow (Pty) Ltd is committed to protecting your personal information in accordance with the Protection of Personal Information Act, 2013 (POPIA). This policy explains what we collect, how we use it, and your rights.

1. Information We Collect

• Account information: name, business name, and email address on registration.
• Business data: invoices, quotes, client records, expense entries, and job photos you create.
• Payment information: subscription payments are processed by Paystack; we store only a payment reference and subscription status — never full card details.
• Technical data: IP address, browser type, device information, and usage logs for security and diagnostics.
• Communications: emails and support correspondence you send us.

2. How We Use Your Information

• To create and manage your account and deliver the Service.
• To process subscription payments and send billing receipts.
• To send transactional emails (invoice notifications, payment confirmations, password resets).
• To detect and prevent fraud or security incidents.
• To improve the platform using aggregate usage analytics.
• To comply with legal and regulatory obligations.

We do not use your data for targeted advertising and we do not sell it to third parties.

3. Sharing Your Information

We share data only with service providers necessary to operate the platform:

• Paystack — payment processing.
• Cloud hosting provider — secure server infrastructure.
• Email delivery service — transactional email delivery.

All processors are contractually required to handle your data securely and only for the purpose we specify.

4. Data Storage, Security, and Breach Liability

Your data is stored on secured servers protected by TLS encryption in transit and encryption at rest. Access to production data is restricted to authorised personnel only. If you become aware of a security vulnerability, please contact us at hello@rapidflow.co.za immediately.

While we implement reasonable technical and organisational measures to protect your personal information, no system is completely secure. RapidFlow (Pty) Ltd does not guarantee that unauthorised third parties will never be able to defeat those measures. In the event of a security incident or data breach, our liability is strictly limited as set out in the Terms of Service. To the maximum extent permitted by POPIA and applicable law, we shall not be liable for any loss, damage, or harm suffered by you or any third party as a result of a data breach, cyberattack, or unauthorised access to your data, whether arising from our systems or those of our sub-processors.

In the event of a reportable breach as defined under POPIA, we will notify affected users and the Information Regulator as required by law.

5. Data Retention

We retain your data while your account is active. If you close your account, we will delete or anonymise your personal data within 90 days unless we are required by law to retain it longer.

6. Cookies

We use a single session cookie to keep you logged in. It is HttpOnly, Secure, and expires after 8 hours of inactivity. We do not use tracking or advertising cookies.

7. Your POPIA Rights

As a data subject under POPIA you have the right to access, correct, or request deletion of your personal information, object to processing, and lodge a complaint with the Information Regulator of South Africa. Contact us at hello@rapidflow.co.za to exercise these rights. We will respond within 30 days.

8. Children

The Service is not directed at children under 18. If you believe a minor has registered, contact us and we will remove the account promptly.

9. Changes to This Policy

We may update this policy and will notify registered users of material changes by email or in-app notice.

10. Contact and Information Officer

Email: hello@rapidflow.co.za
Company: RapidFlow (Pty) Ltd, South Africa