AutoFile AutoFile
Home About Pricing Sign in Sign up

Privacy Policy

Terms of Service | Privacy Policy

Last updated: 1 March 2025

This Privacy Policy describes how AutoFile Technology (Pty) Ltd ("AutoFile", "we", "us", or "our") collects, uses, and protects your personal information when you use the AutoFile platform, website, and mobile application (the "Service").

We are committed to protecting your privacy in accordance with the Protection of Personal Information Act 4 of 2013 (POPIA) of South Africa and other applicable data protection laws.

1. Information We Collect

1.1 Account Information

When you register for an Account, we collect:

  • Full name
  • Email address
  • Phone number (optional)
  • Organisation name and details
  • Billing information (processed securely by Stripe; we do not store full card details)

1.2 Documents and Content

When you use the Service, you may upload documents, images, and other files. We store this Content on your behalf using Amazon Web Services (AWS) S3 cloud storage. We only access your Content as necessary to provide the Service.

1.3 AI Processing Data

When you use AI-assisted features (document classification, data extraction, slip scanning), the text content of your documents may be sent to third-party AI service providers for analysis. This data is used solely to generate results for you and is not retained by AI providers beyond the processing request.

1.4 Usage Data

We automatically collect technical information when you use the Service, including:

  • IP address
  • Browser type and version
  • Device type, operating system, and unique device identifiers
  • Pages visited, features used, and time spent on the Service
  • Referring website or source

1.5 Communication Data

If you interact with the Service via email ingestion, we process the content of those communications to file documents on your behalf.

2. How We Use Your Information

We use your personal information to:

  • Provide the Service — store and organise your documents, process uploads, and deliver AI-assisted features;
  • Manage your Account — authenticate access, manage subscriptions, and process payments;
  • Communicate with you — send service notifications, reminders, and security alerts;
  • Improve the Service — analyse usage patterns and troubleshoot technical issues;
  • Comply with legal obligations — meet regulatory and legal requirements.

We will not use your personal information for marketing purposes without your explicit consent.

3. Legal Basis for Processing

Under POPIA and applicable data protection laws, we process your personal information on the following grounds:

  • Contract — processing necessary to provide the Service you have subscribed to;
  • Consent — where you have given explicit consent, such as for optional features or communications;
  • Legitimate interest — for service improvement, security, and fraud prevention;
  • Legal obligation — to comply with applicable laws and regulations.

4. Data Sharing and Third Parties

We share your information only in the following circumstances:

  • Cloud infrastructure — Amazon Web Services (AWS) for document storage and hosting;
  • Payment processing — Stripe for subscription billing (see Stripe's Privacy Policy);
  • AI service providers — for document classification and data extraction features;
  • Push notification services — for delivering reminders and alerts;
  • Legal requirements — when required by law, court order, or to protect our rights.

We do not sell your personal information to third parties.

5. International Data Transfers

Your data may be transferred to and stored on servers located outside of South Africa, including in regions where AWS operates. When we transfer data internationally, we ensure that adequate safeguards are in place as required by POPIA and other applicable laws.

By using the Service, you consent to the transfer of your information to countries outside your country of residence, which may have different data protection laws.

6. Data Retention

We retain your personal information and Content for as long as your Account is active or as needed to provide the Service. Upon Account termination:

  • Your Content will be retained for 30 days before permanent deletion;
  • Account information may be retained as required by law or for legitimate business purposes;
  • Usage data is retained in anonymised form for analytics purposes.

You may request deletion of your personal information at any time by contacting us.

7. Data Security

We implement industry-standard security measures to protect your data, including:

  • Encryption in transit (TLS/SSL) and at rest (AWS S3 encryption);
  • Secure authentication and access controls;
  • Tenant-level data isolation in our multi-tenant architecture;
  • Regular security reviews and monitoring.

While we take all reasonable steps to protect your information, no system is completely secure. We cannot guarantee absolute security of your data.

8. Your Rights

Under POPIA and other applicable data protection laws, you have the right to:

  • Access — request a copy of the personal information we hold about you;
  • Correction — request that we correct inaccurate or incomplete information;
  • Deletion — request that we delete your personal information, subject to legal obligations;
  • Objection — object to the processing of your personal information in certain circumstances;
  • Data portability — request your data in a structured, commonly used format;
  • Withdraw consent — withdraw previously given consent at any time.

To exercise any of these rights, contact us at support@autofile.tech. We will respond to your request within 30 days.

If you are located in the European Union, you may also have rights under the General Data Protection Regulation (GDPR). If you are located in other jurisdictions, your local data protection laws may grant you additional rights.

9. Cookies and Tracking

The Service uses cookies and similar technologies to maintain your session, remember your preferences, and analyse usage. By using the Service, you consent to the use of cookies as described here.

You can manage cookie preferences through your browser settings. Disabling cookies may affect the functionality of the Service.

10. Children's Privacy

The Service is not intended for use by anyone under the age of 18. We do not knowingly collect personal information from children. If you become aware that a child has provided us with personal information, please contact us and we will take steps to remove that information.

11. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you by email or by posting a prominent notice within the Service at least 30 days before the changes take effect.

The "Last updated" date at the top of this page indicates when this policy was last revised. Your continued use of the Service after changes take effect constitutes acceptance of the revised policy.

12. Information Officer

In accordance with POPIA, our designated Information Officer can be contacted at:

If you are not satisfied with our response to a privacy concern, you have the right to lodge a complaint with the Information Regulator of South Africa at inforegulator.org.za.