Last updated: 2026 · Compliant with the Protection of Personal Information Act, 4 of 2013 (POPIA) and, where applicable, the GDPR.
This Privacy Notice applies to services provided by Stoq ("Stoq", "we", "us"). For the purposes of POPIA, Stoq is the Responsible Party for personal information processed in connection with the Stoq platform. Where the GDPR applies, Stoq acts as the data controller.
Our Information Officer can be contacted through the in-app support channel or via your account settings. Where you ask us to handle personal information of your own customers (for example invoice recipients), you remain the Responsible Party for that information and Stoq acts as an Operator on your behalf.
We process personal information in line with the eight conditions set out in POPIA: accountability, processing limitation, purpose specification, further processing limitation, information quality, openness, security safeguards, and data subject participation. The sections below explain how we meet each condition in practice.
Payment card details are collected directly by our payment provider, Paddle, and are not stored by Stoq. We do not knowingly collect personal information from children under 18 without consent of a competent person, and we do not process special personal information (e.g. health, religious or biometric data) unless you choose to upload it and authorise us to process it.
We collect personal information for specific, explicitly defined purposes, including:
We will not process your personal information for a purpose that is incompatible with the original purpose unless we have your consent or are permitted by law.
We require all Operators to apply appropriate security safeguards and to process personal information only for the purposes we authorise.
Some of our service providers are located outside South Africa. Where we transfer personal information outside the Republic, we rely on one of the grounds permitted by section 72 of POPIA, namely: the recipient is subject to a law or binding agreement that provides an adequate level of protection; you have consented to the transfer; the transfer is necessary for the performance of a contract with you or in your interest; or the transfer is for your benefit and it is not reasonably practicable to obtain your consent. Where the GDPR applies we additionally rely on Standard Contractual Clauses or adequacy decisions.
We keep personal information only for as long as your account is active and for as long as needed to provide the service, comply with legal, tax and accounting obligations, resolve disputes and enforce our agreements. When information is no longer needed we delete or de-identify it. Records that we are required by law to retain (for example financial records) are kept for the prescribed period.
Subject to applicable law, you have the right to:
You can exercise most of these rights from your account settings or by contacting us via the in-app support channel. We aim to respond within a reasonable period and, where the GDPR applies, within one month. Formal POPIA access or correction requests may be submitted using Form 2 or Form 3 prescribed under the regulations.
We apply appropriate, reasonable technical and organisational measures to protect personal information against loss, damage, unlawful access and unauthorised destruction. These include encryption in transit, access controls, least-privilege role design, audit logging and regular reviews. If a security compromise affects your personal information we will notify you and the Information Regulator as required by section 22 of POPIA.
We use essential cookies required for authentication and to remember your preferences. We may also use analytics cookies to understand product usage. You can manage cookie preferences through your browser settings.
If you believe we have not handled your personal information in accordance with POPIA, you have the right to lodge a complaint with the Information Regulator (South Africa):
We would, however, appreciate the opportunity to address your concerns directly before you do so.
We may update this Privacy Notice from time to time. Material changes will be communicated through the service or by email. Continued use of Stoq after changes take effect constitutes acceptance of the updated notice.
For privacy questions, to exercise your rights, or to contact our Information Officer, please use the in-app support channel or your account settings.