Privacy Policy

1. Introduction

iSamic ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our meat audit and compliance management platform, including our web application and mobile application (collectively, the "Services").

Please read this Privacy Policy carefully. By accessing or using our Services, you agree to this Privacy Policy. If you do not agree with this Privacy Policy, please do not access or use our Services.

2. Information We Collect

2.1 Information You Provide to Us

Account Information: Name, email address, password, company name, facility information, role/title
Audit Data: Audit templates, audit results, photos, signatures, location data, timestamps
Profile Information: User preferences, settings, profile picture
Communication Data: Messages, support requests, feedback

2.2 Information Automatically Collected

Device Information: Device type, operating system, unique device identifiers
Usage Data: Pages viewed, features used, time spent, click patterns
Log Data: IP address, browser type, access times, referring URLs
Location Data: GPS coordinates (when conducting audits with location tagging enabled)
Camera Data: Photos taken during audits (stored with user consent)

2.3 Information from Third Parties

Authentication Providers: AWS Cognito user authentication data
Cloud Services: AWS infrastructure metadata

3. How We Use Your Information

We use collected information for the following purposes:

Provide Services: Create accounts, conduct audits, generate reports, manage compliance
Improve Services: Analyze usage patterns, fix bugs, develop new features
Communication: Send updates, notifications, support responses, important announcements
Security: Detect fraud, prevent abuse, monitor security threats
Legal Compliance: Comply with legal obligations, respond to legal requests
Analytics: Understand user behavior, measure performance, optimize user experience

4. Data Sharing and Disclosure

We may share your information in the following circumstances:

4.1 Within Your Organization

Audit data and user information may be shared with other users in your company or facility as configured by your organization's administrator.

4.2 Service Providers

Amazon Web Services (AWS) - Cloud hosting and storage
AWS Cognito - User authentication and identity management
Analytics providers - Usage analytics and performance monitoring

4.3 Legal Requirements

We may disclose information if required by law, court order, government request, or to protect rights, property, or safety.

4.4 Business Transfers

In connection with mergers, acquisitions, or asset sales, your information may be transferred to the acquiring entity.

5. Data Security

We implement appropriate technical and organizational measures to protect your information:

Encryption: Data in transit (TLS 1.3) and at rest (AES-256)
Access Controls: Role-based access control (RBAC), multi-factor authentication (MFA)
Monitoring: 24/7 security monitoring, intrusion detection, audit logging
Regular Audits: Security assessments, penetration testing, compliance audits
ISO 27001: Compliance with information security management standards

However, no method of transmission or storage is 100% secure. We cannot guarantee absolute security.

6. Data Retention

6.1 Legal and Regulatory Obligations

Samic Pty Ltd operates in a highly regulated industry and is legally required to report compliance and audit data to government authorities, including the South African Department of Agriculture, Land Reform and Rural Development. As a result, we have a legal obligation to retain user information, audit records, and compliance data for extended periods to meet regulatory requirements.

6.2 Retention Periods

We retain your information according to the following guidelines:

Audit Data: Minimum 7 years to comply with regulatory requirements
User Account Information: Duration of account plus 7 years for compliance purposes
Compliance Records: Indefinitely, as required by law
Government Reporting Data: Retained as mandated by applicable regulations

6.3 Account Deletion and Data Retention

Users can request account deletion through the web application's profile settings (accessible via the profile icon in the sidebar, under "Account Settings"). However, please note the following important information:

Important: Legal Data Retention Requirements

When you delete your account, your personal data will be marked as deleted and will no longer be accessible to you or visible in the application. However, we are legally required to retain this data for compliance and regulatory purposes.

This retention is mandatory under South African law and enables us to respond to government audits, legal inquiries, and maintain the integrity of historical compliance records. Deleted account data is securely archived and only accessible for legal and compliance purposes.

While we respect your right to data deletion, our legal obligations to government authorities take precedence. This ensures the integrity of the food safety and compliance system that protects public health.

7. Your Rights and Choices

You have the following rights regarding your personal information:

Access: Request a copy of your personal information
Correction: Request correction of inaccurate or incomplete data
Deletion: Request deletion of your account through the web application profile settings (click your profile icon in the sidebar, then navigate to "Account Settings"). Please note that while your account will be deactivated and your data will no longer be accessible to you, we are legally required to retain your data for compliance purposes as described in Section 6.
Export: Request a portable copy of your data
Opt-out: Unsubscribe from marketing communications
Withdraw Consent: Withdraw consent for data processing where applicable (subject to legal obligations)

To exercise these rights or for questions about data deletion and retention, contact us at privacy@isamic.com

8. Children's Privacy

Our Services are not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided us with personal information, please contact us.

9. International Data Transfers

Your information may be transferred to and processed in countries other than your own, including the United States and other AWS regions. We ensure appropriate safeguards are in place for such transfers in compliance with applicable data protection laws.

10. Cookies and Tracking

We use cookies and similar tracking technologies to enhance your experience:

Essential Cookies: Required for authentication and security
Analytics Cookies: Help us understand usage patterns
Preference Cookies: Remember your settings and preferences

You can control cookies through your browser settings, but this may limit functionality.

11. Third-Party Links

Our Services may contain links to third-party websites. We are not responsible for the privacy practices of these websites. We encourage you to read their privacy policies.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via email or through the Services. The "Last Updated" date at the top indicates when changes were made. Continued use of our Services constitutes acceptance of the updated Privacy Policy.

13. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

iSamic Privacy Team

Email: privacy@isamic.com

Security: security@isamic.com

General: info@isamic.com

14. Compliance & Certifications

Our privacy practices comply with:

ISO/IEC 27001:2022 Information Security Management
Google Play Store Data Safety Requirements
POPIA (Protection of Personal Information Act) - South Africa
General Data Protection Regulation (GDPR) principles