SecureCore SA is committed to protecting your personal information and complying with the Protection of Personal Information Act 4 of 2013 (POPIA). This Privacy Policy explains what data we collect, how we use it, and your rights as a data subject.
1. Who We Are
SecureCore SA is a South African technology company providing an integrated management platform for the private security industry. We act as both a Responsible Party (for data relating to our direct customers) and an Operator (for personal information processed on behalf of security companies using our platform).
Contact details for privacy matters:
- Email: support@securecoresa.co.za
- Phone: +27 81 270 0884
2. Personal Information We Collect
We collect and process the following categories of personal information through the Platform:
2.1 Security Company Administrators & Supervisors
- Full name, job title, email address, phone number
- Login credentials (passwords stored as encrypted hashes)
- IP address and browser information for security logging
- Usage data and audit logs within the platform
2.2 Guards (Security Officers)
- Full name, SA ID number, contact details, address
- Employee number, hire date, employment status
- PSIRA certificate numbers, grades, and expiry dates
- GPS location data during active shifts
- Clock-in/clock-out timestamps and attendance records
- Payroll information: salary, banking details, tax number, UIF reference
- Leave records and disciplinary records
- HR documents: contracts, ID copies, qualifications (uploaded by employer)
- Emergency contact information
- Photographs (profile photos)
2.3 Client Portal Users
- Company name, contact person name, email, phone
- Portal login credentials
- Report access and sign-off records
2.4 Website Visitors
- Name, email, phone, and message (via contact form)
- IP address and general location (via server logs)
| Category |
Purpose |
Legal Basis (POPIA) |
| Guard personal & employment data |
Payroll, compliance, HR management |
Contractual necessity / legal obligation |
| Guard GPS location data |
Live tracking, shift verification, safety |
Legitimate interest / contractual necessity |
| PSIRA certificate data |
Regulatory compliance tracking |
Legal obligation |
| Banking & payroll details |
Salary payments, SARS reporting |
Contractual necessity / legal obligation |
| Platform usage logs |
Security, auditing, support |
Legitimate interest |
| Contact form data |
Responding to enquiries |
Consent |
3. How We Use Personal Information
We use personal information collected through the Platform solely for the purposes described below:
- Providing, operating, and maintaining the SecureCore SA Platform
- Processing payroll, generating payslips, and facilitating bank payments
- Tracking PSIRA certificate compliance and sending expiry alerts
- Enabling GPS-based guard tracking and shift verification
- Generating client service delivery reports and SLA calculations
- Maintaining employee HR records and disciplinary documentation
- Communicating with platform users about their accounts
- Responding to contact form enquiries
- Ensuring platform security and preventing fraud or abuse
- Complying with South African legal obligations (SARS, UIF, PSIRA, CCMA)
We do not sell, rent, or share personal information with third parties for marketing purposes.
4. GPS Location Data
The Platform collects GPS location data from guards' mobile devices during active shifts. This data is used exclusively for:
- Verifying guard presence at assigned sites
- Generating patrol route records and checkpoint scans
- Providing real-time visibility to supervisors and clients
- Calculating accurate hours worked for payroll purposes
GPS tracking is only active during scheduled shifts. Guards are informed of GPS tracking as part of their employment terms. Location data is retained for a maximum of 12 months and then purged.
5. Data Storage & Security
5.1 Where Data is Stored
All Platform data is stored on cloud servers hosted in South Africa (AWS/Azure South Africa region) in compliance with POPIA's data localisation principles. No personal information is transferred outside the Republic of South Africa without adequate safeguards.
5.2 Security Measures
- End-to-end encryption for data in transit (TLS) and at rest (AES-256)
- Role-based access control — users only access data relevant to their role
- Multi-tenant data isolation — each company's data is fully segregated
- Regular penetration testing and security audits
- Automated backups with recovery time objective under 4 hours
- All passwords are hashed using bcrypt — plaintext passwords are never stored
6. Data Retention
We retain personal information only for as long as necessary for the purposes it was collected, or as required by law:
- Payroll records: 5 years (SARS requirement)
- Employee HR files: 3 years after termination
- GPS location data: 12 months
- Incident reports: 5 years
- PSIRA compliance records: 3 years
- Audit logs: 2 years
- Contact form submissions: 12 months
Upon subscription termination, your Company's data is available for export for 90 days, after which it is permanently and securely deleted.
7. Sharing Personal Information
We do not sell personal information. We may share personal information in the following limited circumstances:
- Service providers: Cloud hosting providers (AWS/Azure) and email delivery services, bound by data processing agreements
- Legal requirements: Where required by South African law, court order, or regulatory authority (SARS, PSIRA, CCMA)
- Within your Company: Authorised users within your security company can access data as permitted by their role
- Client portal: Guard location data and service delivery records are shared with the relevant client as part of the Platform's reporting function, with your Company's knowledge and consent
8. Your Rights Under POPIA
As a data subject under POPIA, you have the following rights:
- Right of access: Request a copy of the personal information we hold about you
- Right to correction: Request correction of inaccurate or incomplete personal information
- Right to deletion: Request deletion of your personal information, subject to legal retention requirements
- Right to object: Object to the processing of your personal information in certain circumstances
- Right to complain: Lodge a complaint with the Information Regulator of South Africa
To exercise any of these rights, contact us at support@securecoresa.co.za or call +27 81 270 0884. We will respond within 30 days.
9. Cookies
The SecureCore SA Platform uses essential session cookies to maintain your login state and secure your session. We do not use tracking cookies, advertising cookies, or third-party analytics cookies. The public website uses no cookies beyond standard server session management.
10. Children's Privacy
The Platform is intended for use by security professionals and business operators. We do not knowingly collect personal information from anyone under the age of 18. If you believe a minor's information has been submitted, contact us immediately at support@securecoresa.co.za.
11. Information Regulator
If you believe your personal information has been processed in violation of POPIA, you have the right to lodge a complaint with the Information Regulator of South Africa:
- Website: www.justice.gov.za/inforeg
- Email: inforeg@justice.gov.za
- Phone: 010 023 5207
12. Changes to This Policy
We may update this Privacy Policy from time to time. Material changes will be communicated via email or in-platform notification at least 14 days before taking effect. Your continued use of the Platform after the effective date constitutes acceptance of the updated policy.
13. Contact Us
For any privacy-related questions, requests, or concerns:
- Email: support@securecoresa.co.za
- Phone: +27 81 270 0884
- Website: securecoresa.co.za