Privacy Policy
Version 1.0 — 30 March 2026 | Effective immediately
1. Who We Are
Billdog is an AI-powered municipal billing dispute platform based in Cape Town, Western Cape, South Africa. We help South African property owners identify billing errors and dispute them with their municipality.
Responsible Party: Billdog (Pty Ltd registration pending)
Address: Cape Town, Western Cape, South Africa
Information Officer: Jason Thwaits — privacy@billdog.co.za
Billdog is in the process of registering its Information Officer with the Information Regulator.
2. What Information We Collect
| Data | Purpose | Required? |
|---|---|---|
| Full name | Dispute letter signature | Yes |
| Email address | Account management & notifications | Yes |
| Phone number | Optional support contact | No |
| Property address | Dispute letter content | Yes |
| Municipal account number | Identifying your account with the municipality | Yes |
| Bill documents (PDF/photo) | AI-powered analysis for billing errors | Yes |
| Payment card token | Success fee processing (via PayFast) | Yes |
| IP address | Security and fraud prevention | Automatic |
We do notcollect any special personal information as defined by POPIA — no religious beliefs, race, health information, biometric data, or criminal records.
3. How We Use Your Information
- Analyse your municipal bill for errors using AI (Anthropic Claude)
- Generate a legally compliant dispute letter citing relevant legislation
- Send the dispute letter to your municipality via email
- Track the progress of your dispute case
- Process success fees when funds are recovered
- Send you notifications about your case progress
- Protect the security and integrity of our platform
We will never sell your data, use it for profiling, or share it with third parties for marketing purposes.
4. Who We Share Your Data With
We share your data only with the following service providers, and only for the purposes described:
| Provider | Data Shared | Purpose |
|---|---|---|
| Anthropic (Claude AI) | Bill text, account number, municipality | Bill analysis & letter generation |
| Supabase | All user data & files | Database & file storage |
| Resend | Email address, user name | Email delivery |
| PayFast | Payment card token, amounts | Payment processing |
| Voyage AI | Anonymised bill text chunks | Legislation search |
| Railway | Application hosting | Infrastructure |
| Cloudflare | DNS queries, IP addresses | DNS & security |
5. How We Protect Your Information
- All data transmitted over HTTPS (TLS encryption)
- Database access protected by Row Level Security — you can only see your own data
- Bill files stored in private buckets — never publicly accessible
- Temporary signed URLs for file access (expire after 1 hour)
- Payment card numbers are never stored — PayFast handles tokenisation
- API keys and secrets never exposed to web browsers
- Authentication via Supabase with secure, HttpOnly cookies
6. How Long We Keep Your Information
| Data | Retention |
|---|---|
| Active cases | While your account is active |
| Resolved cases | 5 years after resolution |
| Bill documents | Deleted after case closes |
| Profile data | Deleted on account deletion |
| Payment tokens | Deleted on account deletion |
| Transaction records | 7 years (SARS tax requirement, PII stripped) |
| Security logs | 12 months (rolling) |
7. Your Rights Under POPIA
Under the Protection of Personal Information Act, you have the right to:
- Access — request a copy of all personal data we hold about you
- Correction — update or correct your personal information at any time
- Deletion — request that we permanently delete all your personal data
- Objection — object to processing of your data for marketing purposes
- Data portability — receive your data in a machine-readable format (JSON)
To exercise any of these rights, visit your account Settings page or email us at privacy@billdog.co.za.
8. Data Breach Notification
In the event of a data breach that compromises your personal information, we will:
- Notify the Information Regulator within 72 hours of becoming aware of the breach
- Notify affected users as soon as reasonably possible via email
- Provide details of: what happened, what data was affected, and what steps to take
- Document the breach and take immediate steps to prevent recurrence
9. Cookies
Billdog uses essential cookies only for authentication and session management. We do not use any tracking, analytics, or advertising cookies.
Essential cookies are necessary for the platform to function and do not require separate consent under POPIA.
10. Complaints
If you believe we have violated your privacy rights, you may lodge a complaint with the Information Regulator:
Information Regulator (South Africa)
Website: inforegulator.org.za
Email: inforeg@justice.gov.za
Telephone: 010 023 5200
Address: JD House, 27 Stiemens Street, Braamfontein, Johannesburg
11. Changes to This Policy
We may update this privacy policy from time to time. For material changes, we will notify you via email before the changes take effect. The updated version will always be available at this page with a new version number and date.
11a. Consents We Require From You
When you create a Billdog account we ask for two distinct, separately-recorded consents:
- POPIA consent (data processing).Authorises us to process your personal information — ID, municipal account details, bill documents — to identify and dispute billing errors. Data may be shared only with the processors listed in section 4 above (Anthropic, Supabase, Resend, PayFast, Voyage AI, Railway, Cloudflare).
- Mandate consent (authority to act). Authorises Billdog (Pty) Ltd to act as your representative in correspondence with your municipality regarding billing disputes on your account. Required by SA municipalities before they will review a third-party-lodged dispute.
Both consents are recorded with a timestamp and version number on your profile and are never edited in place — if we change the wording, you will be re-prompted to accept the new version.
Revoking your mandate. You can revoke at any time via your account settings or by emailing support@billdog.co.za. Revocation halts all active disputes and you will receive an email confirmation. You may re-grant the mandate at any time from settings.
ID number storage. Your SA ID is captured only when needed to lodge a dispute (per the POPIA minimality principle) and is encrypted at rest in Supabase Vault. It is automatically deleted 30 days after your case resolves.
12. Contact Us
For any privacy-related questions or requests, contact our Information Officer:
Jason Thwaits
privacy@billdog.co.za
Privacy Policy v1.0 — 30 March 2026