Privacy Policy

Effective Date: 9 March 2026 Last Updated: 9 March 2026

1. Who We Are

Bill is an AI-assisted legal billing platform developed by ASDF Consulting (Pty) Ltd (registration number: 2023/566704/07), a South African private company with its principal place of business at 2 Blaauwklip Office Park, Webersvallei Road, Stellenbosch, Western Cape, South Africa ("we", "us", "our").

For the purposes of the Protection of Personal Information Act 4 of 2013 ("POPIA"), we are the responsible party in respect of personal information processed through Bill.

Information Officer: Ricky Klopper — ricky@asdf.africa — +27 69 0411 717

2. What We Collect and Why

We collect and process personal information only to the extent necessary to provide the Bill service. This includes:

Account information: Name, email address, firm details, and subscription details — to create and manage your account.
Email and message content: When you connect your email or messaging accounts, we access message content and metadata to detect which legal matters communications relate to and to generate billing entries. You remain in control of which accounts are connected.
Client and matter data: Names, contact details, matter descriptions, and billing records that you enter into Bill — to provide time tracking and invoicing.
AI-generated entries: Billing descriptions and matter assignments suggested by our AI — for review and approval by you before they are used.
Usage data: Login activity, features accessed, and technical metadata (IP address, browser type) — for security and service improvement.

Supply of personal information is voluntary; however, certain features cannot be provided without the necessary information (for example, matter detection requires access to communications).

3. Lawful Basis for Processing

We process personal information on the following grounds under POPIA:

Contractual necessity: To perform the services you have subscribed to.
Consent: For specific activities where you have given explicit consent, including connecting third-party accounts and cross-border data transfers for AI processing.
Legal obligation: To comply with South African tax, accounting, and regulatory requirements.
Legitimate interest: For fraud prevention, security monitoring, and service improvement, where your interests do not override ours.

4. AI Processing

Bill uses AI to analyse communication content and suggest which legal matters communications relate to, and to generate billing entry descriptions. Key points:

Communication content is transmitted to a third-party AI service provider located outside South Africa for this analysis. By using these features, you consent to this cross-border transfer.
All AI suggestions are reviewed and approved by you before any billing entry is finalised. No billing decision is made automatically without your input.
You may decline to use AI-assisted features at any time.

5. Who We Share Information With

We do not sell your personal information. We share it only as necessary to provide the service:

Sub-processors (operators): We use third-party service providers for cloud hosting and infrastructure, AI analysis, payment processing, and communication delivery. All sub-processors are bound by data processing agreements and may only process your information on our instructions.
Accounting integrations: If you enable an accounting integration, relevant billing data is shared with that platform as directed by you.
Law enforcement and regulators: Where required by South African law or a competent authority.

Some sub-processors are located outside South Africa. Where personal information is transferred across borders, we take appropriate steps to ensure adequate protection, including contractual safeguards.

6. Security

We implement appropriate technical and organisational measures to protect your personal information against unauthorised access, disclosure, alteration, or destruction. These include encryption in transit and at rest, access controls, and regular security reviews.

In the event of a security compromise affecting your personal information, we will notify you and the Information Regulator as required by POPIA.

7. Retention

We retain your personal information for as long as your account is active. After cancellation, your data remains available for 30 days, after which it is deleted in accordance with our retention schedule. We may retain certain records for longer where required by law (for example, financial records under the Income Tax Act).

8. Your Rights Under POPIA

As a data subject under POPIA, you have the right to:

Request access to the personal information we hold about you.
Request correction of inaccurate information.
Request deletion of your information (subject to lawful retention obligations).
Object to processing, including automated processing.
Withdraw consent at any time, without affecting the lawfulness of processing before withdrawal.
Lodge a complaint with the Information Regulator.

To exercise any of these rights, contact our Information Officer at ricky@asdf.africa.

You may also lodge a complaint with the Information Regulator of South Africa at POPIAComplaints@inforegulator.org.za or 0800 017 160.

9. Changes to This Policy

We may update this privacy policy from time to time. We will notify you of material changes by email and by notice on our website at least 30 days before they take effect. Continued use of Bill after the effective date constitutes acceptance of the updated policy.

10. Contact

General enquiries: ricky@asdf.africa

Information Officer (POPIA): Ricky Klopper — ricky@asdf.africa — +27 69 0411 717

Registered address: 2 Blaauwklip Office Park, Webersvallei Road, Stellenbosch, Western Cape, South Africa

These Terms must be read together with our Terms of Service.