Last updated: 2 July 2026
These Terms of Service ("Terms") govern your access to and use of the POPIAdesk platform ("Service"), operated by Artemis Innovations (Pty) Ltd ("we", "us", or "our"), a company registered in the Republic of South Africa.
By creating an account or using the Service, you agree to be bound by these Terms. If you do not agree, you may not use the Service.
POPIAdesk is a self-service SaaS compliance toolkit that helps South African organisations generate POPIA-related compliance documents, manage data subject requests, conduct readiness assessments, and maintain compliance records.
POPIAdesk is NOT a law firm and does not provide legal advice.
Documents generated by POPIAdesk are compliance guidance tools based on the Protection of Personal Information Act (POPIA). They do not constitute legal advice. POPIAdesk recommends consulting a qualified legal professional for advice specific to your organisation's circumstances.
To use the Service, you must create an account and provide accurate, complete information. You are responsible for maintaining the confidentiality of your credentials and for all activities under your account.
You must notify us immediately of any unauthorised use of your account.
New accounts receive a 14-day free trial. The trial includes document generation (up to 5 documents), the POPIA readiness assessment and gap analysis, data subject request management, and team invites (up to 3 users). Supplier management, data mapping, the audit trail, and the website compliance scanner require a paid subscription. No credit card is required to start the trial. After the trial period, you must subscribe to a paid plan to continue generating and editing documents.
After your trial expires, your account enters read-only mode — you may view existing documents but cannot create or edit them.
Subscription fees are billed monthly or annually in South African Rand (ZAR) via PayFast. Current pricing is displayed on our pricing page. We reserve the right to change pricing with 30 days' written notice.
All subscriptions are non-refundable. If you cancel, your subscription remains active until the end of the current billing period.
You may cancel your subscription at any time from your account settings. Upon cancellation:
If a payment is reversed or charged back, your subscription will be cancelled immediately.
You retain full ownership of all data you upload or create using the Service. POPIAdesk acts as an operator (processor) of your data in terms of POPIA.
We will not sell, share, or use your data for any purpose other than providing the Service, except as required by law.
Our obligations as your operator — including processing on your documented instructions, confidentiality, security safeguards, sub-operators, breach notification, and return or destruction of data on termination — are set out in Annexure A (Data Processing Addendum) below.
You agree not to:
We reserve the right to suspend or terminate accounts that violate these terms.
To the maximum extent permitted by South African law, Artemis Innovations (Pty) Ltd's total aggregate liability arising out of or in connection with the Service shall not exceed the total subscription fees paid by you in the 12 months preceding the claim.
We shall not be liable for any indirect, incidental, special, consequential, or punitive damages, including but not limited to loss of profits, data, or business opportunities, however caused.
Disclaimer: Documents generated by POPIAdesk are compliance guidance tools based on the Protection of Personal Information Act (POPIA). They do not constitute legal advice. POPIAdesk recommends consulting a qualified legal professional for advice specific to your organisation's circumstances. Artemis Innovations (Pty) Ltd accepts no liability for losses arising from reliance on generated documents without independent legal review.
The Service, including its software, design, branding, and documentation templates, is the intellectual property of Artemis Innovations (Pty) Ltd. You may not copy, modify, or reverse-engineer any part of the Service.
Documents you generate using the Service are your property. We claim no ownership over your generated content.
Any dispute arising from these Terms shall be resolved as follows:
These Terms are governed by and construed in accordance with the laws of the Republic of South Africa.
We may update these Terms from time to time. We will notify you of material changes by email at least 30 days before they take effect. Continued use of the Service after changes take effect constitutes acceptance of the revised Terms.
For questions about these Terms, contact us at legal@popiadesk.co.za.
This Data Processing Addendum ("DPA") forms part of these Terms and applies where POPIAdesk processes personal information on your behalf as an operator (processor) in terms of sections 20 and 21 of POPIA. For the purposes of this Annexure, you are the responsible party and Artemis Innovations (Pty) Ltd (trading as POPIAdesk) is the operator. "Customer Personal Information" means personal information that you or your data subjects submit to the Service — including data subject request records, document inputs, supplier records, and organisation records.
We process Customer Personal Information only on your documented instructions, which comprise these Terms, your configuration and use of the Service, and any further written instructions you give us — except where processing is required by a law to which we are subject, in which case we will inform you of that requirement before processing unless the law prohibits it. We will not process Customer Personal Information for our own purposes and we will not sell it.
We treat all Customer Personal Information as confidential. Our personnel who are authorised to process Customer Personal Information are bound by written confidentiality obligations and are granted access only on a need-to-know basis for the purpose of providing and supporting the Service.
In terms of sections 19 and 21 of POPIA, we maintain appropriate, reasonable technical and organisational measures to secure the integrity and confidentiality of Customer Personal Information and to prevent its loss, damage, unauthorised destruction, or unlawful access. These measures include encryption in transit and at rest, database tenant isolation, access controls, and audit logging, as described in our Privacy Policy.
You authorise us to engage the following sub-operators to process Customer Personal Information on our behalf, each under a written agreement imposing data-protection obligations no less protective than those in this DPA:
We remain responsible for each sub-operator's compliance with these obligations. We will give you at least 30 days' notice before adding or replacing a sub-operator, during which you may object on reasonable data-protection grounds.
Taking into account the nature of the processing, we will provide you with reasonable assistance to respond to data subject requests and to meet your obligations under POPIA. If we receive a request directly from one of your data subjects, we will refer them to you rather than respond on your behalf, unless you instruct us otherwise.
Where there are reasonable grounds to believe that Customer Personal Information has been accessed or acquired by an unauthorised person, we will notify you without undue delay after becoming aware of it and will provide the information you reasonably require to meet your own notification obligations to the Information Regulator and to affected data subjects under section 22 of POPIA.
On termination or expiry of your subscription you may export Customer Personal Information for the period stated in section 6 above. Thereafter, and in any event within 60 days of termination, we will delete or de-identify Customer Personal Information in our production systems — including generated documents held in storage — except where retention is required by law. Residual copies in routine backups are removed on the ordinary backup-rotation cycle.