Tolla Back to Home
POPIA Compliant

Privacy Policy

Last Updated: June 16, 2026 · Effective Date: June 16, 2026

Protection of Personal Information Act (POPIA) Statement

Tolla is fully committed to compliance with the South African Protection of Personal Information Act, No. 4 of 2013 (POPIA). This Privacy Policy explains how we collect, use, process, store, and protect your personal information and that of your customers when using our Next-Gen AI Copilot.

1. Information We Collect

To provide the Tolla decision engine, we process personal information that you provide to us directly, and information retrieved from your linked WhatsApp Business Account (WABA). This includes:

  • Merchant Account Details: Your WhatsApp phone number, email address (for demo sessions or billing alerts), and Paystack billing transaction records.
  • WhatsApp Communication Data: WhatsApp profile names, phone numbers of message senders, incoming and outgoing chat message content, metadata, and voice notes.
  • Knowledge Box Content: Static business facts, pricing sheets, and policies that you explicitly upload to configure the AI's response engine.

2. How We Process Data & AI Safety (PII Masking)

To help you respond to your clients, Tolla analyzes chat logs to suggest Whisper Cards. Under POPIA, we maintain strict security safeguards:

🛡️ Active Privacy Shield: Automated PII Masking

We employ an automated local compliance filter before sending any chat message data to Large Language Model (LLM) processing endpoints (such as OpenAI). This filter scans for and masks:

  • South African Identity Numbers (IDs)
  • Credit Card and Bank Account details
  • Residential and Physical Addresses
  • Sensitive personal identifiers

This prevents sensitive third-party client details from being cached or stored externally, satisfying POPIA’s direct processing guidelines.

3. Purpose of Processing

We only process personal information for clear, specific, and lawful purposes:

  • Providing context-aware suggested replies (Whisper Cards) to make your business operations more efficient.
  • Transcribing incoming audio voice notes via AI to provide instant summaries.
  • Performing vector semantic searches on your past chats to prevent AI hallucinations.
  • Managing your subscription, processing Paystack billing, and executing Meta Embedded Signup checks.

4. Consent & Opt-Out

By signing up for Tolla, you explicitly consent to our processing of your personal information and represent that you have the necessary consent or lawful basis to process your customers’ information. You can withdraw consent or opt-out by:

  • Requesting account deletion, which wipes all chats, settings, and credentials from our Supabase instance.
  • Revoking the Meta Business Link in your settings dashboard.

5. Security Measures

We protect personal information with industry-standard technical and organizational security measures. Data is stored on secure, database-encrypted Supabase instances. The integration uses official Meta API endpoints with tokens exchanged securely via our backend.

6. Your Rights Under POPIA

Under POPIA, you and your clients have the right to:

  • Request access to the personal information we hold about you.
  • Request the correction, destruction, or deletion of personal information.
  • Object to the processing of personal information on reasonable grounds.

7. Contact & Information Officer

If you have any questions about this Privacy Policy or wish to exercise your rights under POPIA, please contact our Information Officer:

Tolla Compliance & Information Officer

Email: support@tolla.app