Privacy Policy
Last updated: 3 July 2026
This policy explains how One Man Bandcollects, uses, and protects personal information, in line with South Africa's Protection of Personal Information Act (POPIA). It applies to the workspace, dashboard, Telegram assistant, and any linked customer-facing pages (quotes, invoices).
1. Responsible party
One Man Band is the responsible party for personal information processed through the service, as defined under POPIA. For every business using One Man Band(a “tenant”), that business is the responsible party for the personal information of its own customers that it enters into the workspace, and One Man Bandacts as an operator processing that data on the tenant's behalf and instruction.
2. Information we collect
We collect and store: account details (name, email, phone) for you and your team; your business details (name, VAT/registration number, address, banking details for invoices); the customer records you enter or import (names, contact details, addresses); quotes, invoices, leads, and documents you create; transactions extracted from bank statements you choose to upload for the books feature; messages you send the AI assistant (text and voice notes) and the assistant's replies; and basic usage/activity data (the events log that powers your dashboard's activity feed).
Website visitors who submit the enquiry form give us their name, contact details, and message — treated as untrusted input routed to the relevant business, never as instructions to our systems.
3. How we use your information
We use this information to run the workspace and assistant: to generate and send quotes/invoices you approve, to answer your questions about your own business data, to categorise bank transactions into management reports, to route enquiries and inbound email to the right tenant, and to bill your subscription. We do not sell personal information, and we do not use your business content to train third-party foundation models.
4. Who we share it with
We use a small number of trusted processors, each bound by their own terms and (where applicable) data processing agreements:
- Supabase — our database, authentication, and file storage provider (hosted in the EU).
- OpenAI and Google — process the content you submit to the AI assistant (text, voice-note transcriptions, documents) in order to generate replies and draft documents. This includes bank statements and documents you upload anywhere in the product — via the dashboard or your Telegram assistant — which are processed by Google (Gemini) and OpenAI to extract and categorise their contents.
- Telegram — carries the messages between you and your assistant on that channel.
- Resend— sends and receives email on your workspace's dedicated subdomain.
- Vercel — hosts the application and websites.
- Paystack — processes subscription payments. Your card details go to Paystack and never touch our servers.
We only share what each processor needs to do its job, and we don't share your data with anyone else except where required by law.
5. Books figures & accuracy
Bank statement transactions you upload are categorised automatically to produce management accounts (profit & loss, cashflow, VAT summaries). These are management accounts, not audited financial statements — verify them with your accountant before filing or relying on them for any formal purpose.
6. Data retention
We retain your workspace data for as long as your account is active, plus a reasonable period after closure to meet accounting and legal record-keeping obligations. You can export a full copy of your data at any time — see “Your rights” below — and request deletion once you no longer need it.
7. Security
Every workspace is isolated at the database level (row-level security), so one tenant can never read another tenant's data. Access to the dashboard requires authentication; access to Telegram is resolved by sender and a one-time pairing code. We use encrypted connections throughout and limit who on our side can access production data.
8. Your rights
Under POPIA, you can ask us to access, correct, or delete the personal information we hold about you, and object to certain processing. Most of this you can do yourself, directly in the dashboard: edit or delete customer records, and use Settings → Export everythingto download a complete copy of your workspace data, in every plan state — we never hold your data hostage. For anything you can't do yourself, email us at the address below and we'll action it promptly.
9. Cookies & analytics
Google Analytics runs on our marketing website only (this page and the pages around it) — page-view style tracking, no cross-site advertising cookies. The dashboard (the workspace you and your team sign in to) does not load Google Analytics at all: it uses only the cookies needed to keep you signed in, plus Vercel Analytics, which is cookieless and doesn't track you individually.
10. Contact
Questions, complaints, or requests about your personal information? Email piet@aitsa.tech. You may also lodge a complaint with the Information Regulator of South Africa.
See also our Terms of Service.