POPIA compliance

We follow a “POPIA-aware by default” approach: data is minimised, encrypted in transit and at rest, access is role-restricted, and conversation content for one business is never used to train or answer for another.

When your customers’ personal information flows through Replai, you are the responsible party and Replai — operated by Bila Automation (Pty) Ltd(registration number 2026/360669/07) — is your operator. We process that information only on your documented instructions, under our Data Processing Addendum, which we will sign with businesses that require it.

• Accountability & processing limitation — we process only what is needed to run the service.
• Purpose specification & further processing — data is used for the purposes you authorise, not repurposed.
• Information quality — you can correct and update records from the dashboard.
• Openness — see our Privacy Policy for full detail.
• Security safeguards — encryption, access control, monitoring and breach procedures.
• Data subject participation — access, correction and deletion on request.

POPIA compliance is shared. As the responsible party you must still obtain a lawful basis for contacting your customers, provide your own privacy notice, honour data-subject requests, and configure Replai (retention, broadcasts, consent) appropriately for your business.

For data-subject requests, DPAs, or to report a suspected incident, contact privacy@replai.co.za. We will assist you within the timeframes required by POPIA.