Privacy Notice

Last updated: 28 May 2026

This Privacy Notice explains how Tax Room (Pty) Ltd ("we", "us", "Tax Room") collects and uses personal data when you use the Bank Statement Extractor SA service ("the Service"). Tax Room is the data controller of your personal data.

1. Personal data we collect

• Account data: email address, password hash, display name.
• Usage data: number of transactions processed per month, plan and subscription state, feature interaction logs.
• Technical data: IP address, browser type, device identifiers, error logs.
• Support communications: messages you send us.

Bank statement PDFs you upload are parsed primarily in your browser; we do not retain the source PDFs on our servers unless you explicitly save a job, in which case the extracted (structured) data is stored under your account.

2. Purposes and legal bases

• Providing the Service — performance of our contract with you.
• Account management, authentication and security — legitimate interest and legal obligation.
• Fraud prevention and abuse monitoring — legitimate interest.
• Product improvement and analytics — legitimate interest.
• Customer support — performance of our contract.
• Marketing communications — only with consent, which you may withdraw at any time.

3. Sharing your data

We share personal data with:

• Service providers / subprocessors we rely on to operate the Service (hosting, database, analytics, error monitoring, email delivery).
• Paddle.com, our Merchant of Record, for sale of the product, subscription management, payments, tax compliance and invoicing.
• Professional advisers (legal, accounting) where reasonably required.
• Authorities where required by law.

4. Data retention

We keep personal data for as long as your account exists and for a reasonable period afterwards to comply with legal, tax and accounting obligations. Saved jobs you delete are removed promptly.

5. Your rights

Subject to applicable law (including POPIA in South Africa and the GDPR for users in the EU/UK), you may have the right to access, correct, delete, restrict or object to processing of your personal data, to data portability, and to withdraw consent. You may also lodge a complaint with your supervisory authority (in South Africa, the Information Regulator). We will respond to requests within the period required by law.

6. International transfers

Your data may be processed outside the country in which you reside, including in the EEA, United Kingdom and United States, by our service providers. Where required, we put appropriate safeguards in place (such as Standard Contractual Clauses).

7. Security

We implement appropriate technical and organisational measures including encryption in transit, access controls, and secure credential storage.

8. Cookies

The Service uses essential cookies and local storage for authentication and user preferences. We do not currently use third-party marketing cookies.

9. Contact

For privacy questions or to exercise your rights, please contact us through the support channel inside the app.