Terms of Service & Privacy Policy

We are committed to complying with the Protection of Personal Information Act (POPIA) of South Africa. This section outlines how we handle your personal information in accordance with POPIA requirements.

2.1 Information We Collect

• Account information (name, email address, password)
• Business information (company name, device assignments)
• Inventory data from connected Stockmate devices
• Usage data and activity logs
• API access logs for security and troubleshooting

2.2 Purpose of Processing

We process your personal information for the following purposes:

• Providing inventory reporting and analytics services
• Account management and authentication
• Customer support and communication
• Service improvement and troubleshooting
• Compliance with legal obligations

2.3 Your Rights Under POPIA

As a data subject, you have the right to:

• Access - Request access to your personal information
• Correction - Request correction of inaccurate information
• Deletion - Request deletion of your personal information
• Object - Object to the processing of your information
• Withdraw Consent - Withdraw previously given consent

To exercise any of these rights, please contact our Information Officer at privacy@stock-mate.co.za.

3.1 Where We Store Your Data

Your data is stored on secure servers located in South Africa. We use industry-standard security measures to protect your information, including:

• Encrypted data transmission (HTTPS/TLS)
• Secure database storage with access controls
• Regular security audits and monitoring
• Password hashing using modern cryptographic algorithms

3.2 Data Retention

We retain your data as follows:

• Inventory Logs: Active data retained for 2 months, archived data retained for up to 1 year
• API Request Logs: Retained for 7 days for troubleshooting purposes
• Account Information: Retained while your account is active and for a reasonable period thereafter

You may request deletion of your data at any time, subject to our legal retention obligations.

4.1 What Data May Be Shared

When you request or enable POS integration, the following data may be shared with your POS provider:

• Product/item information (names, barcodes, categories)
• Inventory counts and stock levels
• Barcode mappings between your inventory and POS system

4.2 Secure API Access

Data sharing with POS systems is conducted exclusively through secure API connections:

• All API communications are encrypted using HTTPS/TLS
• API access requires authentication using unique API keys
• You generate and control your own API keys
• Each API key can be labelled for easy identification
• API usage is logged for your review

4.3 Your Control Over Data Sharing

• POS integration is optional and must be explicitly enabled or requested by you
• You can disable POS integration at any time
• You can revoke individual API keys instantly
• You can view API usage logs to monitor access
• Revoking access does not delete your existing data

If you use our API services, you agree to:

• Keep your API keys confidential and secure
• Not share API keys with unauthorised parties
• Comply with rate limits (currently 60 requests per minute)
• Use the API only for legitimate business purposes
• Not attempt to circumvent security measures

We reserve the right to suspend API access if these terms are violated.

You are responsible for:

• Maintaining the confidentiality of your account credentials
• All activities that occur under your account
• Notifying us immediately of any unauthorised access
• Ensuring your contact information is accurate and up-to-date