Legal
Privacy Policy
Last Updated: 26 March 2026
This Privacy Policy explains how PanelDesk ("PanelDesk", "we", "us", "our") collects, uses, stores, and shares personal information when you use our marketing website and software service.
PanelDesk is operated by PANELDESK (PTY) LTD, a private company registered in South Africa under registration number 2026 / 183378 / 07. This Privacy Policy forms part of the PanelDesk Terms of Service.
For privacy and data-protection matters, Sam Fourie serves as PanelDesk's Director and Information Officer under registration reference 2026-004645.
1. Scope and Roles
PanelDesk provides software for workshop operations, including quotes, job cards, final costing, invoicing, and customer-facing document workflows.
For workshop data entered by your business (for example your customer, vehicle, and document records), your workshop is the responsible party under applicable law, including POPIA, and is responsible for lawful collection and use of that information. PanelDesk acts as an operator for that data when processing it to provide the service.
PanelDesk also acts as the responsible party for account, trial, billing, support, operational security, and service analytics data needed to run the platform.
2. Information We Collect
2.1 Account and team information
- Email address and profile names
- User role and company role assignments
- Onboarding and account-state metadata
- Impersonation metadata where admin tools are used
2.2 Company profile, trial, and billing information
- Company profile details (including address and tax fields)
- Billing and notification email addresses
- Banking details configured for quote and invoice display
- Subscription and trial metadata (status, limits, billing state, and trial dates where applicable)
- Optional payment-method setup and authorization metadata returned by our payment provider
You do not need to provide card details to begin the 30-day trial. Payment-related metadata is collected only if you choose to add a payment method, authorize a refundable verification charge, or continue onto paid billing.
2.3 Customer and vehicle records entered by workshops
- Customer contact and identity fields such as names, emails, phone numbers, ID or business details, and addresses
- Customer communication preferences and consent fields
- Vehicle details such as registration, VIN, engine number, mileage, make and model, and notes
2.4 Workflow and document snapshots
Quotes, invoices, and related documents can include snapshots of customer, vehicle, and company billing information at the time of issue.
2.5 Public-link and interaction data
- Public quote and invoice links are token-validated and may expose selected snapshot data needed for viewing and approval
- Quote accept or decline flows may capture submitter details such as name, email, context text, and request IP metadata
- Quote and invoice view tracking may capture session IDs, visitor IDs, IP addresses, user-agent data, and timestamps
- Audit logs may include actor metadata, action history, IP address, and user-agent data
2.6 Uploaded file metadata
We store metadata for uploaded assets, including object key or URL, content type, original filename, uploader identity, and upload timestamps.
2.7 Website analytics data
PanelDesk uses Vercel Analytics and Speed Insights on website pages for performance and usage measurement.
3. Cookies, Local Storage, and Identifiers
- Public quote and invoice flows may store session identifiers in local storage.
- A `paneldesk_visitor_id` cookie may be set for up to one year with `SameSite=Lax`, with a local storage mirror.
- These identifiers help with security, diagnostics, and view tracking on public document links.
You can control cookies through browser settings, but some functionality may be reduced.
4. How We Use Information
- Provide and operate the service and customer workflows
- Authenticate users and manage access permissions
- Generate and deliver documents, notices, and audit trails
- Process optional payment-method setup, subscriptions, refundable verification charges, billing actions, and payment events
- Send transactional emails and service communications
- Monitor security, abuse, reliability, and performance
- Comply with legal and regulatory obligations
We do not sell personal information to third parties for their own marketing.
5. Legal Basis and POPIA Notice
5.1 Legal basis for processing
We apply a POPIA-first approach with a global baseline for similar privacy rights. Depending on context, processing is based on:
- Performance of a contract
- Legitimate interests in operating and securing the service
- Consent where required
- Legal obligation
5.2 Mandatory and optional information
Certain information is required for account creation, service delivery, billing, fraud prevention, security, support, and legal compliance. This generally includes core account details, workshop/company details needed to operate the service, and payment or billing information when you choose paid billing or payment-method setup.
Other information is optional, such as adding a payment method during the free trial before you decide to continue onto paid billing. If you choose not to provide required information, we may be unable to create or maintain your account, activate paid billing, process payments, provide support, or enable certain product features.
5.3 Complaints to the Information Regulator
You may lodge a complaint with the Information Regulator if you believe your personal information has been handled unlawfully or your rights have been infringed. Official guidance and complaint resources are available on the POPIA page and the complaints page published by the Information Regulator.
6. Sharing and Service Providers
We share information with service providers that support PanelDesk operations, including:
- Firebase (Google) for authentication
- MongoDB for application data storage
- AWS S3 for file storage and signed URLs
- Paystack for optional payment-method setup, refundable verification charges, payments, and subscriptions
- Resend for transactional email delivery
- Vercel for hosting, analytics, and performance insights
Some providers process data outside South Africa. We use reasonable contractual and operational safeguards appropriate to the transfer context.
7. Security Controls
We use layered technical controls designed to reduce unauthorized access and misuse, including:
- Authentication checks on API access by default, with limited public endpoint exceptions for tokenized customer flows
- Permission-based authorization for protected actions
- Rate limiting, audit logging, and request validation controls
- Upload restrictions by file type, size, and scoped storage keys
- Webhook signature verification for billing events
- Transport and platform security headers in deployment configuration
No method of transmission or storage is perfectly secure, but we apply reasonable safeguards for the service context.
8. Retention and Deletion
We retain information for as long as needed to operate the service, meet legal obligations, resolve disputes, and maintain security and auditability.
Retention can vary by data category and account state. A single, fixed retention period does not apply to all records.
On account closure or deletion requests, we process data removal subject to legal, security, billing, and backup constraints.
9. Your Privacy Rights
Depending on applicable law, you may request access, correction, deletion, objection, or restriction of processing of your personal information.
For customer and vehicle data entered by a workshop, requests should generally be directed to that workshop first.
You can submit privacy and POPIA requests to Sam Fourie, Director and Information Officer, at sam@paneldesk.co.za or +27 60 282 3056 (WhatsApp calls and messages). We may request identity verification before acting on a request.
10. Children
PanelDesk is a business service and is not intended for use by children under 18.
11. International Transfers
Because our providers operate global infrastructure, personal information may be processed in multiple jurisdictions. We seek to apply suitable safeguards for those transfers.
12. Changes to this Policy
We may update this Privacy Policy from time to time. If we make material updates, we will publish the revised version and update the "Last Updated" date.
13. Contact
PANELDESK (PTY) LTD is a private company registered in South Africa under registration number 2026 / 183378 / 07.
Public office bearer: Sam Fourie, Director.
Privacy, POPIA, and data protection queries can be sent to Sam Fourie, Director and Information Officer, at sam@paneldesk.co.za or +27 60 282 3056 (WhatsApp calls and messages). Information Officer registration reference: 2026-004645.
Registered, business, and legal notices address: