Last updated 29 May 2026
Invo (Pty) Ltd (“Invo”, “we”, “us”) operates the website at getinvo.co.za and the Invo SaaS platform. This policy explains what personal information we collect, why we collect it, how we use and protect it, and what rights you have under the Protection of Personal Information Act, 2013 (POPIA).
By creating an account or using our services you agree to the practices described here. If you do not agree, please do not use Invo.
Invo (Pty) Ltd is the Responsible Party as defined in POPIA. We determine the purpose and means of processing your personal information.
We collect information in the following categories:
| Account data | Name, email address, password (hashed), business name, VAT number, banking details, logo |
| Client data | Names, email addresses, phone numbers, WhatsApp numbers, physical addresses and VAT numbers of your clients — entered by you |
| Transaction data | Invoices, quotes, expenses, job cards, purchase orders and line items you create |
| Payment data | Payment amounts and references processed via Paystack or PayFast. We do not store full card numbers. |
| Usage data | Pages visited, features used, session duration, browser and device type — collected via PostHog analytics |
| Communications | Messages you send us via email or support channels |
| Uploaded documents | Files you store in the Invo Vault (encrypted at rest) |
We do not collect sensitive personal information (as defined in POPIA section 1) unless you voluntarily provide it.
We process your personal information for the following purposes and on the following grounds:
| PURPOSE | DESCRIPTION | LAWFUL GROUND |
|---|---|---|
| Providing the service | Creating and managing your account, generating invoices and quotes, processing payments | Performance of contract |
| Billing | Calculating and collecting subscription fees via Paystack or PayFast | Performance of contract |
| Product improvement | Analysing usage patterns to improve features and fix bugs | Legitimate interest |
| Communication | Sending transactional emails (invoice sent, payment received, password reset) | Performance of contract |
| Marketing | Sending product update emails — you can unsubscribe at any time | Consent |
| Legal compliance | Retaining records as required by South African law | Legal obligation |
| Security | Detecting and preventing fraud and abuse | Legitimate interest |
Your data is stored in Supabase's managed PostgreSQL database hosted in the EU (Stockholm, Sweden). Your web application is served from Vercel's South African edge where possible.
We implement the following security measures:
No security measure is 100% foolproof. If you suspect unauthorised access to your account, contact us immediately at joshtrow@getinvo.co.za.
| DATA TYPE | RETENTION PERIOD |
|---|---|
| Active account and business data | Duration of your subscription |
| Invoice and financial records | 7 years (SARS record-keeping requirement) |
| Usage and analytics data | 24 months |
| Support communications | 3 years |
| Vault documents | Until you delete them or close your account |
After the retention period expires, data is securely deleted or anonymised. You may request earlier deletion subject to our legal obligations — see section 7.
Free trial accounts: If your free trial ends and you do not upgrade, your account and all associated data (invoices, clients, documents, etc.) will be retained for 120 days to allow you to return and upgrade. After 120 days of inactivity we will send a final notice and then permanently delete the account and all data. You will receive email reminders at 14 days and 90 days after your trial ends. To avoid deletion, upgrade to a paid plan at any time before day 120.
As a data subject you have the right to:
To exercise any of the first five rights, email us at joshtrow@getinvo.co.za. We will respond within 30 days.
Invo is a business tool intended for adults. We do not knowingly collect personal information from anyone under the age of 18. If you believe a minor has created an account, contact us and we will delete it.
We may update this policy from time to time. When we do, we will update the “Last updated” date at the top and, for material changes, notify you by email or via a banner in the dashboard. Continued use of Invo after the effective date constitutes acceptance of the updated policy.
For any privacy-related questions, requests or complaints:
We aim to respond to all requests within 30 days.