Skip to content
Platybooks

Privacy Policy

Last updated: June 2026

This Privacy Policy explains how Platybooks (“we”, “us”) collects, uses, and protects information when you use our invoicing and sales CRM. We keep data collection to what is needed to run the service and never sell your data.

Information we collect

  • Account data — your email address and the organization details you provide (name, address, currency, logo).
  • Business records you create — clients, products, quotes, invoices, payments, and the documents you send.
  • Usage and technical data — basic logs needed to operate, secure, and troubleshoot the service.

How we use information

  • To provide the service: create and send documents, process payments, and send email.
  • To secure the service and prevent abuse.
  • To communicate with you about your account and important changes.

Lawful basis for processing

We process personal information under the grounds set out in South Africa’s Protection of Personal Information Act (POPIA), and — for visitors and customers in the EU/EEA — the corresponding bases under the GDPR:

  • Performance of a contract — to create your workspace, store the business records you enter, send your documents, and operate the service (GDPR Art. 6(1)(b)).
  • Legitimate interests — to keep the service secure, prevent abuse, and diagnose errors, balanced against your rights (GDPR Art. 6(1)(f)).
  • Consent — where you give it, e.g. for optional analytics on our marketing site; you can withdraw consent at any time (GDPR Art. 6(1)(a)).
  • Legal obligation — to meet retention and accounting duties that apply to us (GDPR Art. 6(1)(c)).

Cookies & tracking

Platybooks does not use advertising or cross-site tracking cookies. The only data stored in your browser is first-party and either strictly necessary to run the service or kept to honour your preferences:

  • Authentication session — keeps you signed in. Strictly necessary; cleared on sign-out.
  • lf.currentOrg — remembers which workspace you last used. Functional (localStorage); persists until cleared.
  • lf.ui — remembers interface preferences such as your theme and sidebar state. Functional (localStorage); persists until cleared.
  • lf.consent — remembers your choice about optional analytics so we don’t ask again. Strictly necessary to honour your preference (localStorage).

Marketing-site analytics. On our public marketing pages we use Plausible Analytics, a privacy-friendly, cookieless analytics tool. It measures page views and aggregate trends without cookies and without collecting personal information or building cross-site profiles. It is not loaded inside the signed-in app.

Error monitoring. Across the application we use Sentry to detect and diagnose technical errors. We configure it to scrub IP addresses and personal data so that error reports do not identify you. This runs on the basis of our legitimate interest in a reliable, secure service.

Operators & sub-processors

We share data only with the operators required to run Platybooks. Each acts on our behalf under a data-processing agreement and may not use your data for its own purposes. We do not sell personal information.

  • Supabase — application hosting, database, authentication, and file storage (the core of the service).
  • Resend — delivery of transactional email (document and account notifications).
  • Plausible Analytics — cookieless, aggregate analytics on our marketing site (no personal information).
  • Sentry — application error monitoring (IP and personal data scrubbed).
  • Your payment processor — when you enable online payments, the processor you connect handles payment data under its own terms.

Cross-border transfers

Some of these operators may process data outside South Africa, including in the EU and the United States. Where that happens we rely on appropriate safeguards — consistent with POPIA section 72 and, for EU data, the EU Standard Contractual Clauses — so your information stays protected to a comparable standard.

Data storage and security

Data is stored with multi-tenant isolation so each organization only sees its own records. Access is role-based, and payment records are kept on an append-only ledger. We use industry-standard safeguards, though no method of transmission or storage is completely secure.

Retention

We keep your account and business records for as long as your workspace is active. After you close your account we delete or anonymise personal information within a reasonable period, except where we must retain certain records (for example invoices and accounting data) to meet legal obligations. Server and error logs are kept only as long as needed for security and troubleshooting.

Your rights

Subject to applicable law, you may have the right to access your personal information, to have it corrected or deleted, to object to or restrict certain processing, to data portability, and — where processing is based on consent — to withdraw that consent at any time. To make a request, contact us using the details below.

You also have the right to lodge a complaint with a supervisory authority. In South Africa this is the Information Regulator; in the EU/EEA it is the data protection authority in your country of residence.

Contact

Our Information Officer handles privacy questions and data requests. Email us at privacy@platybooks.app.