Protection of personal information at Pin My Guard

Purposes and lawful processing

• To provide guard management, live control-room operations, patrol proof, panic response, incident management, reporting, and client portal services.
• To perform tenant contracts, manage account records and manual EFT billing, support users, secure the platform, prevent misuse, and maintain reliable service delivery.
• To comply with legal, accounting, safety, labour, records, dispute, insurance, and security obligations that may apply to tenants or Pin My Guard.
• To send operational alerts, security notices, and product communications where allowed by law and user preferences.
• To provide AI-assisted categorisation, transcription, forecasting, scheduling, anomaly detection, and summaries only when enabled and subject to human review.

Who may receive information

• Authorised tenant administrators, control-room operators, managers, guards, residents, and clients according to role-based access controls.
• Emergency responders, armed response providers, medical responders, law enforcement, insurers, or regulators where required for safety, legal claims, or lawful requests.
• Approved service providers and Operators, including Firebase/Google Cloud, hosting, storage, messaging, analytics, monitoring, maps, support, and approved AI providers.
• Clients through the client portal only when tenants approve published reports, summaries, patrol proof, or attendance summaries. Raw resident GPS and device tokens are not included in client reports.

Pin My Guard does not sell personal information.

Security and data minimisation

• Tenant data is isolated under tenant-scoped Firestore and Storage paths with Firebase Auth roles and custom claims.
• Guard GPS is collected only during active shifts. Resident panic GPS is collected only when panic/SOS is activated or as otherwise disclosed by the tenant app configuration.
• Incident evidence, voice notes, and patrol records are stored privately by default. Client publication requires an approved summary or report workflow.
• App Check, least-privilege roles, audit logs, support access logs, private storage rules, and deployment controls are part of the production readiness plan.
• External AI processing is disabled unless a tenant enables it after vendor, operator agreement, retention, and data residency review.

How long information is kept

Retention depends on tenant contracts, legal duties, safety investigations, accounting rules, labour requirements, disputes, and product configuration. Starter defaults are:

• Guard GPS pings: 90 days unless the tenant configures a different lawful period.
• Panic/SOS GPS and escalation logs: 24 months, with legal hold where needed.
• Incident reports and evidence: 36 months by default, with legal hold support.
• Published client reports: tenant contract period plus 12 months.
• Audit logs, support access logs, account records, and manual EFT invoices: 5 years or the legally required accounting period.
• AI transient processing payloads: no provider retention unless approved in writing.

Data subject rights

POPIA gives data subjects rights to ask for access, correction, deletion or de-identification where lawful, objection to processing, withdrawal of consent where processing relies on consent, and complaint escalation. Requests about tenant operational data should usually be routed to the relevant tenant. Pin My Guard will help tenants respond where the data is stored in the platform.

You may also complain to the Information Regulator South Africa if you believe your personal information has been processed unlawfully.

Access to information requests

Pin My Guard and each tenant must maintain an approved PAIA process before production launch. Requests under the Promotion of Access to Information Act (PAIA) should be directed to the relevant Responsible Party's Information Officer. Pin My Guard will provide platform records to authorised tenant administrators or lawful request handlers when the request is valid, scoped, logged, and approved.

Pilot and prospective clients can request the PAIA manual and compliance pack from compliance@pinmyguard.com.

Cross-border and cloud processing

Pin My Guard is designed for Firebase and Google Cloud, with South African deployments targeting africa-south1 where the selected product supports that region. If a required service processes information outside South Africa, Pin My Guard and the tenant must use appropriate contractual, security, and transfer safeguards.

Incident notification

If Pin My Guard becomes aware of a security compromise affecting tenant data, it will notify the affected tenant as soon as reasonably possible and support the tenant's POPIA notification duties. Where Pin My Guard is the Responsible Party, it will notify the Information Regulator and affected data subjects as required.

Privacy contacts