Privacy Policy

Last updated: 29 March 2026

This Privacy Policy explains how EasyQuo ("EasyQuo", "we", "us", or "our") collects, uses, discloses, and protects personal information when you visit our marketing websites, use the EasyQuo web application and related services (collectively, the "Service"), or otherwise interact with us. It is intended to align with the Protection of Personal Information Act, 2013 ("POPIA") and other applicable laws in South Africa.

By using the Service, you acknowledge this Policy. If you do not agree, please do not use the Service. Capitalised terms used in our Terms of Service have the same meaning here unless stated otherwise.

1. Who is responsible for your information?

EasyQuo is the responsible party for personal information we process in connection with operating the Service and our websites, except where we act strictly as a processor on behalf of your Business (see section 6).

Contact for privacy enquiries: [email protected] (South Africa).

2. Personal information we collect

We may collect the following categories of information:

2.1 Information you provide

  • Account and profile: name, email address, password (stored in hashed form), phone number if you choose to provide it, and role or title where relevant.
  • Business details: trading or registered name, VAT number where applicable, address, branding or logo uploads, and other fields you complete in settings.
  • Operational data you enter: customer and contact records, quote and invoice content, line items, notes, message templates, automation settings, and attachments you upload to the Service.
  • Billing-related data: subscription plan, billing status, and transaction references. Card and banking details are typically collected and stored by our payment service provider (for example Paystack), not on our servers, except limited metadata we need to reconcile subscriptions.
  • Support and communications: content of emails, chat, or in-product messages you send us, and feedback you volunteer.

2.2 Information collected automatically

  • Usage and diagnostics: features used, actions in the product, approximate timestamps, crash or error reports, and performance data to keep the Service reliable.
  • Technical data: IP address, device type, browser and operating system, language preference, and identifiers from cookies or similar technologies on our sites and app.

2.3 Information from third parties

We may receive information from payment providers (for example payment success or failure events), authentication partners if we offer social or SSO login, or from you via integrations you enable. We may also receive fraud-prevention signals from service providers.

3. How we use personal information

We use personal information to:

  • Create and maintain your account and Business workspace
  • Provide, operate, secure, and improve the Service (including automation, notifications, and features you configure)
  • Process subscriptions, trials, and payments with our partners
  • Communicate with you about the Service, security, support, and lawful marketing where permitted (you may opt out of marketing as described in communications)
  • Detect, prevent, and address fraud, abuse, and technical issues
  • Comply with legal obligations and enforce our terms
  • Analyse aggregated or de-identified usage to understand product performance and plan improvements

Under POPIA, we rely on appropriate lawful bases such as: performance of a contract with you, our legitimate interests (for example securing and improving the Service, provided these are not overridden by your rights), your consent where required (for example certain cookies or marketing), and legal obligation.

4. Cookies and similar technologies

We use cookies and similar technologies on our marketing site and, where applicable, in the app to keep you signed in, remember preferences, measure basic traffic and campaign effectiveness, and protect against abuse. You can control cookies through your browser settings; blocking some cookies may limit certain features.

5. Sharing and disclosure

We do not sell your personal information. We may share information with:

  • Service providers and processors who host infrastructure, send email or SMS, process payments, provide analytics or security tools, or support customer service, under contracts that require them to protect the data and use it only for our instructions
  • Professional advisers such as lawyers or auditors where necessary
  • Authorities when required by law, court order, or to protect rights, safety, and security
  • Business transfers in connection with a merger, acquisition, or asset sale, subject to appropriate safeguards

Where we use subprocessors outside South Africa, we take steps required by law (such as appropriate safeguards or your consent where needed) to protect the information.

6. Your customers and contacts (processor role)

When you store personal information about your customers, suppliers, or staff in the Service, you are typically the responsible party for that data and determine why and how it is processed. EasyQuo processes that information on your instructions to provide the Service. You must have a lawful basis under POPIA (and other laws) to collect and use that data and to send communications (including automated reminders) through EasyQuo. You are responsible for your own privacy notices and consents.

7. Retention

We retain personal information for as long as your account is active, as needed to provide the Service, and as necessary to comply with legal, tax, and accounting obligations, resolve disputes, and enforce our agreements. When data is no longer required, we delete or de-identify it in line with our retention practices, subject to backup cycles and legal holds.

8. Security

We implement technical and organisational measures appropriate to the risk, including access controls, encryption in transit where standard for the Service, and vendor due diligence. No online service is completely secure; please use a strong password and protect your devices.

9. Your rights under POPIA

Subject to applicable law, you may have the right to request access to, correction of, or deletion of your personal information; to object to or restrict certain processing; to withdraw consent where processing is based on consent; and to lodge a complaint with the South African Information Regulator (www.justice.gov.za/inforeg). To exercise rights relating to data we hold as processor on behalf of your Business, contact your Business administrator first; we will assist where appropriate.

We may need to verify your identity before fulfilling requests. We will respond within timelines required by law where applicable.

10. Children

The Service is not directed at individuals under 18. We do not knowingly collect personal information from children. If you believe we have done so, contact us and we will take steps to delete it.

11. Changes to this Policy

We may update this Privacy Policy from time to time. We will post the revised version on this page and update the "Last updated" date. Material changes may be communicated by email or in-product notice where appropriate.

12. Contact

For privacy questions or requests, contact:

This Policy describes our privacy practices in good faith. Laws and products evolve; consult a qualified professional if you need advice tailored to your organisation.