Privacy Policy
Last updated: 1 March 2026
TST Software (Pty) Ltd ("TST Software", "we", "us", or "our") operates EasyVisit, a cloud-based visitor management platform. We are committed to protecting the personal information of all individuals who interact with EasyVisit. This Privacy Policy explains what information we collect, how we use it, and your rights under the Protection of Personal Information Act 4 of 2013 (POPIA).
1. Who We Are
EasyVisit is a SaaS product developed and operated by TST Software (Pty) Ltd, a South African software company. EasyVisit provides a cloud-based visitor management platform for residential complexes, corporate offices, and gated communities. TST Software (Pty) Ltd is the Responsible Party as defined by POPIA.
- Company: TST Software (Pty) Ltd, trading as EasyVisit
- Address: Bedford Gardens, Bedfordview, 2007, Gauteng, South Africa
- Information Officer: Thapelo Selowa
- Contact: privacy@easyvisit.app
2. Personal Information We Collect
We collect the following categories of personal information:
| Category | Examples | Who It Relates To |
|---|---|---|
| Identity data | First name, last name, ID/passport number | Visitors, Hosts |
| Contact data | Mobile number, email address | Visitors, Hosts, Administrators |
| Location data | Unit number, property name | Hosts |
| Biometric data | Visitor selfie photograph (optional) | Visitors |
| Visit records | Check-in time, check-out time, access codes | Visitors |
| Device data | IP address, browser type (anonymised) | All users |
3. How We Collect Personal Information
- Directly from you when a host books a visit or a visitor checks in at a kiosk
- From property administrators who register hosts on the Dashboard
- Automatically via server logs when you access our platform
- Via SMS communications when we send access codes and notifications
4. Purpose of Processing
We process personal information only for the following lawful purposes:
- Managing visitor access to properties (check-in and check-out)
- Sending SMS notifications with access codes and alerts
- Blacklist screening to ensure property security
- Generating analytics and audit trails for property administrators
- Authenticating host users via OTP (one-time PIN)
- Complying with legal obligations
5. Legal Basis for Processing
Under POPIA, we rely on the following grounds for processing:
- Contract: Processing is necessary to fulfil our service agreement with property clients
- Legitimate interest: Property security and visitor management
- Legal obligation: Maintaining access records as required by applicable law
- Consent: For optional features such as visitor photograph capture
6. Sharing of Personal Information
We do not sell personal information. We share information only where necessary:
- SMS providers (SMSPortal, Twilio) — to deliver access codes and notifications to visitors and hosts
- Cloud storage providers (Dropbox) — to store visitor photographs securely
- Hosting providers — our platform is hosted on infrastructure with appropriate data processing agreements
- Property administrators — who have a legitimate need to view visit records for their property
- Law enforcement — where required by South African law
All third-party operators are contractually bound to handle personal information in accordance with POPIA.
7. Retention of Personal Information
- Visit records are retained for 12 months from the date of the visit, unless a longer period is required by law or agreed with the property client.
- Visitor photographs are retained for 90 days after the visit.
- Blacklist records are retained until removed by the property administrator.
- System logs are retained for 30 days on a rolling basis.
8. Security of Personal Information
We implement appropriate technical and organisational measures to protect personal information, including:
- HTTPS encryption for all data in transit
- API key authentication for all system-to-system communication
- SMS OTP authentication for host portal access — a cryptographically secure 6-digit one-time PIN with a 5-minute expiry
- HttpOnly cookie-based authentication — an encrypted auth cookie is issued on successful OTP login; identity claims are stored server-side and cannot be accessed by JavaScript
- Rate limiting to prevent brute-force attacks (60 requests/min globally; 5 requests/min on OTP endpoints)
- SQL Server encryption for data at rest
- Access controls: only authorised staff and property administrators can access data
9. Your Rights Under POPIA
As a data subject, you have the right to:
- Access — request a copy of the personal information we hold about you
- Correction — request correction of inaccurate or incomplete information
- Deletion — request deletion of your personal information (subject to legal retention requirements)
- Objection — object to processing of your personal information
- Complaint — lodge a complaint with the Information Regulator of South Africa
To exercise any of these rights, contact us at privacy@easyvisit.app.
10. Cookies
Our marketing website uses only essential session cookies required for navigation. We do not use tracking or advertising cookies. By continuing to use our site, you consent to essential cookie use only.
11. Changes to This Policy
We may update this Privacy Policy from time to time. Material changes will be communicated via email to registered clients and posted on this page with an updated date. Continued use of the platform after changes constitutes acceptance of the updated policy.
TST Software (Pty) Ltd, trading as EasyVisit
privacy@easyvisit.app
Information Regulator of South Africa
inforegulator.org.za • complaints@inforegulator.org.za