Privacy Policy

This draft privacy policy is a practical starting point and should be reviewed by an attorney for POPIA and customer-specific requirements.

1. Information processed

The system may process user account details, customer details, supplier details, invoices, payments, stock records, uploaded documents and audit logs.

2. Purpose

Information is processed to operate the business system, provide support, maintain security, perform reporting and keep transaction records.

3. Access control

Access is controlled by user accounts, roles and permissions. Users should only access information needed for their assigned work.

4. Security

Reasonable technical and organisational controls should be used to protect information, including strong passwords, HTTPS, backups, access permissions and audit logging.

5. Retention

Business records should be retained according to company policy, legal requirements and accounting requirements.