Terms of Service

Last updated: 2 July 2026

1. Introduction

These Terms of Service ("Terms") govern your access to and use of the POPIAdesk platform ("Service"), operated by Artemis Innovations (Pty) Ltd ("we", "us", or "our"), a company registered in the Republic of South Africa.

By creating an account or using the Service, you agree to be bound by these Terms. If you do not agree, you may not use the Service.

2. Service Description

POPIAdesk is a self-service SaaS compliance toolkit that helps South African organisations generate POPIA-related compliance documents, manage data subject requests, conduct readiness assessments, and maintain compliance records.

POPIAdesk is NOT a law firm and does not provide legal advice.

Documents generated by POPIAdesk are compliance guidance tools based on the Protection of Personal Information Act (POPIA). They do not constitute legal advice. POPIAdesk recommends consulting a qualified legal professional for advice specific to your organisation's circumstances.

3. Account Registration

To use the Service, you must create an account and provide accurate, complete information. You are responsible for maintaining the confidentiality of your credentials and for all activities under your account.

You must notify us immediately of any unauthorised use of your account.

4. Free Trial

New accounts receive a 14-day free trial. The trial includes document generation (up to 5 documents), the POPIA readiness assessment and gap analysis, data subject request management, and team invites (up to 3 users). Supplier management, data mapping, the audit trail, and the website compliance scanner require a paid subscription. No credit card is required to start the trial. After the trial period, you must subscribe to a paid plan to continue generating and editing documents.

After your trial expires, your account enters read-only mode — you may view existing documents but cannot create or edit them.

5. Pricing & Payment

Subscription fees are billed monthly or annually in South African Rand (ZAR) via PayFast. Current pricing is displayed on our pricing page. We reserve the right to change pricing with 30 days' written notice.

All subscriptions are non-refundable. If you cancel, your subscription remains active until the end of the current billing period.

6. Cancellation & Refund Policy

You may cancel your subscription at any time from your account settings. Upon cancellation:

  • Your subscription remains active until the end of the current billing period.
  • No prorated refunds are issued for unused time.
  • You have 30 days after cancellation to export your data (documents, assessments, DSR records, data maps, supplier records, and audit logs).
  • After 60 days, all organisation data is permanently deleted.

If a payment is reversed or charged back, your subscription will be cancelled immediately.

7. Data Ownership

You retain full ownership of all data you upload or create using the Service. POPIAdesk acts as an operator (processor) of your data in terms of POPIA.

We will not sell, share, or use your data for any purpose other than providing the Service, except as required by law.

Our obligations as your operator — including processing on your documented instructions, confidentiality, security safeguards, sub-operators, breach notification, and return or destruction of data on termination — are set out in Annexure A (Data Processing Addendum) below.

8. Acceptable Use

You agree not to:

  • Use the Service for any illegal purpose or in violation of any applicable law.
  • Upload or transmit malicious content, viruses, or harmful code.
  • Resell, redistribute, or sublicense the Service without our written consent.
  • Use automated tools, bots, or scrapers to access the Service without authorisation.
  • Attempt to gain unauthorised access to any part of the Service or its infrastructure.

We reserve the right to suspend or terminate accounts that violate these terms.

9. Liability Limitation

To the maximum extent permitted by South African law, Artemis Innovations (Pty) Ltd's total aggregate liability arising out of or in connection with the Service shall not exceed the total subscription fees paid by you in the 12 months preceding the claim.

We shall not be liable for any indirect, incidental, special, consequential, or punitive damages, including but not limited to loss of profits, data, or business opportunities, however caused.

10. Disclaimer

Disclaimer: Documents generated by POPIAdesk are compliance guidance tools based on the Protection of Personal Information Act (POPIA). They do not constitute legal advice. POPIAdesk recommends consulting a qualified legal professional for advice specific to your organisation's circumstances. Artemis Innovations (Pty) Ltd accepts no liability for losses arising from reliance on generated documents without independent legal review.

