Privacy Policy

This Privacy Policy explains what personal information TradeJot ("we", "us") collects, why we collect it, how we protect it, and what rights you have. We comply with the South African Protection of Personal Information Act 4 of 2013 ("POPIA").

1. Who we are

TradeJot is a service provided by Dewald du Toit (sole trader), operating from the Free State, South Africa. For the purposes of POPIA, the Responsible Party in respect of our own data processing is Dewald du Toit.

Our Information Officer is Dewald du Toit, contactable at support@tradejot.co.za with the subject line "POPIA Enquiry". A manual prepared in terms of the Promotion of Access to Information Act 2 of 2000 ("PAIA Manual") is available on request.

Full contact and legal details, including our physical address for service of legal documents, appear in our Terms of Service.

2. Whose information this covers

• Tenants: the tradespeople who sign up for and use TradeJot to invoice their own clients.
• Staff: employees of a tenant added to a Premium account.
• End-clients: the customers a tenant invoices via TradeJot.

3. What we collect

From tenants (and their staff)

From end-clients (collected via the tenant)

What we do NOT collect

• South African ID numbers
• End-client banking details or card information
• Marketing profiling data
• Location history or GPS data
• Voice notes are not stored: they are transcribed and the audio file is immediately deleted.

4. How we use your information

• To deliver the Service: parse your messages, create invoices, send PDFs, track outstanding balances.
• To process subscription payments via our PCI-DSS Level 1 payments provider (one-off hosted checkout per period).
• To send account-recovery emails and critical service notifications.
• To meet legal obligations (e.g. SARS retention rules for tax records).
• To provide customer support and improve the Service.
• To detect and prevent abuse, fraud, or security incidents.

We do not sell, rent, or share your personal information for marketing purposes. We do not show advertising in TradeJot.

Automated decision-making

TradeJot does not perform automated decision-making that produces legal effects concerning data subjects or similarly significantly affects them, as described in section 71 of POPIA.

5. How we protect your information

• Sensitive fields (your and your clients' phone numbers, addresses, business details, banking details, VAT numbers) are stored as AES-256-GCM ciphertext in the database. The encryption key is held only on the production server, with restricted file permissions.
• Database backups are encrypted with GPG (AES-256 symmetric) and stored in encrypted, separate object storage.
• Servers run in the Hetzner data centre in Nuremberg, Germany. SSH access is key-only, with brute-force protection (fail2ban) and a strict firewall (only ports 22, 80 and 443 open).
• HTTPS is enforced site-wide via Let's Encrypt certificates.
• Logs are scrubbed of personal information by configuration. We test for accidental leakage before every release.
• Privileged actions are recorded in an audit log (see section 14).

6. Cross-border transfers (sub-processors)

To provide the Service we use specialist third-party providers ("sub-processors"). This involves transferring personal information outside of South Africa. In accordance with section 72 of POPIA, we ensure that such transfers are lawful by relying on the following safeguards (in this order of preference):

1. The sub-processor is located in a country (such as Germany / EU) with data-protection laws that provide an adequate level of protection comparable to POPIA.
2. We have entered into a binding data-processing agreement with the sub-processor that contractually obliges them to protect the information to the standard required by POPIA.
3. Where neither of the above applies (limited to specific operational sub-processors such as voice transcription), the transfer is necessary for the performance of our contract with you, as permitted by section 72(1)(c) of POPIA.

For your own data (Tenant): by using the Service, you consent to these transfers as necessary to deliver the Service.

For your clients' data (End-clients): we process and transfer client data strictly on your documented instruction as Responsible Party. You — not TradeJot — are responsible for ensuring you have a lawful ground under POPIA section 72 to permit the transfer of your clients' information out of South Africa (typically necessity for the performance of your contract with that client). You authorise us to rely on that lawful ground when we engage the sub-processors listed above. We maintain the safeguards described in this section to protect that data in transit.

By using the Service you consent to these transfers. They are necessary to deliver the Service.

