Back to home
Compliance

POPIA Statement

How EasyVisit supports POPIA-aligned processing under the Protection of Personal Information Act, 2013 — and what that means for properties, hosts and visitors.

Last updated · 15 May 2026

TST Software (Pty) Ltd, trading as EasyVisit, is committed to POPIA-aligned processing under the Protection of Personal Information Act, 4 of 2013 (POPIA). This statement summarises our controls as a responsible party and as an operator.

1. Registration & Information Officer

Our designated Information Officer is Thapelo Selowa, reachable at privacy@easyvisit.app. Information Officer registration and governance are managed as part of EasyVisit's POPIA compliance programme.

2. The eight POPIA conditions, applied

1
Accountability
Our Information Officer oversees all processing activities and maintains the personal-information processing register.
2
Processing limitation
We collect the personal information needed to run a visit, such as name, phone number, host, visit reason, access-code activity and optional fields such as ID/passport, vehicle registration and photographs where enabled and lawful.
3
Purpose specification
Personal information is collected for property security and visit logging only. We do not repurpose data for marketing.
4
Further processing limitation
If a further processing purpose arises, we either obtain consent or rely on a specific legal basis — never both implicitly.
5
Information quality
Administrators and hosts can update supported records from the dashboard or portal. Visitors can request access, correction or deletion through the data-subject request route.
6
Openness
Our Privacy Policy, this POPIA statement, and our Data Retention Policy are all publicly available.
7
Security safeguards
HTTPS/TLS in transit, production database connection encryption, role-based access controls, secure OTP/access-code generation, rate limiting, protected cookies and restricted logging of sensitive content.
8
Data subject participation
Subject access, correction and deletion requests are handled through privacy@easyvisit.app and routed to the customer property where that property is the responsible party.

3. Roles: responsible party vs operator

EasyVisit acts as a responsible party for data we collect directly from our customers and as an operator for visitor data processed on behalf of customer properties. Customer onboarding requires a signed Data Processing Agreement / Operator Agreement aligned to Section 21 of POPIA.

4. Data subject requests

If you are a visitor, host or guard whose personal information is held in EasyVisit, you may request access, correction or deletion by emailing privacy@easyvisit.app. We aim to respond within 30 days. Where the property is the responsible party for your data, we will route your request directly to them.

5. Security breach notification

In the unlikely event of a security compromise, we will notify the Information Regulator and affected data subjects as soon as reasonably possible after discovery, with internal response targets used to keep the process moving quickly.