This Privacy Policy explains how
SPOTBOT (“we”, “us”, “our”) collects, uses, discloses, and safeguards information in our
websites (including
spotbot.co.za), Progressive Web App, native wrapper apps, cloud services, and connected devices (“Services”).
It is designed to satisfy the Google Play
User Data policy, GDPR, and South Africa’s POPIA.
1. Scope
This policy applies to information processed by SPOTBOT through our websites, apps (including the Android/iOS WebView wrappers of our PWA), cloud back-end, and connected devices you link to your account.
2. Data we collect
2.1 You provide to us
- Account data: name, email, phone (optional), password hash, role/permissions.
- Device onboarding data: device serial numbers, site/camera labels, configuration choices.
- Support communications: messages, attachments, and feedback you send us.
2.2 Collected automatically
- Log data: IP address, device IDs, app version, browser/OS, timestamps, diagnostics and crash logs.
- Usage data: pages/screens visited, interactions (e.g., toggles), feature use, and performance metrics.
- Notification tokens: Firebase Cloud Messaging (FCM) / APNs tokens to deliver push notifications.
Note: We do not access your phone’s contacts, photos, or files unless you intentionally upload or grant explicit permission inside the app.
2.3 From your connected devices
- Event metadata: timestamps, device status, sensor triggers, and basic thumbnails or links where configured.
- Media handling: If you enable image/video uploads or live views, related media may transit or be stored according to your account plan and settings.
- Location (optional): If you enable geotagging or location-aware automations, approximate location may be derived from device/network info or permissions you grant.
3. How we use data
- Provide, operate, and maintain the Services and your linked devices.
- Deliver alerts and push notifications you opt into (e.g., detections, status changes).
- Authenticate users, prevent fraud/abuse, and secure accounts.
- Diagnose issues, monitor performance, and improve reliability.
- Communicate with you about updates, features, and support.
- Comply with legal obligations and enforce our Terms.
4. Legal bases for processing (GDPR/POPIA)
- Contract: To provide the Services you request.
- Legitimate interests: Securing our Services, preventing misuse, and improving features.
- Consent: For optional features like marketing emails or device/location-based automations. You can withdraw consent at any time.
- Legal obligation: Where processing is required by law.
5. When we share data
- Service providers: Cloud hosting, analytics/diagnostics, and messaging (e.g., Firebase Cloud Messaging / APNs) under contractual duties of confidentiality.
- Payment processors: If you purchase a subscription via our website, your payment is handled by PayFast. We do not store full card details.
- Partners you choose: If you invite a dealer, installer, or security partner, relevant device/site data may be shared per your selections.
- Legal & safety: To comply with law, protect rights, safety, or prevent fraud/abuse.
- Business transfers: In a merger, acquisition, or asset sale, subject to this Policy.
6. Payments & subscriptions
Subscriptions or premium features purchased on our website are processed by PayFast. PayFast may collect identifying and payment information in accordance with its own privacy policy. We receive limited information needed to activate your subscription (e.g., payment status, payer reference).
7. Data retention
We retain personal data only as long as needed for the purposes above, to comply with legal obligations, resolve disputes, and enforce agreements. You may request deletion of your account and associated personal data (subject to lawful exceptions).
8. Security
We employ technical and organizational measures appropriate to the risk, including encrypted transport (HTTPS), access controls, and regular updates. No method of transmission or storage is 100% secure.
9. International data transfers
We may process data in countries other than your own (e.g., where our hosting or providers operate). Where required, we use appropriate safeguards for cross-border transfers.
10. Your privacy rights
- Access/Rectification: Request a copy of your data or corrections.
- Deletion: Request deletion of your account/data (subject to lawful exceptions).
- Restriction/Objection: In certain cases, restrict or object to processing.
- Portability: Receive your data in a portable format where applicable.
- Consent withdrawal: For processing based on consent.
EEA/UK users may contact their supervisory authority. South African users may contact the Information Regulator (POPIA).
11. App permissions & platform disclosures
- Notifications Used to deliver device and account alerts via FCM/APNs. You can disable in system settings.
- Location (optional) If enabled for device/site tagging or automations; otherwise not collected.
- Camera / Files (optional) Only when you upload images or scan QR codes; media stays local unless you submit it.
These permissions may vary by platform and feature set. In-app disclosures appear at the time of request.
12. Cookies & tracking
Our websites and PWA use necessary cookies to operate and may use analytics/diagnostics cookies to improve performance. You can manage cookie preferences in your browser or in-app where available.
13. Children’s privacy
Our Services are not directed to children under 18. If you believe a minor provided personal data, please contact us so we can take appropriate action.
14. Changes to this policy
We may update this Policy to reflect changes to our practices or for legal, technical, or operational reasons. We will post the updated version with a new effective date and, where appropriate, notify you through the Services.