Legal

Privacy Policy

How we collect, use and protect your information — in line with South Africa's Protection of Personal Information Act (POPIA).

Last updated: 15 June 2026

This Privacy Policy explains how BaobabPOS (“we”, “us”, “our”) collects, uses, shares and protects personal information when you use our website and point-of-sale service (the “Service”). It applies to business owners and staff who use BaobabPOS, and to visitors to baobabpos.net.za. By using the Service you agree to this Policy.

1. Who we are

BaobabPOS is a cloud point-of-sale provider based in South Africa. For the personal information you load into your store (for example, your customers’ details), you are the “responsible party” and we act as an “operator” processing that information on your instructions under POPIA.

2. Information we collect

Information you give us

  • Account details — your name, business name, email address, chosen store address (subdomain) and the plan you select.
  • Staff accounts — names, roles and login PINs you create for your team.
  • Store data — products, prices, inventory, sales, customers and loyalty records you enter or generate while using the Service.
  • Support & enquiries — anything you send us by email or through our contact form.

Information we collect automatically

  • Usage & device data — IP address, browser type, pages viewed and actions taken, used to run and secure the Service.
  • Cookies & local storage — small files used to keep you signed in and remember preferences (see “Cookies” below).

3. How we use your information

  • To create, run and maintain your store and staff accounts.
  • To process subscription payments and manage your trial and billing.
  • To provide support and respond to your enquiries.
  • To keep the Service secure, prevent abuse and troubleshoot problems.
  • To send essential service messages (for example, verification, billing and security notices).
  • To improve our features and understand how the Service is used.

We do not sell your personal information, and we do not use your store’s customer data for our own marketing.

4. Legal basis for processing

We process personal information where it is necessary to perform our contract with you, to comply with a legal obligation, for our legitimate business interests (such as securing and improving the Service), or with your consent where required by law.

5. Payments

Subscription card payments are processed by Paystack, a licensed payment provider. Card details are entered on Paystack’s secure systems — we do not see or store full card numbers. Paystack processes your payment information under its own privacy terms.

6. Cookies

We use strictly necessary cookies and local storage to keep you signed in, remember your preferences (such as your saved printer) and keep the Service secure. We may use limited, privacy-respecting analytics to understand usage. You can control cookies through your browser settings, though some features may not work without them.

7. Sharing your information

We share personal information only as needed to run the Service, with:

  • Service providers — hosting and network security (including Cloudflare), email delivery (Microsoft) and payments (Paystack).
  • Legal & safety — where required by law, court order, or to protect our rights, users or the public.
  • Business transfers — if we are involved in a merger, acquisition or sale of assets, subject to this Policy.

8. International transfers

Some of our service providers may process data outside South Africa. Where this happens, we take reasonable steps to ensure your information receives a comparable level of protection as required by POPIA.

9. Data security

Your store runs on its own secured subdomain behind Cloudflare, with encrypted (HTTPS) connections, access controls and regular backups. While no system is completely immune to risk, we maintain reasonable technical and organisational safeguards to protect your information.

10. How long we keep your information

We keep your information for as long as your account is active and for a reasonable period afterwards to meet legal, accounting and dispute-resolution requirements. You can ask us to delete your data — see “Your rights” below.

11. Your rights (POPIA)

You have the right to:

  • Access the personal information we hold about you.
  • Ask us to correct or update inaccurate information.
  • Ask us to delete information we no longer need to keep.
  • Object to certain processing, and withdraw consent where processing is based on it.
  • Export your store data.

To exercise any of these, email us at [email protected].

12. Children

The Service is intended for businesses and is not directed at children. We do not knowingly collect personal information from children.

13. Changes to this Policy

We may update this Policy from time to time. We’ll post the updated version here with a new “Last updated” date, and notify you of material changes where appropriate.

14. Contact & complaints

Questions or requests about privacy? Contact our Information Officer at [email protected]. If you believe we have not handled your information properly, you may also lodge a complaint with the Information Regulator of South Africa.