wabill
Log in

Privacy Policy

Effective date: 15 January 2026

1. Who we are

wabill is a product of K2026012823 (Pty) Ltd, a South African registered company. We build a WhatsApp-native product that helps small businesses, tradespeople, freelancers, and enterprise clients create and send invoices, quotes, payslips, and manage recurring billing, all through WhatsApp and a web dashboard.

We also run an enterprise payslip distribution service. Companies upload their payroll data and we deliver password-protected payslips straight to each employee's WhatsApp.

Our Information Officer is Tapiwa Craig Kambanga. We're registered with the South African Information Regulator (Registration Number: 2026-003520).

Privacy questions? Email privacy@wabill.co.za.

2. What we collect

Here's what we collect when you use wabill:

Account and identity

  • Your WhatsApp number (this is how we identify your account).
  • Your WhatsApp profile name.
  • Your email address, if you link one.

Business details

  • Business name, trading name, and CIPC registration details.
  • VAT number, SARS tax reference, UIF and PAYE reference numbers.
  • Bank details you provide for your invoices and payslips.
  • Your business logo.
  • Contact details (phone, email, address).

Financial data

  • Invoice and quote amounts, line items, and payment terms.
  • Payment status (paid, partial, outstanding, overdue).
  • Recurring billing schedules, amounts, and payment link transactions.
  • Subscription payments are processed by Paystack. We never store your card number, CVV, or banking credentials.

Payroll and employee data

  • Employee names, ID numbers, contact details, and job titles.
  • Salary, earnings, and deduction information for payslip generation.
  • Pay period dates and employment reference data.
  • CSV payroll files uploaded for enterprise distribution.

Your customers and members

  • Names and contact details of people you invoice or bill.
  • WhatsApp numbers used to deliver documents.

Usage and analytics

  • Document counts, subscription status, and activity timestamps.
  • WhatsApp messages you send us to create and manage documents.
  • Anonymous website analytics via Google Analytics.

3. How we use it

  • Create and send your invoices, quotes, and payslips.
  • Run your recurring billing groups. Send invoices and payment links to your members via WhatsApp on your billing day.
  • Process enterprise payslip distribution, including AI-assisted column detection to map your CSV payroll data.
  • Manage your account and subscription.
  • Send service messages via WhatsApp (document deliveries, account updates).
  • Send occasional product updates or tips. You can opt out anytime.
  • Improve the service using aggregated, anonymous usage data.

4. Legal basis (POPIA)

Under the Protection of Personal Information Act (POPIA), we process your information based on:

  • Contract: we need your data to provide the service you signed up for.
  • Legitimate interest: improving the product and sending relevant updates.
  • Consent: where you voluntarily provide information like your business details and logo.

wabill acts as an Operator under POPIA. You (the business using wabill) are the Responsible Party for the personal information of your customers, employees, and billing group members. We process that information on your behalf and only for the purposes you provided it.

5. Who we share data with

We don't sell, rent, or share your personal information for marketing. We only share data with the services we need to run wabill:

  • Meta (WhatsApp Business API): delivers your documents via WhatsApp. Meta verified, end-to-end encrypted.
  • Paystack: processes subscription and collect payments. PCI DSS Level 1 compliant. Supports card, EFT, Capitec Pay, SnapScan, and Apple Pay.
  • Cloudflare: DNS, DDoS protection, firewall, and CDN. SOC 2 Type II and ISO 27001 certified.
  • Supabase (AWS): database and file storage. SOC 2 Type II and ISO 27001 certified.
  • Vercel: hosts the dashboard and website. SOC 2 Type II compliant.
  • OpenAI: AI column mapping for enterprise CSV processing. SOC 2 Type II compliant. Your data is not used for model training under their business API terms.
  • Google Analytics: anonymous website usage data.

6. How long we keep it

We keep your data while your account is active and for a reasonable period after that to handle disputes, audits, or regulatory requirements.

Enterprise payslip distribution data is kept for 12 months to support employee queries and reissues, then automatically deleted. You can request earlier deletion.

Want your data deleted? Email privacy@wabill.co.za. We process deletion requests within 30 days.

7. Your rights under POPIA

You can:

  • Access the personal information we hold about you.
  • Ask us to correct inaccurate information.
  • Ask us to delete your personal information.
  • Object to how we process your information.
  • Lodge a complaint with the Information Regulator of South Africa.

To exercise any of these, email privacy@wabill.co.za.

8. How we protect your data

  • Encryption at rest: AES-256 on database and file storage.
  • Encryption in transit: TLS 1.2+ on every connection. HTTPS everywhere.
  • Payslip PDFs: individually password-protected before delivery.
  • Network protection: Cloudflare WAF, DDoS protection, rate limiting, and security headers (HSTS, Content-Security-Policy, X-Frame-Options).
  • Access control: SSH key-only server access, multi-factor authentication on critical accounts, least-privilege admin access.
  • WhatsApp delivery: via the official Meta WhatsApp Business Cloud API with end-to-end encryption.

No system is 100% secure, but we continuously review and improve our security.

9. If something goes wrong

If there's a confirmed security breach affecting your data, we'll notify you within 72 hours and report to the Information Regulator as required by POPIA Section 22.

10. Cookies

  • Functional cookies: keep you signed in and remember your session. No cross-site tracking.
  • Analytics cookies (Google Analytics): anonymous usage data. You can block these in your browser settings.

11. Children

wabill is for businesses and individuals over 18. We don't knowingly collect information from children.

12. Changes to this policy

We may update this policy. If something significant changes, we'll let you know via WhatsApp. The latest version is always at wabill.co.za/privacy.

13. Contact

For data queries, access requests, deletion requests, or security concerns:

Tapiwa Craig Kambanga, Information Officer
K2026012823 (Pty) Ltd
Email: privacy@wabill.co.za
Information Regulator Registration: 2026-003520

Privacy Policy | wabill