7. How long we keep your information

8. Your rights under POPIA

For tenants (our direct users)

You have the right to:

• Access the personal information we hold about you. Reply mydata to the bot for an instant export, or email support@tradejot.co.za from the email on file and we will send you a full export within 7 business days.
• Correct inaccurate information by updating it via the bot's set my X commands during normal use, or by emailing support@tradejot.co.za.
• Delete your information. Reply forgetme to the bot, or email support@tradejot.co.za with your WhatsApp number and the subject line "Delete my account". We acknowledge within 7 days, send you a final export, and complete the hard delete within 30 days (a 30-day grace window during which you can reply cancel deletion). Records we are legally required to retain (such as financial invoices for SARS) are anonymised rather than deleted — see section 7.
• Object to processing or withdraw consent. Withdrawing consent for processing necessary to deliver the Service means we cannot continue providing the Service to you.
• Lodge a complaint with the Information Regulator of South Africa: https://inforegulator.org.za.

To exercise any of these rights, contact our Information Officer at support@tradejot.co.za with the subject line "POPIA Data Subject Request". We may require you to verify your identity before proceeding. Further detail on the request process is available in our PAIA Manual on request.

For end-clients (your tradie's customers)

If you are an end-client who has received a message from TradeJot, you have rights you can exercise directly by replying to the TradeJot WhatsApp number:

• STOP — immediately opt out of all future messages from the TradeJot platform. This is a global block (see section 10).
• START — opt back in to receiving messages if you previously sent STOP.
• MYDATA — request a summary of the personal information we hold about you. We respond within 7 business days.
• FORGETME — request deletion of your personal information from our system. We acknowledge and complete the deletion within 30 days, except where SARS retention rules require us to keep the financial record of an invoice already issued. In that case, your record is anonymised so it cannot be linked back to you.

9. Lawful basis for processing

We process personal information on the following lawful bases under section 11 of POPIA, in approximate order of how often each applies:

• Contract performance: most of our processing is necessary to deliver the Service you signed up for — creating your account, generating invoices, processing payments, providing support. This is our primary lawful basis.
• Legitimate interest: we process information for security monitoring, fraud prevention, and service improvement, provided these interests are not overridden by your rights.
• Legal obligation: we are required to retain financial records for tax purposes (SARS), and may need to process data to comply with court orders, regulator requests, or breach-notification duties.
• Consent: for tenants, we rely on your consent for any non-essential activities and as the basis for cross-border transfers where required (see section 6). For end-clients, we rely on the tenant's warranty that they have a lawful basis to provide us with the client's data, and we obtain explicit YES/STOP consent for business-initiated messaging as described in section 11.

10. End-client notice and the global STOP

When a tenant sends an invoice to an end-client for the first time via TradeJot, the bot's message includes a privacy notice and an explicit STOP instruction.

If a client replies STOP, we record the opt-out at the platform level. No further messages from any TradeJot tenant will be sent to that number until they reply START.

11. Consent for client communication (Pro and Premium tiers)

If a tenant uses the automatic invoice-delivery feature, before TradeJot sends any message to a client, the bot will:

1. Ask the tenant to confirm they have the client's permission to be contacted by TradeJot on their behalf.
2. Send the client a one-time consent message: "[Tenant Name] would like to send your invoices to you via WhatsApp. Reply YES to receive them, or STOP to decline."
3. Only send subsequent invoices automatically if the client replied YES.

The client can revoke consent at any time by replying STOP (which triggers the global opt-out described in section 10).

12. Account recovery

Your registered email is used for a magic-link recovery flow. If you lose access to your WhatsApp number you can trigger recovery from a new number; we send a single-use recovery link with a 1-hour expiry to your email. The new WhatsApp number is bound to your tenant record on successful confirmation. Every recovery event is recorded in the audit log.

13. Multi-staff accounts (Premium tier)

Premium tenants can add staff WhatsApp numbers to their account. The tenant is responsible for obtaining each staff member's consent. Staff members can use the bot to log jobs, mark invoices paid, run reports, and similar operational tasks on the tenant's behalf. Staff cannot access sensitive controls — they cannot delete the account, change branding, manage other staff, change the subscription plan, or perform POPIA deletion requests. All actions taken by staff members are recorded in the account's audit log against the staff member's own WhatsApp number.

14. Audit logging

We maintain a secure audit log of all privileged actions on your account. This includes plan changes, staff being added or removed, data deletions, account recovery events, and refunds. Audit logs are retained for 12 months for security and compliance purposes. The audit log is accessible to the account owner via the bot's audit command.

15. Children

The Service is not intended for users under 18. We do not knowingly collect personal information from children. POPIA defines a child as a person under 18.

16. Cookies and tracking

This website does not use cookies for tracking. We do not run analytics or advertising scripts on tradejot.co.za.

