Privacy Policy

1. Purpose of this policy

This Privacy Policy explains how MilaPay collects, uses, stores, shares and protects personal information when business users visit our website, create accounts, use the app, record customer information or communicate with us.

2. Information we collect

We may collect account information, business information, login and security information, customer records added by users, transaction and payment status information, reminders, customer notes, message templates, support communications, usage information and device/browser information.

3. Customer information added by business users

Business users may add customer names, phone numbers, birthdays, appointment details, payment records, payment references, customer notes and follow-up information. The business user is responsible for making sure they have the required permission or lawful basis to add and use this customer information.

4. How we use information

We use information to provide MilaPay, create and secure accounts, record transactions, generate reminders, enable WhatsApp message links, support customer records, provide payment link features, provide support, improve the product, prevent abuse, comply with legal duties and communicate with users.

5. Legal basis

We process personal information where necessary to perform our agreement with users, comply with legal obligations, protect legitimate interests, obtain consent where required, and support business users acting as responsible parties for their own customer data.

6. Sharing information

We may share information with trusted service providers such as hosting providers, email/SMS/WhatsApp service providers, payment providers, analytics providers, backup providers, support tools, professional advisers and authorities where required by law.

7. Cross-border processing

Some of the service providers we use process or store information outside South Africa. In particular, our application and database are hosted in the European Union (Germany), which is subject to the General Data Protection Regulation (GDPR) — a data-protection framework that provides protection substantially similar to South Africa's Protection of Personal Information Act (POPIA).

Where information is processed outside South Africa, we rely on this comparable legal protection and on appropriate contractual, technical and organisational safeguards with our providers, in line with the conditions for trans-border information flows under POPIA. We use reputable providers for hosting, email, SMS, WhatsApp, payments, backups and support.

8. Retention

We keep personal information for as long as needed to provide the service, comply with law, resolve disputes, prevent fraud, maintain business records and support account recovery. Users may request export or deletion of data, subject to legal and operational limits.

9. Security

We use reasonable technical and organisational safeguards, including HTTPS, access controls, authentication, backups, restricted admin access and security monitoring. No online service can guarantee absolute security.

10. Your rights

You may request access, correction, deletion, restriction or objection to processing of personal information where allowed by law. Customers of business users should usually contact the business directly first because the business controls how that customer information is used.

11. Information Officer

Information Officer: Melisa Ndlovu
Email: melisan@milapay.co.za

12. Complaints

You may contact us first at support@milapay.co.za. You may also contact the Information Regulator in South Africa if you believe your personal information rights have been infringed.