← Back to Home

Privacy Policy

Last Updated: July 2, 2026

Compliant with the Protection of Personal Information Act (POPIA), 2013

1. Introduction

SiteIQ ("we", "our", or "us") is committed to protecting your personal information and respecting your privacy rights. This Privacy Policy explains how we collect, use, store, and protect your personal information in accordance with the Protection of Personal Information Act 4 of 2013 (POPIA).

By using our security monitoring services, you consent to the data practices described in this policy.

2. Who We Are

Responsible Party: SiteIQ (Pty) Ltd

Information Officer: [Your Name]

Email: privacy@siteiq.com
Phone: [Your Contact Number]

Physical Address: [Your Business Address]

You can contact our Information Officer regarding any questions about this Privacy Policy or to exercise your rights.

3. What Personal Information We Collect

3.1 Information You Provide to Us

  • Contact Information: Name, email address, phone number, WhatsApp number
  • Account Information: Username, password (encrypted), account preferences
  • Property Information: Physical address, property type, site access details
  • Armed Response Selection: Your chosen armed response provider name and contact details
  • Payment Information: Billing details (processed securely by third-party payment providers)

3.2 Information Collected Automatically

  • Camera Footage: Video and images from security cameras at your property
  • Alert Data: Incident timestamps, alert types, sensor triggers, camera activations
  • Device Information: Camera health status, alarm panel status, sensor connectivity
  • Location Data: GPS coordinates of security incidents and site locations
  • Usage Data: Login times, app interactions, feature usage, response times

3.3 Special Personal Information (Biometric Data)

AI Human Detection: Our Double-Knock™ system uses artificial intelligence to analyze camera images to detect human presence. This may involve processing biometric data such as:

  • Body shape and movement patterns
  • Physical characteristics to distinguish humans from animals
  • Presence detection (not facial recognition or identity verification)

Important: We do NOT perform facial recognition or store identifiable biometric templates. Our AI only detects whether a human is present to prevent false alarms from animals or weather.

4. How We Use Your Personal Information

We process your personal information for the following lawful purposes:

4.1 Security Monitoring Services (Primary Purpose)

  • Monitor your property for security threats
  • Detect and verify security incidents using AI
  • Send real-time alerts to you and your armed response provider
  • Maintain incident history and records
  • Coordinate emergency response

4.2 False Alarm Prevention

  • Use AI to analyze camera images and distinguish humans from animals/weather
  • Verify line-crossing events before dispatching armed response
  • Reduce unnecessary callouts and associated costs

4.3 Service Delivery

  • Create and manage your account
  • Process payments and billing
  • Provide customer support
  • Send service notifications and updates
  • Troubleshoot technical issues

4.4 Legal and Safety Obligations

  • Comply with South African laws and regulations
  • Respond to law enforcement requests (with valid court orders)
  • Protect against fraud and abuse
  • Enforce our terms and conditions

5. Who We Share Your Information With

We share your personal information with the following parties:

5.1 Your Armed Response Provider

When a security incident is detected, we share the following information with your selected armed response company:

  • Your name and property address
  • Alert type and severity
  • Incident timestamp
  • Your contact number for verification
  • Camera snapshot (if available and verified by AI)

Purpose: To enable rapid emergency response to your property.

5.2 Service Providers

We use trusted third-party service providers who process data on our behalf:

  • Cloud Hosting: Emergent AI (data stored securely in cloud infrastructure)
  • AI Processing: Emergent LLM API for image analysis (biometric processing)
  • Database: MongoDB Atlas (encrypted data storage)
  • Payment Processing: [Payment provider name] (PCI-DSS compliant)

All service providers are bound by confidentiality agreements and process data only as instructed by us.

5.3 Law Enforcement and Legal Authorities

We may disclose your information to law enforcement agencies, courts, or regulatory bodies when:

  • Required by law or valid court order
  • Necessary to prevent crime or protect public safety
  • To enforce our legal rights

5.4 Installers

Your assigned security installer has access to:

  • Your contact information (for installation and support)
  • Equipment status and health monitoring
  • Alert history (for troubleshooting)

We do NOT: Sell your personal information to third parties for marketing purposes.

6. How We Protect Your Information

We implement appropriate technical and organizational security measures:

Technical Measures

  • 256-bit SSL/TLS encryption (HTTPS)
  • Bcrypt password hashing
  • JWT token-based authentication
  • Encrypted database storage
  • Regular security updates
  • Firewall protection

Organizational Measures

  • Role-based access control
  • Staff training on data protection
  • Confidentiality agreements
  • Regular security audits
  • Incident response procedures
  • Data minimization practices

Security Breach Notification: In the unlikely event of a data breach affecting your personal information, we will notify you and the Information Regulator within 72 hours as required by POPIA.