11. Intellectual Property

The Service, including its software, design, branding, and documentation templates, is the intellectual property of Artemis Innovations (Pty) Ltd. You may not copy, modify, or reverse-engineer any part of the Service.

Documents you generate using the Service are your property. We claim no ownership over your generated content.

12. Dispute Resolution

Any dispute arising from these Terms shall be resolved as follows:

  1. Mediation: The parties shall first attempt to resolve the dispute through mediation.
  2. Court: If mediation fails, the dispute shall be submitted to the Magistrate's Court, Pretoria, which shall have exclusive jurisdiction.

13. Governing Law

These Terms are governed by and construed in accordance with the laws of the Republic of South Africa.

14. Changes to Terms

We may update these Terms from time to time. We will notify you of material changes by email at least 30 days before they take effect. Continued use of the Service after changes take effect constitutes acceptance of the revised Terms.

15. Contact

For questions about these Terms, contact us at legal@popiadesk.co.za.

Annexure A — Data Processing Addendum (Operator Terms)

This Data Processing Addendum ("DPA") forms part of these Terms and applies where POPIAdesk processes personal information on your behalf as an operator (processor) in terms of sections 20 and 21 of POPIA. For the purposes of this Annexure, you are the responsible party and Artemis Innovations (Pty) Ltd (trading as POPIAdesk) is the operator. "Customer Personal Information" means personal information that you or your data subjects submit to the Service — including data subject request records, document inputs, supplier records, and organisation records.

A.1 Processing on documented instructions

We process Customer Personal Information only on your documented instructions, which comprise these Terms, your configuration and use of the Service, and any further written instructions you give us — except where processing is required by a law to which we are subject, in which case we will inform you of that requirement before processing unless the law prohibits it. We will not process Customer Personal Information for our own purposes and we will not sell it.

A.2 Confidentiality of personnel

We treat all Customer Personal Information as confidential. Our personnel who are authorised to process Customer Personal Information are bound by written confidentiality obligations and are granted access only on a need-to-know basis for the purpose of providing and supporting the Service.

A.3 Security safeguards (POPIA section 19)

In terms of sections 19 and 21 of POPIA, we maintain appropriate, reasonable technical and organisational measures to secure the integrity and confidentiality of Customer Personal Information and to prevent its loss, damage, unauthorised destruction, or unlawful access. These measures include encryption in transit and at rest, database tenant isolation, access controls, and audit logging, as described in our Privacy Policy.

A.4 Sub-operators

You authorise us to engage the following sub-operators to process Customer Personal Information on our behalf, each under a written agreement imposing data-protection obligations no less protective than those in this DPA:

  • Resend — transactional and notification email delivery.
  • Backblaze B2 — encrypted storage of generated documents.
  • PayFast (Pty) Ltd — subscription payment processing.
  • Sentry — application error monitoring.

We remain responsible for each sub-operator's compliance with these obligations. We will give you at least 30 days' notice before adding or replacing a sub-operator, during which you may object on reasonable data-protection grounds.

A.5 Assistance with data subject requests

Taking into account the nature of the processing, we will provide you with reasonable assistance to respond to data subject requests and to meet your obligations under POPIA. If we receive a request directly from one of your data subjects, we will refer them to you rather than respond on your behalf, unless you instruct us otherwise.

A.6 Breach notification to you

Where there are reasonable grounds to believe that Customer Personal Information has been accessed or acquired by an unauthorised person, we will notify you without undue delay after becoming aware of it and will provide the information you reasonably require to meet your own notification obligations to the Information Regulator and to affected data subjects under section 22 of POPIA.

A.7 Return and destruction on termination

On termination or expiry of your subscription you may export Customer Personal Information for the period stated in section 6 above. Thereafter, and in any event within 60 days of termination, we will delete or de-identify Customer Personal Information in our production systems — including generated documents held in storage — except where retention is required by law. Residual copies in routine backups are removed on the ordinary backup-rotation cycle.