JobSortedSA
Free Trial

Legal

POPIA Compliance

Our commitment to the Protection of Personal Information Act 4 of 2013 ("POPIA").

Our Commitment

TG MARQETING (Pty) Ltd is committed to complying with the Protection of Personal Information Act 4 of 2013 (POPIA). We take the privacy of our users and their clients seriously and have implemented appropriate safeguards to protect personal information processed through the JobSorted SA platform.

Information Officer

Our designated Information Officer is responsible for POPIA compliance.

Email: privacy@jobsortedsa.co.za

Personal Information We Process

As a Responsible Party, we process the following categories of personal information:

Contact information

Name, email address, phone number

Business information

Business name, VAT number, physical address

Financial information

Invoice amounts, payment status (not card details)

Usage data

Login times, features used, error logs

Purpose of Processing

We process personal information only for the following legitimate purposes:

  • Providing the JobSorted SA platform and its features.
  • Managing your account and subscription.
  • Sending transactional communications (quote delivery, invoice sending, team invitations).
  • Processing payments via PayFast.
  • Improving the platform and diagnosing technical issues.
  • Complying with legal obligations (including SARS).

Lawful Basis for Processing

We process personal information based on:

  • Contract performance: processing necessary to provide the service you subscribed to.
  • Legal obligation: compliance with South African law.
  • Legitimate interest: product improvement and security monitoring.
  • Consent: where you have explicitly opted in to specific communications.

Your Client's Data — You Are Also a Responsible Party

Important notice for JobSorted SA subscribers:

When you use JobSorted SA to store your clients' personal information (names, contact details, etc.), you also become a Responsible Party under POPIA. You are responsible for:

  • Ensuring you have a lawful basis to collect and store your clients' information.
  • Informing your clients how their information is used.
  • Responding to your clients' requests to access, correct, or delete their information.
  • Notifying clients of any data breaches that may affect them.

Data Security Measures

  • All data encrypted at rest (AES-256) and in transit (TLS 1.3).
  • Row-Level Security (RLS) policies enforce strict tenant data isolation.
  • Authentication via Supabase Auth with secure session management.
  • Service-role API keys used only server-side; never exposed to the client.
  • Regular security reviews of third-party dependencies.

Data Retention & Deletion

Personal data is retained for the duration of your active account. On account deletion or 90 days after subscription cancellation:

  • All personal information is permanently deleted from our systems.
  • Deletion requests are processed within 30 days.
  • Anonymised aggregate statistics may be retained for internal analytics.

Data Breach Notification

In the event of a data breach that poses a risk to data subjects, we will:

  • Notify the Information Regulator as soon as reasonably possible.
  • Notify affected data subjects without undue delay.
  • Provide details of the breach, steps taken, and recommended actions.

Contact the Information Regulator

If you believe we have processed your personal information unlawfully, you may lodge a complaint with the Information Regulator of South Africa:

Website: inforegulator.org.za
Email: inforeg@justice.gov.za