Privacy Policy

Stokly ("we", "us", "our") is committed to protecting the privacy of our users and customers. This Privacy Policy explains how we collect, use, store, and share personal information in accordance with the Protection of Personal Information Act, 2013 (POPIA) of the Republic of South Africa.

1. Who We Are

Stokly is a multi-tenant Software-as-a-Service (SaaS) platform providing business management, bookkeeping, payroll, and HR tools to South African businesses.

• Business Address: 1383 Cunningham Avenue, Waverley, Pretoria 0186
• Email: info@stokly.net.za
• Phone: (083) 558 2296

2. Information We Collect

We collect the following categories of personal information:

• Account information: name, email address, phone number, company name, role.
• Billing information: subscription plan, billing address, transaction history (payment card details are processed by our payment provider and are not stored on our servers).
• Business data you enter: customers, suppliers, invoices, quotes, products, journal entries, employee records, payroll data, and related documents you upload.
• Employee and payroll data: where you use our Payroll module, we process employee names, ID numbers, bank details, tax information, and salary data on your behalf.
• Technical data: IP address, browser type, device information, pages visited, and usage logs for security and service improvement.
• Cookies: authentication cookies and session cookies required for the service to function. See section 8 for details.

3. How We Use Your Information

We process your personal information for the following purposes:

• To provide, maintain, and improve the Stokly platform and its features.
• To authenticate users and secure your account.
• To process subscription payments and deliver invoices.
• To send service-related notifications (e.g. payslip emails, invoice emails, password resets).
• To comply with South African tax, payroll, and accounting regulations (SARS, UIF, SDL, POPIA).
• To provide customer support.
• To detect, prevent, and respond to fraud or security incidents.

4. Your Role as Data Controller

When you use Stokly to manage your customers, suppliers, and employees, you are the responsible party (data controller) for that information, and Stokly acts as an operator (data processor) on your behalf. You are responsible for having a lawful basis to collect and process that information, and for providing your own privacy notice to your customers and employees.

5. Sharing Your Information

We do not sell your personal information. We share personal information only with:

• Service providers who help us operate Stokly (hosting, email delivery, payment processing) and who are bound by confidentiality obligations.
• Regulatory authorities where required by South African law (e.g. SARS, the Information Regulator).
• Other parties where you have given us explicit consent to do so.

6. Data Storage and Security

Your data is stored in secure data centres and protected using industry-standard measures, including encryption in transit (HTTPS/TLS), access controls, password hashing, and audit logging. We maintain role-based permissions and an audit trail of sensitive actions within your tenant.

While we take reasonable steps to protect your information, no internet-based service can be guaranteed to be 100% secure. You are responsible for keeping your login credentials confidential.

7. Data Retention

We retain your personal information for as long as your account is active, and for such further period as required by South African tax, payroll, and company law (generally 5 years for financial records, 5 years for employment records, and 5 years for cryptocurrency transaction records under the CARF framework).

On account termination, you may request a data export. After the statutory retention period expires, we will delete or anonymise your personal information.

8. Cookies

We use the following categories of cookies:

• Strictly necessary cookies for authentication and session management.
• Functional cookies to remember your preferences (e.g. selected tenant, theme).
• Security cookies (anti-forgery tokens) to protect against CSRF attacks.

We do not use advertising or third-party tracking cookies.

9. Your Rights Under POPIA

You have the right to:

• Be notified that your personal information is being collected.
• Request access to the personal information we hold about you.
• Request correction or deletion of inaccurate information.
• Object to the processing of your personal information.
• Lodge a complaint with the Information Regulator of South Africa: inforegulator.org.za.

To exercise any of these rights, please email us at info@stokly.net.za.

10. Cross-Border Transfers

Where our hosting or service providers process data outside South Africa, we take reasonable steps to ensure that adequate levels of protection (equivalent to POPIA) are in place.

11. Children's Privacy

Stokly is not directed at children under the age of 18. We do not knowingly collect personal information from children.

12. Changes to This Policy

We may update this Privacy Policy from time to time. The "Last updated" date at the top of this page reflects the most recent version. Material changes will be communicated via email or an in-app notice.

13. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us: