Privacy Policy

Effective date: 19 September 2025

SMH Revenue Systems (Pty) Ltd (“we”, “us”) respects your privacy and processes personal information lawfully and transparently in line with POPIA (South Africa) and, where relevant, GDPR.

1) Who we are (Responsible Party / Controller)
SMH Revenue Systems (Pty) Ltd, Midrand, Gauteng, South Africa.
Privacy queries: [email protected]
General queries: [email protected]

2) What we collect
Contact details you provide (name, email, WhatsApp/phone, business name).
Booking & onboarding details (form responses, preferred tools, logo/brand assets, item/pricing lists).
Operational/billing data needed to configure your quote-to-cash flow (non-secret configuration info, public product/price info).
Communications (emails/WhatsApps related to service delivery).
Website analytics (device, pages viewed, referrer) via basic analytics tools.
We do not store card data. Payments are processed by your chosen provider.
3) Why we process your data (Purposes)
To respond to enquiries and book your sprint.
To deliver the Billing-in-a-Day setup and optional Care Plans.
To send operational messages (confirmations, handover notes, invoices).
To improve our services (aggregate analytics).
To meet legal, tax and accounting obligations.
4) Lawful bases / Justification
Performance of a contract (setting up what you requested).
Legitimate interests (running and improving our service; security; fraud prevention).
Consent (optional marketing; you can withdraw consent at any time).
5) Operators/Processors we use (on our instructions only)
Typical tools we use to deliver the service:

Forms & docs: Jotform / Google Forms & Sheets / Notion / Canva
Training: Loom
Payments (you choose): Paystack, Ozow, Yoco, SnapScan (or your existing gateway)
Website hosting: Durable
We do not sell personal information.

6) Cross-border storage
Some providers store/process data outside South Africa. We take reasonable steps to ensure comparable protection (e.g., contractual safeguards and provider security commitments).

7) Retention
Enquiries and project records: kept only as long as necessary to deliver the service and meet legal/audit requirements (generally up to 5 years).
Analytics: retained in aggregate for trend insights.
When no longer needed, we delete or de-identify data.
8) Your rights
Under POPIA/GDPR you may access, correct, delete, or object to certain processing.
To exercise rights or ask questions, email [email protected].
You may also contact the South African Information Regulator.

9) Security
We use access controls, provider encryption, and need-to-know permissions. We also encourage strong authentication on connected tools.

10) Cookies
We use essential site cookies and limited analytics. You can control cookies via your browser settings. (If you enable a separate Cookie Notice, link it here.)

11) Children
Our services are intended for businesses. We do not knowingly collect information from children.

12) Changes
We may update this policy. The latest version will always be available at /privacy. Material changes will be indicated by an updated effective date.