Privacy Policy

Effective date: 19 September 2025

SMH Revenue Systems (“we”, “us”) provides SaaS billing setup and related services. We respect your privacy and process personal information lawfully and transparently in line with POPIA and GDPR.

1) Who we are (Responsible Party / Controller)
SMH Revenue Systems, Johannesburg, South Africa.
Email: [email protected] (or [email protected])
Business email for general queries: [email protected]

2) What we collect
Contact details you give us (name, email, WhatsApp/phone, company, time zone).
Booking details from Calendly (meeting time, notes).
Website analytics (device, pages viewed, referrer) via Google Analytics 4.
Operational data needed to perform a setup (public product URLs, non-secret configuration info).
We never store card data; all payments are processed by Stripe/Paddle/Lemon Squeezy.
3) Why we process your data (Purposes)
To respond to enquiries and schedule a 15-minute fit call.
To deliver day-1 billing setup and ongoing Care Plans.
To send operational messages (booking confirmations, service updates, invoices).
To improve our website and services (aggregate analytics).
To meet legal and tax obligations.
4) Lawful bases (GDPR) / Justification (POPIA)
Performance of a contract (providing the setup/Care Plan you request).
Legitimate interests (running and improving our business; security).
Consent (marketing emails, where applicable). You can withdraw consent at any time.
5) Sharing / Operators (Processors)
We use trusted service providers who only process data on our instructions:

Calendly (scheduling), Google Analytics (analytics), Email/Workspace (email), Stripe / Paddle / Lemon Squeezy (payments/Merchant-of-Record), Durable (website hosting).
We do not sell your personal information.
6) International transfers
Data may be processed outside South Africa. We use safeguards such as Standard Contractual Clauses and service-provider agreements.

7) Retention
Enquiries and project records: up to 5 years for legal/accounting.
Analytics: 14–26 months (aggregate).
If you request deletion, we will delete data that we are not legally required to retain.
8) Your rights
POPIA/GDPR: access, correct, delete, object/restrict processing, data portability, and lodge a complaint with the Information Regulator (SA) or your local authority.
Contact us at [email protected] to exercise your rights.
9) Security
We use account access controls, encryption offered by our providers, and limit access to personal information on a need-to-know basis.

10) Cookies
We use only necessary cookies and GA4 for analytics. You can opt out via your browser or disable analytics cookies. See our Cookie Notice for details (optional page).

11) Children
Our services are for businesses; we do not knowingly collect data from children.

12) Changes
We may update this policy. The latest version will always appear at /privacy-policy.