17. Data breaches

If we have reasonable grounds to believe that personal information has been accessed or acquired by an unauthorised person, we will act as soon as reasonably possible after the discovery of the compromise, in accordance with section 22 of POPIA.

Breach of tenant data (where TradeJot is the Responsible Party)

We will notify you and the Information Regulator as soon as reasonably possible, and provide sufficient information for you to take protective measures.

Breach of end-client data (where TradeJot is the Operator and the tenant is the Responsible Party)

Under POPIA, the Operator is obliged to notify the Responsible Party of any compromise of personal information being processed on their behalf. We will therefore notify the affected tenant(s) as soon as reasonably possible. The tenant, as the Responsible Party, is then responsible for any further notification to the Information Regulator and to affected end-clients, as required by section 22 of POPIA. We will provide reasonable assistance — including the information required to support the tenant's own notification — to enable that obligation to be met without delay.

18. Changes to this Policy

We may update this Policy from time to time. Material changes will be notified via WhatsApp and on this page at least 30 days before they take effect.

19. Material changes

v2.2 → v2.3 (19 May 2026 — sub-processor list reality-check)

• Cloudflare R2 removed from the sub-processor list. R2 had been listed in v2 in anticipation of the migration of invoice PDFs and tenant logos to object storage. That migration has not happened yet — logos and PDFs remain on the production server's local file system — so listing R2 as a current sub-processor was inaccurate. R2 will be re-added when the migration actually ships.
• Anthropic (Claude) added as the primary parser. The parser path moved from DeepSeek-Flash to Anthropic's Claude Haiku and Sonnet (accessed via OpenRouter) earlier in May 2026; the sub-processor table now reflects this. DeepSeek remains in the table as a secondary / fallback path.
• OpenAI Whisper removed from the voice-transcription line. Only Groq is wired today; the table previously listed both as a future-flexibility hedge.

v2.1 → v2.2 (12 May 2026 — DeepSeek adversarial review pass)

• Cross-border transfers: separated the lawful basis for tenant data (tenant consent) from end-client data (tenant's documented instruction as Responsible Party, with the tenant warranting a POPIA s.72 basis).
• Data breaches: restructured section 17 to follow the POPIA operator/responsible-party split — TradeJot notifies the affected tenant and (where TradeJot is the Responsible Party) the Information Regulator, and the tenant is responsible for onward notification of their clients.

v2 → v2.1 (12 May 2026 — pre-launch legal-review pass)

• Who we are: expanded section 1 to include legal name, Information Officer name, and PAIA Manual reference (placeholders pending owner completion).
• Cross-border transfers: tightened section 6 to articulate the POPIA s.72 safeguards in order (adequacy → DPA → necessity), rather than relying on consent alone.
• Retention vs deletion: resolved the contradiction in section 7 — SARS-required records are anonymised, not hard-deleted.
• Lawful basis: re-ordered section 9 to lead with contract performance (the primary basis) instead of consent.
• Breach notification: corrected section 17 to use POPIA s.22 language ("as soon as reasonably possible") instead of the GDPR-flavoured 72-hour timeline.
• Data subject rights process: formalised the request process in section 8 with a dedicated subject line and PAIA Manual reference.

v1 → v2

• Sub-processors: added the planned object-storage provider (later removed in v2.3 — the migration didn't happen) and Zoho SMTP (transactional email). Stated that voice transcription would use Groq or OpenAI Whisper (later resolved to Groq only in v2.3).
• Global STOP: clarified that an end-client's STOP reply is a global opt-out from the TradeJot WhatsApp number, affecting all tenants on the platform.
• End-client rights: added a new section detailing the STOP, START, MYDATA, and FORGETME commands for end-clients.
• Email required: business email is now a required onboarding field, used for account recovery.
• Account recovery: new section explaining the email-based recovery flow.
• Multi-staff (Premium): new section explaining staff data handling and limitations.
• Audit logging: new section explaining what we log and for how long (12 months).
• Flow B consent: new section explaining the YES/STOP consent flow before automated client messaging.
• Data breach notification: tightened the timeline for notifying affected users (typically within 7 days of initial assessment).
• Automated decisions: explicit statement that we do not perform automated decision-making with legal effects under POPIA s.71.

20. Contact

For all questions — privacy, billing, support — email support@tradejot.co.za.