Does POPIA apply to South African VoIP and call center data?

Yes. POPIA can apply to personal information processed through calls, messages, recordings, transcripts, customer records, support queues, and analytics.

Is CallOrbit the responsible party or operator?

For customer communications data, CallOrbit generally acts as operator and the customer acts as responsible party. For CallOrbit's own account, billing, sales, support, and security data, CallOrbit may act as responsible party.

Can South African customer data be processed outside South Africa?

It may be processed internationally where lawful safeguards apply and where infrastructure, carriers, subprocessors, or integrations require it.

Legal - Effective May 17, 2026

CallOrbit POPIA Disclosure

This POPIA Disclosure explains how CallOrbit supports South Africa POPIA obligations for personal information processed through VoIP South Africa workflows, business phone systems, call center software, cloud PBX, business SMS, WhatsApp, AI phone system features, recordings, transcripts, and telecom operations.

Effective date: May 17, 2026. Review cadence: Reviewed with South African privacy, telecom, subprocessor, and product changes. Contact: privacy@callorbit.tech.

1. POPIA Roles
2. Lawful Processing Conditions
3. Personal Information We May Process
4. Data Subject Rights
Does POPIA apply to South African VoIP and call center data?
Is CallOrbit the responsible party or operator?

Policy snapshot

Effective date: May 17, 2026
Review cadence: Reviewed with South African privacy, telecom, subprocessor, and product changes
Contact: privacy@callorbit.tech

1. POPIA Roles

For customer communications and customer personal information processed through CallOrbit, the customer usually acts as the responsible party and CallOrbit acts as the operator. The customer decides the purpose and means of processing and CallOrbit processes personal information under customer instructions.

CallOrbit acts as a responsible party for its own website, account, sales, billing, security, support, marketing, fraud prevention, and legal compliance information.

2. Lawful Processing Conditions

CallOrbit designs its privacy program to support the POPIA conditions for lawful processing, including accountability, processing limitation, purpose specification, further processing limitation, information quality, openness, security safeguards, and data subject participation.

Customers must make sure their own use of CallOrbit satisfies POPIA, including appropriate notices, lawful basis, consent where required, security safeguards, operator terms, retention practices, and direct marketing compliance.

3. Personal Information We May Process

Account information, user information, contact details, customer records, phone numbers, email addresses, message content, call metadata, recordings, voicemail, transcripts, notes, analytics, AI summaries, support records, billing records, and security logs.
Personal information may relate to natural persons and, under POPIA, juristic persons where applicable.
Special personal information should not be submitted unless necessary, lawful, supported by the service, and protected with appropriate customer controls.

4. Data Subject Rights

Request confirmation of whether personal information is held.
Request access to personal information.
Request correction, deletion, or destruction of personal information where applicable.
Object to processing where POPIA allows.
Withdraw consent where processing is based on consent.
Object to direct marketing by unsolicited electronic communications.
Submit a complaint to the Information Regulator South Africa.

5. Direct Marketing And Messaging

Customers using CallOrbit for outbound calls, SMS, WhatsApp, email, AI-assisted outreach, or other direct marketing must comply with POPIA, consumer protection laws, telecom rules, consent requirements, opt-out rules, and industry codes. Customers must maintain proof of consent or another valid legal basis and must honor opt-outs promptly.

6. Cross-Border Transfers

CallOrbit may process personal information outside South Africa where infrastructure, carriers, communications providers, subprocessors, support providers, or integrations operate. Where POPIA requires safeguards for cross-border transfers, CallOrbit uses appropriate contractual and operational protections. Customers must confirm that their own cross-border use of CallOrbit is lawful.

7. Security Safeguards

CallOrbit uses reasonable technical and organizational measures to protect personal information, including access controls, authentication, encryption where supported, monitoring, audit logs, staff confidentiality, provider controls, and incident response practices.

8. Requests And Complaints

For CallOrbit-controlled personal information, email privacy@callorbit.tech. For customer-controlled personal information, contact the relevant CallOrbit customer directly. If you believe your POPIA rights have been infringed, you may lodge a complaint with the Information Regulator South Africa.

Quick answers

Does POPIA apply to South African VoIP and call center data? - Yes. POPIA can apply to personal information processed through calls, messages, recordings, transcripts, customer records, support queues, and analytics.
Is CallOrbit the responsible party or operator? - For customer communications data, CallOrbit generally acts as operator and the customer acts as responsible party. For CallOrbit's own account, billing, sales, support, and security data, CallOrbit may act as responsible party.
Can South African customer data be processed outside South Africa? - It may be processed internationally where lawful safeguards apply and where infrastructure, carriers, subprocessors, or integrations require it.