Privacy
Privacy
Policy
Last updated: 1 January 2025 · Effective immediately upon use
Tablit is committed to protecting your personal information. This Privacy Policy explains what data we collect, why we collect it, how we use and protect it, and your rights regarding your data. This policy applies to all users of the Tablit mobile application and website.
POPIA Compliance: Tablit operates in accordance with the Protection of Personal Information Act 4 of 2013 (POPIA) of the Republic of South Africa. We process your personal information lawfully, for specific purposes, with appropriate security safeguards, and respect your rights as a data subject.
Section 01
Who We Are / Responsible Party
For the purposes of POPIA and applicable data protection law, the responsible party is:
Tablit
Republic of South Africa
Email: [email protected]
If you have any questions or concerns about this Privacy Policy or how we handle your data, please contact us at the address above.
Section 02
What Information We Collect
We collect personal information that you provide to us directly, information generated through your use of the App, and in some cases, information from third parties. The categories of information we may collect include:
| Category |
Examples |
Purpose |
| Identity data |
First name, last name |
Account creation, personalisation |
| Contact data |
Email address, phone number |
Account creation, communication, verification |
| Receipt data |
Photos of receipts, extracted item data, amounts |
Bill splitting functionality |
| Usage data |
App interactions, features used, session duration |
Service improvement, analytics |
| Device data |
Device type, OS version, app version, IP address |
Technical support, security |
| Transaction data |
Payment amounts, split details, timestamps |
Payment facilitation, dispute resolution |
| Communications data |
Messages sent within the App, support enquiries |
Feature delivery, customer support |
| Marketing data |
Referral source, early access sign-up data |
Growth, referral programme |
What we do not collect: Tablit does not store your full card numbers, banking passwords, PINs, or other sensitive payment credentials on our own servers. Payment data is handled exclusively by our third-party payment processor.
Section 03
How We Collect Information
We collect information through the following means:
- Direct input: Information you provide when creating an account, signing up for early access, or using App features.
- Automated collection: Data collected automatically when you use the App, including device identifiers and usage analytics.
- Camera and image upload: Receipt images you capture or upload through the App. These are processed by our AI systems and stored temporarily to deliver the bill-splitting service.
- Third-party providers: Data received from payment processors, authentication providers, or analytics services in connection with your use of the App.
- Referrals: If another user refers you, we may receive your contact information for the purpose of sending you an invitation.
Section 04
Legal Basis for Processing
Under POPIA, we process your personal information on the following grounds:
- Performance of a contract: Processing necessary to provide you with the App's services.
- Consent: Where you have given explicit consent, such as for marketing communications or early access sign-up. You may withdraw consent at any time.
- Legitimate interests: Processing necessary for our legitimate business interests, such as fraud prevention, security, and service improvement, where these do not override your rights.
- Legal obligation: Where we are required to process your data to comply with applicable law.
Section 05
How We Use Your Information
We use your personal information to:
- Create and manage your Tablit account.
- Provide the bill-splitting and payment facilitation services.
- Process and validate receipt images using AI technology.
- Facilitate payments through third-party payment providers.
- Send transactional notifications relevant to your activity on the App.
- Send service announcements, including launch notifications if you have signed up for early access.
- Send marketing communications where you have consented to receive them.
- Operate and improve the referral and rewards programme.
- Detect, investigate, and prevent fraud, abuse, and security incidents.
- Comply with legal obligations and enforce our Terms and Conditions.
- Improve, test, and develop new features of the App.
- Respond to your support requests or enquiries.
Section 06
Sharing of Your Information
We do not sell your personal information to any third party. We may share your information with:
- Third-party payment processors (such as Stitch) for the purpose of facilitating payments. These providers process payment data under their own privacy policies and are independently responsible for their data practices.
- AI and technology service providers used to process receipt images and extract data. These providers are contractually bound to process data only as instructed by us.
- Cloud infrastructure and hosting providers who store and process data on our behalf under appropriate data processing agreements.
- Analytics providers to help us understand how the App is used. Data shared for analytics purposes is aggregated or anonymised where possible.
- Law enforcement or regulatory authorities where we are required to do so by applicable law, court order, or legal process.
- Successor entities in the event of a merger, acquisition, or sale of all or part of our business, subject to standard confidentiality obligations.
