Get 8 professionally written POPIA compliance documents -- privacy policy, consent forms, breach response playbook and more -- for a fraction of what a lawyer charges. Ready to customise in an afternoon.
Templates only. Not a substitute for legal advice for complex organisations.
Each document is written for South African businesses, references POPIA Act 4 of 2013, and includes customisation notes explaining what to change and why.
Website-ready policy covering data collection, purpose, lawful basis, retention periods, and data subject rights. Publish it on your site and you're legally covered for customer data collection.
Single-page intake form that documents customer consent at the point of service. Covers what you collect, why, who sees it, and their rights. Print it and use it from day one.
The form you hand a customer who asks "what data do you have on me?" Covers access, correction, and deletion requests with an office-use tracking section.
POPIA requires every business to formally designate an Information Officer. This internal letter records who that person is and what they are responsible for -- plus prompts for the required Information Regulator registration.
A structured table to map every category of personal data you collect: source, storage location, retention period, lawful basis, and who has access. Your internal compliance foundation document.
Step-by-step playbook for the first 72 hours after a breach. Includes ready-to-send notification letters for the Information Regulator and affected customers -- the last thing you want to write at 2am.
Drop-in HTML and JavaScript for a compliant cookie consent banner. Works on any website with no third-party libraries. Conditionally loads your analytics only after consent is given.
A drop-in data processing clause for contracts with suppliers who handle your customer data -- cloud software providers, accountants, email platforms. Protects you if they cause a breach.
You could. And for large, complex organisations you probably should. But for a small business that collects customer contact details, a lawyer charging R30k is overkill.
This is a starter pack of templates, not a legal opinion. For complex multi-entity organisations, consult an attorney.
If you collect names, email addresses, ID numbers, health information, or payment details from South African customers -- POPIA applies to you.
No complicated onboarding. No legal jargon to decode. Just practical documents your business can implement this week.
Complete payment via PayFast. Instantly receive a download link to your personalised ZIP containing all 8 documents with your business name and details pre-filled.
Each document includes a Customisation Notes section explaining exactly what to change for your industry. Most businesses are done in 2-3 hours.
Your README file gives you a week-by-week implementation checklist. Publish the privacy policy, train your staff, send vendor clauses, and you're on the right side of POPIA.
One-off pack for R2,500. Optional monthly retainer to keep your documents current as regulations evolve.
Live payments are coming soon. In the meantime, download the free demo to see exactly what you receive.
Contact hello@nel404labs.co.za to purchase.
Common questions before buying.
No. These are professionally written templates based on POPIA Act 4 of 2013 and general compliance best practice for South African small businesses. They are not legal advice and Nel404 Labs is not a law firm.
For most small businesses collecting standard customer contact details and appointment information, these templates provide a solid, practical starting point. For organisations processing health records, financial data at scale, or operating across multiple jurisdictions, we recommend consulting a qualified attorney before relying solely on these templates.
POPIA was signed into full effect in 2021, with the Information Regulator becoming fully active through 2022-2024. The core requirements are stable. The templates reference the base Act (4 of 2013) and align with 2024 regulatory practice.
If significant amendments occur, holders of the R499/mo retainer receive updated documents. Standalone pack holders can purchase updated versions at a reduced rate when available.
Possibly, but probably not for day-to-day operations if you are a straightforward small business. These documents are appropriate for: medical and dental practices collecting patient contact and health history, estate agents, accountants, gyms, salons, small e-commerce stores, and service businesses.
You likely need an attorney if: you process health data at significant scale, you share data with offshore partners, you are in a regulated industry with sector-specific rules (e.g. financial services under FAIS/FICA), or you face an Information Regulator investigation.
Employee data falls under POPIA just like customer data. The Privacy Policy template addresses staff data in passing, and the Data Inventory Worksheet includes a row for employee records. If you have more than a handful of employees, review the worksheet carefully to document every HR system and data category you hold. The Information Officer Designation document also covers internal staff responsibilities.
Yes -- Information Officers of private bodies are required to register with the Information Regulator at https://www.justice.gov.za/inforeg/. Registration is free and takes approximately 15 minutes online. The Information Officer Designation document in your pack includes a step to complete this. The Information Regulator has been enforcing this requirement more actively since 2023.
All documents are delivered as Markdown (.md) files in a ZIP archive. Markdown is a plain text format that opens in any text editor and can be converted to Word, PDF, or HTML with free tools. Your business name and details are pre-filled in every document. A README.txt explains what each file is and provides a week-by-week implementation checklist.
PDF and DOCX export is planned for version 2.
You complete payment, enter your business details on the next page, and immediately receive a download link for your personalised ZIP. No waiting. No back-and-forth. The documents are ready to review and implement the same day.
The pack is licensed for use by a single business entity. If you own multiple separate businesses, purchase one pack per business -- at R2,500 each, it is still far cheaper than alternatives. If you are an accountant or advisor who wants to use the templates for your clients, contact hello@nel404labs.co.za to discuss a multi-use licence.