Privacy Policy:DigiSlips

DigiSlips is a digital receipt service that lets customers claim and store their till slips electronically. This policy explains what personal information we collect, how we use it, and your rights under the Protection of Personal Information Act, 2013 (POPIA).

1. Who We Are

DigiSlips is a service operated in South Africa. We are the responsible party for the personal information you provide when using the DigiSlips app and website.

Contact: support.digislips@gmail.com

2. What We Collect

We collect only what is necessary to provide the service:

Email address:used to create and authenticate your account.
Display name:optional name you set in the app.
Receipt text:the raw text content of till slips you claim. This is uploaded by the merchant's DigiSlip device and stored under your account when you claim a slip.
NFC card UIDs:the unique identifier of any physical NFC card you register to your account for tap-to-claim.

We do not collect payment card details, ID numbers, or location data.

3. How We Use Your Information

To authenticate you and manage your account.
To store and display your claimed digital receipts.
To link NFC card taps to your account so slips are claimed automatically.
To respond to support requests you send us.

We do not sell your personal information. We do not use your receipt data for advertising.

4. How Long We Keep It

Unclaimed slips:deleted automatically after 24 hours.
Claimed slips:kept until you delete them or delete your account.
NFC cards:kept until you remove them or delete your account.
Account data:deleted within 30 days of an account deletion request. Backups roll off within 30 days.

5. Third Parties

We use the following third-party service to operate DigiSlips:

Supabase:our database and authentication provider. Your data is stored on Supabase's managed infrastructure in Frankfurt, Germany (EU). Supabase processes data under a Data Processing Agreement and is subject to GDPR, which the EU Commission has deemed to provide adequate protection.

No other third parties receive your personal information.

6. Merchants

Merchants who operate DigiSlip devices (hardware that sits between their existing POS machine and thermal printer to intercept and digitise receipt data) are operators under POPIA. They process personal information (receipt text and NFC card UIDs) on our behalf at the time a slip is generated. As part of setting up a DigiSlip device, merchants agree to conditions that require them to handle this data in a manner consistent with this policy and with POPIA. DigiSlips remains the responsible party for your personal information at all times.

DigiSlips is not responsible for the accuracy of receipt content. Slip data is generated by the merchant's device and is outside DigiSlips' control. Customers should verify their receipt before leaving the retailer.

7. Cross-Border Transfers

Your data is currently stored in the European Union (Frankfurt, Germany). South Africa's Information Regulator permits transfers to countries with adequate data protection laws. The EU qualifies. We plan to migrate to South African-hosted infrastructure once DigiSlips reaches commercial scale.

8. Data Breach Notification

In the event of a data breach that involves your personal information, we will notify both the Information Regulator and all affected data subjects as soon as reasonably possible, and no later than 72 hours of becoming aware of the breach.

Notifications to affected users will be sent to the email address on their account and will include:

A description of what happened and when.
The categories of personal information involved.
The likely consequences of the breach.
The steps we have taken or will take to address the breach.
Contact details for any further questions.

9. Your Rights Under POPIA

As a data subject, you have the right to:

Access your personal information:view your slips and account details in the app.
Correct your information:edit your display name in Settings.
Delete a slip:swipe left on any slip in your History tab and tap Delete.
Delete your account:go to Settings → Delete Account. All your data is permanently removed within 30 days.
Object to processing:contact us at support.digislips@gmail.com.

10. Complaints

If you believe we have handled your personal information unlawfully, you may lodge a complaint with South Africa's Information Regulator:

Information Regulator (South Africa)
Website: inforegulator.org.za
Email: inforeg@justice.gov.za
Complaints email: PAIAComplaints@inforegulator.org.za

11. Changes to This Policy

We may update this policy as the service evolves. The effective date at the top of this page will reflect when it was last changed. Continued use of DigiSlips after changes are posted means you accept the updated policy.

12. Contact Us

Questions about this policy or your personal information:

support.digislips@gmail.com