faktuur
Legal

Privacy Policy

Effective 28 May 2026 · IDEAI (Pty) Ltd trading as Faktuur

This Privacy Policy explains how IDEAI (Pty) Ltd trading as Faktuur ("Faktuur", "IDEAI", "we", "us" or "our") collects, uses, shares and protects personal information when you visit faktuur.co.za, sign in to the Faktuur web or mobile app, or use the Service. We are committed to processing personal information lawfully and transparently in line with South Africa's Protection of Personal Information Act, 2013 (POPIA).

1. Who we are

IDEAI (Pty) Ltd is a software company registered in South Africa (registration number 2026/390992/07), with its registered address at 28 Omega Road, Rozendal, Stellenbosch, Western Cape, 7600.

For any privacy matter, our Information Officer can be reached at hello@faktuur.co.za.

2. Two kinds of personal information

Because Faktuur is a tool merchants use to invoice their own customers, we process personal information in two distinct roles:

  • About merchants (account holders). When you sign up for Faktuur we process your information as the responsible party.
  • About your customers and projects. When you enter your customers' details, briefs and invoice contents into Faktuur, we process that information as an operator on your behalf. You remain the responsible party for your customers' personal information.

3. The information we collect about merchants

  • Account information — your name, email address, role and authentication data (we use magic-link sign-in and Google sign-in; we do not store passwords).
  • Business information — your business name, registration number, VAT number, address, phone, logo and bank details for invoice rendering (we do not store card numbers).
  • KYC documents — for verification we may collect ID, proof of address, bank confirmation and company-registration documents that you upload. These are stored privately and used only for verification.
  • Phone verification — when you verify your phone number we send a one-time code through Twilio Verify.
  • Billing information — to take your subscription fees through Paystack; card details are handled directly by Paystack (see section 7).
  • Information collected automatically — basic technical and usage data (browser type, device, approximate region, pages and features used, API request logs) to keep the Service secure and reliable.
  • Local browser storage — we store your theme and language preference in your browser's local storage, and a guest-cart token for merchant storefronts. These never leave your device.

4. The information you upload about your customers

To build invoices, quotes and proposals, Faktuur stores the customer information you enter: name, email address, phone, billing address, VAT number, project briefs and uploaded photos, and the line items and amounts of each invoice. We process this information solely to provide the Service to you. You are responsible for ensuring you have a lawful basis (under POPIA or any other applicable law) to provide it to us, and that your own privacy notice tells your customers about it.

5. How and why we use information

We process personal information to:

  • create and operate your account, including authenticating you;
  • turn your briefs and photos into AI-generated project plans;
  • generate, store and send proposals, quotes and invoices to your customers;
  • take your subscription payments and reconcile them;
  • keep the Service secure, available and working correctly;
  • support you, communicate service updates, and respond to enquiries;
  • comply with our legal, accounting and regulatory obligations.

Our lawful bases under POPIA are your consent, the performance of our contract with you, our legitimate business interests, and compliance with the law.

6. AI processing (Anthropic)

When you ask Faktuur to generate a project plan, refine a brief, suggest a product listing or extract details from a KYC document, we send the relevant input — including the brief text, attached photos or documents — to Anthropic (Claude) for processing. Anthropic processes this data under their commercial terms; they do not use it to train any model. The AI's output is returned to Faktuur and stored on your project, listing or business record.

7. Payments and Paystack

All payments — both your subscription to Faktuur and any invoice your customer pays you — are processed by Paystack, a PCI-DSS compliant payment provider. Card details are entered and handled directly by Paystack on their secure systems; Faktuur never sees or stores full card numbers, CVVs or PINs. We receive only the information needed to confirm and reconcile each payment (such as a transaction reference and outcome). Paystack's handling of your data is governed by their own privacy policy at paystack.com/privacy.

8. Cookies and similar technologies

We do not use advertising or third-party tracking cookies. The only data we keep in your browser is the theme/language preference and the cart token described above. Some essential cookies may be set by our hosting or security providers to deliver the Service safely.

9. Our subprocessors

We do not sell personal information. To run the Service we share it only with the following trusted providers, and only as far as needed:

  • Paystack — payment processing for subscriptions and customer invoices;
  • Anthropic (Claude) — AI generation of project plans, brief refinement, document extraction;
  • Resend — outbound email (magic-link sign-in, invoice/quote/proposal delivery, transactional notifications);
  • Twilio Verify — one-time-code SMS verification of phone numbers;
  • DigitalOcean Spaces (Frankfurt region) — encrypted private file storage for photos, PDFs, KYC documents and logos;
  • DigitalOcean — hosting and database infrastructure;
  • Google — Google sign-in (optional) and the Places autocomplete proxy for address suggestions;
  • Professional and legal advisors — where required for accounting, audit or legal compliance.

These providers are bound to protect your information and may only use it to provide their service to us. We may also disclose information where required by law.

10. International transfers

Some of our subprocessors (Anthropic, Resend, DigitalOcean, Twilio, Google, Paystack) operate from or process data outside South Africa, including in the United States and the European Union. Where personal information is transferred across borders we take reasonable steps to ensure it remains protected to a standard consistent with POPIA, including by relying on the provider's published safeguards and data-processing addenda.

11. How long we keep information

We keep personal information only for as long as necessary for the purposes set out above, or as required by law (for example, tax and accounting records must be kept for several years). When you delete your account we delete or anonymise the related personal information, except where the law requires us to keep certain records.

12. How we protect your information

We apply reasonable technical and organisational measures — including encryption in transit, isolation per business, access controls and trusted, security-conscious providers — to guard against loss, misuse and unauthorised access. No method of transmission or storage is ever completely secure, but we work to protect your information and to address any incident promptly.

13. Your rights

Under POPIA, you have the right to:

  • ask what personal information we hold about you and request access to it;
  • ask us to correct or update information that is inaccurate or incomplete;
  • ask us to delete or destroy information we no longer have grounds to keep;
  • object to certain processing, and withdraw any consent you have given;
  • lodge a complaint with the Information Regulator.

If you are your customer trying to exercise these rights about information that a Faktuur merchant uploaded, please contact that merchant first — Faktuur is the operator and the merchant is the responsible party. You may also email us and we will forward your request.

To exercise any rights with respect to information we hold about you as a merchant, email hello@faktuur.co.za. You may also contact the Information Regulator (South Africa) at inforegulator.org.za.

14. Children

Faktuur is intended for business use and is not directed at children. We do not knowingly collect personal information from anyone under 18. If you believe a child has given us information, please contact us and we will delete it.

15. Changes to this policy

We may update this Privacy Policy from time to time. The latest version will always be posted on this page with a revised effective date. Significant changes will be highlighted where appropriate.

16. Contact us

Questions about this policy or how we handle your information? Email us at hello@faktuur.co.za.