Eziflow PO
← Back to sign in

Privacy Policy

Eziflow PO — a product of IDEA. (Pty) Ltd

Eziflow PO is a multi-tenant purchase order and approval workflow platform engineered and operated by IDEA. (Pty) Ltd ("IDEA.", "we", "us", or "our"). This Privacy Policy explains how we collect, use, store, and protect personal information in connection with your use of the Eziflow platform ("Platform"). We are committed to complying with the Protection of Personal Information Act 4 of 2013 (POPIA) and, where applicable, international data protection standards.

1. Information Officer

In accordance with POPIA, IDEA. (Pty) Ltd has designated the following Information Officer responsible for ensuring compliance with this Policy and handling all data-related queries and complaints:

JJ Heymans
Information Officer — IDEA. (Pty) Ltd

2. What Personal Information We Collect

We collect the personal information necessary to operate your Account and the Platform on your behalf. This includes:

We do not collect payment card details, national identification numbers, or other special personal information as defined under POPIA, unless your Account voluntarily enters such information into a purchase order, form, or support communication.

3. How We Use Your Personal Information

Personal information we hold is used exclusively for the following purposes:

We do not use your personal information for marketing without your explicit consent, and we do not sell, rent, or trade your personal information to third parties under any circumstances.

4. Multi-Tenant Data Isolation

Every Account on Eziflow operates in a fully isolated data environment. Personal information and business data entered by your Account — suppliers, purchase orders, users, comments, uploaded files — is never visible to, or mixed with, any other Account. Access by IDEA. staff for support purposes (including superadmin impersonation) requires your Account's explicit opt-in while active, and is logged.

5. Uploaded Content

The Platform allows users to attach quotes, supporting documents, and other files to purchase orders ("Uploaded Content").

6. Data Storage and Security

Your personal information and Uploaded Content are stored on secured servers. We implement appropriate technical and organisational measures to protect against unauthorised access, disclosure, alteration, or destruction of personal information, including:

No method of electronic storage or transmission over the internet is completely secure. While we use commercially acceptable means to protect your personal information, we cannot guarantee absolute security. In the event of a security compromise affecting your personal information, we will notify you in accordance with our obligations under POPIA.

7. Data Retention

We retain your Account's personal information for as long as the Account remains active. If an Account is suspended or closed, it enters a retention window (currently a three-month countdown) before permanent deletion, during which an Owner or Co-Owner may reactivate the Account. After that window, all Account data — including personal information, purchase orders, and Uploaded Content — is permanently and irreversibly deleted, except where we are required by law to retain specific records for longer.

Generated purchase order PDFs are rendered on demand and are not stored beyond what is needed to serve the request.

8. Disclosure of Personal Information

We do not share your personal information with third parties except in the following limited circumstances:

9. Your Rights Under POPIA

As a data subject under POPIA, you have the following rights in respect of your personal information held by us:

To exercise any of these rights, please contact our Information Officer, JJ Heymans.

10. Cookies and Session Data

The Platform uses server-side session cookies solely to maintain your authenticated login session and a CSRF token to protect against unauthorised requests. These cookies:

We do not use third-party analytics, advertising cookies, or tracking pixels.

11. International Clients

Eziflow may serve Accounts both within South Africa and internationally. Where you access the Platform from outside South Africa, you acknowledge that your personal information is processed and stored in South Africa, and that such processing is subject to South African law, including POPIA. If your jurisdiction imposes specific transfer mechanisms or consent requirements (for example, under the GDPR), please contact our Information Officer to discuss appropriate arrangements.

12. Changes to This Policy

We may update this Privacy Policy from time to time. Where changes are material, we will notify registered users by email or by a prominent notice on the Platform. Continued use of the Platform after any changes constitutes acceptance of the revised Policy.

13. Contact Us

For all privacy-related queries, requests, or complaints, please contact our Information Officer:

JJ Heymans — Information Officer
IDEA. (Pty) Ltd | Eziflow PO Platform

Note: This Privacy Policy is provided for general informational purposes and does not constitute legal advice. IDEA. (Pty) Ltd recommends that organisations with specific compliance obligations consult a qualified attorney familiar with South African and applicable international data protection law.