When other users participate in a bill split you initiate, limited data (such as your display name and the amounts owed) will be visible to those users as part of the functionality of the App. You consent to this by using the bill-splitting feature.
Section 07
Receipt Images and AI Processing
When you upload a receipt image, that image is transmitted to our AI processing system for extraction of itemised data. You expressly acknowledge and agree that:
- Receipt images may be processed by third-party AI service providers under contractual obligations of confidentiality.
- We take reasonable technical measures to protect receipt images during transmission and processing.
- Receipt images are retained only as long as necessary to deliver the service, unless you have saved a bill within the App, in which case they are retained for as long as the bill remains active in your account.
- AI extraction of receipt data is not guaranteed to be accurate. You are responsible for verifying all extracted amounts before confirming a split or initiating a payment.
Section 08
Data Retention
We retain your personal information for as long as necessary to provide the services and fulfil the purposes described in this policy, or as required by law. Specifically:
- Account data is retained for as long as your account is active, plus a reasonable period thereafter in case of dispute or re-activation.
- Transaction and bill split data is retained for a minimum of 3 years for financial record-keeping and dispute resolution purposes.
- Receipt images are deleted once they are no longer needed to serve an active bill, unless retained by your explicit action.
- Early access sign-up data is retained until the App launches and you are notified, after which it is deleted unless you create an account.
- Support communications are retained for up to 2 years from the date of resolution.
When data is no longer required, it is securely deleted or anonymised.
Section 09
Data Security
We implement appropriate technical and organisational measures to protect your personal information against unauthorised access, disclosure, alteration, or destruction. These measures include:
- Encryption of data in transit using TLS/SSL protocols.
- Encryption of sensitive data at rest.
- Strict access controls limiting who within our organisation can access personal data.
- Regular security reviews and monitoring.
- Use of reputable, security-certified third-party infrastructure providers.
Despite these measures, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security of your data. In the event of a data breach that is likely to result in a risk to your rights and freedoms, we will notify you and the relevant authorities as required by POPIA.
Section 10
Your Rights as a Data Subject
Under POPIA and applicable data protection law, you have the following rights regarding your personal information:
- Right of access: You may request a copy of the personal information we hold about you.
- Right to correction: You may request that we correct inaccurate or incomplete personal information.
- Right to deletion: You may request that we delete your personal information, subject to applicable legal obligations.
- Right to object: You may object to the processing of your personal information for certain purposes, including direct marketing.
- Right to withdraw consent: Where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing.
- Right to data portability: Where technically feasible, you may request your data in a structured, machine-readable format.
- Right to lodge a complaint: You have the right to lodge a complaint with the Information Regulator of South Africa if you believe your data has been processed unlawfully.
To exercise any of these rights, contact us at [email protected]. We will respond within the timeframes required by POPIA (generally within 30 days).
Information Regulator of South Africa:
Website: www.inforegulator.org.za
Email: [email protected]
Section 11
Cookies and Tracking Technologies
Our website may use cookies and similar tracking technologies to enhance your experience, analyse usage, and support functionality. Types of cookies we may use include:
- Essential cookies: Required for the website to function correctly.
- Analytics cookies: Help us understand how visitors interact with our website.
- Preference cookies: Remember your settings and choices.
You can control or disable cookies through your browser settings. Disabling certain cookies may affect functionality of the website.
Section 12
Children's Privacy
Tablit is not intended for use by persons under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have collected personal information from a person under 18 without parental consent, we will delete that information promptly. If you believe we may have information from or about a child, please contact us at [email protected].
Section 13
International Data Transfers
Tablit operates primarily within South Africa. However, some of our third-party service providers (including cloud infrastructure and AI providers) may process data outside South Africa. Where such transfers occur, we take reasonable steps to ensure that your data is protected in accordance with the standards required by POPIA, including through contractual data processing agreements with those providers.
Section 14
Marketing Communications
We may send you marketing communications where you have consented to receive them, such as when you sign up for early access. Each marketing communication will include an option to opt out. You may also opt out at any time by contacting us at [email protected].
Opting out of marketing communications does not affect transactional or service communications related to your account or active bills.
Section 15
Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will post the updated policy on our website and update the "Last updated" date at the top. Where changes are material, we will make reasonable efforts to notify you directly.
Your continued use of the App after any changes to this policy constitutes your acceptance of the updated policy.
Section 16
Contact Us
For any questions, requests, or concerns relating to