7. How Long We Keep Your Information

We retain your personal information only for as long as necessary:

Data TypeRetention PeriodReason
Account InformationActive subscription + 1 yearLegal and billing requirements
Camera Footage30 daysSecurity review and investigation
Incident Records6 monthsPattern analysis and legal evidence
Payment Records7 yearsTax and accounting regulations
AI Analysis DataNot storedReal-time processing only

After the retention period expires, we securely delete or anonymize your personal information. You can request early deletion by exercising your right to erasure (see Section 9).

8. International Data Transfers

Some of our service providers (cloud hosting, AI processing) may store or process data outside South Africa. When transferring data internationally, we ensure:

  • The destination country has adequate data protection laws, OR
  • We have contractual safeguards (Standard Contractual Clauses) in place
  • Your data remains protected to POPIA standards

Current Locations: Data may be processed in cloud data centers located in [specify regions, e.g., EU, USA]. All locations comply with POPIA requirements for international transfers.

9. Your Rights Under POPIA

You have the following rights regarding your personal information:

9.1 Right to Access

You can request a copy of all personal information we hold about you. We will provide this within 30 days, free of charge.

9.2 Right to Correction

If your personal information is inaccurate or incomplete, you can request us to correct or update it.

9.3 Right to Deletion (Right to be Forgotten)

You can request deletion of your personal information when:

  • It's no longer necessary for the purpose it was collected
  • You withdraw consent (where consent was the lawful basis)
  • You object to processing and there are no overriding legitimate grounds

Note: We may retain some information if required by law (e.g., financial records for 7 years).

9.4 Right to Object

You can object to certain types of processing, such as direct marketing communications.

9.5 Right to Withdraw Consent

Where we rely on consent as the legal basis, you can withdraw your consent at any time. This will not affect the lawfulness of processing before withdrawal.

Important: Withdrawing consent for essential services (e.g., security monitoring) may result in service termination, as we cannot provide the service without processing your data.

9.6 Right to Complain

If you believe we have violated your privacy rights, you can lodge a complaint with:

South African Information Regulator

Email: inforeg@justice.gov.za

Phone: +27 (0)10 023 5200

Website: www.justice.gov.za/inforeg

How to Exercise Your Rights

To exercise any of these rights, you can:

  • Email our Information Officer at: privacy@siteiq.com
  • Use the "Request My Data" form in your account settings
  • Write to us at our physical address (see Section 2)

We will respond to your request within 30 days. If we need to verify your identity, we may request additional information.

10. Cookies and Tracking Technologies

We use cookies and similar technologies to:

Essential Cookies (Required)

  • Authentication and security (JWT tokens)
  • Session management
  • Load balancing

These cookies are necessary for the website to function and cannot be disabled.

Analytics Cookies (Optional)

  • Usage statistics and performance monitoring
  • Feature usage tracking
  • Error reporting

You can disable analytics cookies in your browser settings without affecting core functionality.

11. Children's Privacy

Our services are intended for adults (18 years and older). We do not knowingly collect personal information from children under 18. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately at privacy@siteiq.com so we can delete it.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors.

We will notify you of material changes by:

  • Email notification to your registered email address
  • Prominent notice on our website and app
  • In-app notification when you next login

The "Last Updated" date at the top of this policy indicates when it was last revised. Your continued use of our services after changes indicates your acceptance of the updated policy.

13. Contact Information

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

SiteIQ Information Officer

Responsible for POPIA compliance and data protection

[Your Phone Number]

Response Time: We aim to respond to all privacy-related inquiries within 5 business days. For data subject access requests (DSAR), we will respond within 30 days as required by POPIA.

14. Legal Framework

This Privacy Policy is governed by and complies with:

  • Protection of Personal Information Act 4 of 2013 (POPIA)
  • Electronic Communications and Transactions Act 25 of 2002
  • Consumer Protection Act 68 of 2008
  • Regulation of Interception of Communications and Provision of Communication-Related Information Act 70 of 2002

This policy and any disputes arising from it are subject to the laws of the Republic of South Africa.

Your Privacy Matters

We are committed to protecting your personal information and maintaining your trust. If you have any concerns about how we handle your data, please don't hesitate to contact us.

© 2026 SiteIQ (Pty) Ltd. All rights reserved.

Registered in South Africa | POPIA Compliant | Information Regulator Registered

Made with Emergent