POPIA Compliance
How EasyVisit handles personal information in accordance with South African law
Compliant with the Protection of Personal Information Act 4 of 2013
EasyVisit is designed from the ground up to be compliant with the Protection of Personal Information Act 4 of 2013 (POPIA). We understand that our clients are Responsible Parties under POPIA, and we operate as their Operator — processing personal information only on their behalf and under their instruction.
Our POPIA Commitments
- Lawful processing only — we process personal information only for visitor management purposes with a clear lawful basis
- Purpose limitation — data collected at check-in is used only for access management and audit purposes
- Data minimisation — we collect only the information necessary: name, contact number, and optional photograph
- Accuracy — hosts can update visitor records; incorrect blacklist entries can be corrected by administrators
- Retention limits — visit records are retained for 12 months; photographs for 90 days
- Security — HTTPS encryption, API key authentication, OTP login, rate limiting, and access controls
- Accountability — a designated Information Officer oversees all data handling
Data Processing Agreement
All EasyVisit clients receive a Data Processing Agreement (DPA) that governs how we handle personal information on their behalf. The DPA is available upon request by emailing legal@easyvisit.app.
Information Regulator
South African data subjects may lodge complaints with the Information Regulator:
inforegulator.org.za