Contents
This Privacy Policy explains how Riskcape Enterprises ("we", "our", or "us"), operating as SmartGuard, collects, uses, stores, and protects personal information when you use our security guard management platform at smartguard.app and any associated mobile or web applications (collectively, the "Service"). We are committed to protecting your privacy in accordance with the Zambia Data Protection Act No. 3 of 2021 and applicable international standards.
1. Who We Are
The data controller responsible for your personal information is:
Riskcape Enterprises
22 Njoka Road, Olympia, Lusaka, Zambia
Email: business@riskcape.com
Phone: +260 975 372 975
2. Information We Collect
2.1 Account & Business Information
- Company name, registration details, and physical address
- Administrator name, email address, and phone number
- Billing address and subscription preferences
2.2 Staff & Employee Data
- Names, national ID numbers, and contact details of security personnel
- Employment details including department, position, and employment dates
- Payroll information such as salary, deductions, and bank account details
- Leave records, attendance logs, and performance evaluations
- Emergency contact information
2.3 Operational Data
- GPS location data from patrol tracking and guard check-ins
- Shift schedules, patrol routes, and checkpoint scan records
- Incident reports including descriptions, photographs, and timestamps
- Emergency response records and SOS alert history
- Site information and client details
2.4 Payment Information
- Subscription payment records and transaction references
- Mobile money numbers used for payment (processed via PawaPay or Flutterwave)
- Card details are never stored by us — card payments are processed directly by our payment providers
2.5 Technical & Usage Data
- IP address, browser type, and device identifiers
- Pages visited, features used, and time spent on the platform
- Error logs and diagnostic data
- Session tokens and authentication logs
3. How We Use Your Information
We use the information we collect to:
- Provide and operate the Service — create and manage accounts, process payroll, schedule shifts, track patrols
- Process payments — handle subscription billing and generate invoices/receipts
- Send operational communications — shift reminders, incident alerts, patrol missed notifications, trial expiry warnings
- Maintain platform security — detect fraud, prevent unauthorised access, and protect against abuse
- Improve our platform — analyse usage patterns to fix bugs and develop new features
- Comply with legal obligations — respond to regulatory requests and maintain required records
- Provide customer support — respond to enquiries and resolve issues
4. Legal Basis for Processing
Under the Zambia Data Protection Act and applicable law, we process personal data on the following grounds:
| Processing Activity | Legal Basis |
|---|---|
| Providing the platform and core features | Contract performance |
| Processing subscription payments | Contract performance |
| Sending service-critical notifications | Contract performance / Legitimate interests |
| Payroll and HR record-keeping | Legal obligation / Contract |
| GPS location tracking of guards | Consent (employee agreement) / Legitimate interests |
| Platform analytics and improvement | Legitimate interests |
| Marketing communications | Consent |
| Regulatory compliance and audit | Legal obligation |
5. Data Sharing & Third Parties
We do not sell your personal data. We share data only where necessary with trusted service providers operating under appropriate data protection agreements:
Payment Processors
PawaPay (mobile money), Flutterwave (card & mobile money), and PayFast (card payments) process subscription payments on our behalf. These providers operate under their own privacy policies and PCI-DSS compliance standards. We share only the minimum data required to complete a transaction.
Email & SMS Delivery
We use SMTP email services and SMS.to for delivering transactional notifications (invoices, alerts, reminders). Only the recipient name, email, and phone number are shared for delivery purposes.
Cloud Hosting
Our platform is hosted on secure cloud infrastructure. All servers are protected by enterprise-grade security controls and data is encrypted at rest and in transit.
Legal & Regulatory Authorities
We may disclose information when required by Zambian law, a court order, or to protect the rights, property, or safety of our users or the public.
6. Data Retention
We retain your data for as long as your account is active or as needed to provide the Service. Specific retention periods:
- Active account data — retained for the duration of the subscription
- Financial records (invoices, payments) — 7 years to comply with Zambia's tax and accounting regulations
- Payroll & employment records — 7 years after employment ends
- Incident reports — 5 years, or longer if required for legal proceedings
- Application/access logs — 90 days
- After account deletion — anonymised or deleted within 30 days, except where legal obligations require longer retention
7. Security Measures
We implement industry-standard technical and organisational safeguards, including:
- TLS/HTTPS encryption for all data in transit
- Bcrypt password hashing — we never store plain-text passwords
- Encrypted session cookies with HTTPS-only flags
- Role-based access controls — staff can only access data relevant to their role
- Webhook signature verification for all payment gateway callbacks
- Regular automated backups with offsite storage
- Firewall rules and intrusion detection monitoring
No method of transmission over the Internet is 100% secure. If you suspect a security breach affecting your account, please contact us immediately at business@riskcape.com.
8. Your Rights
Under the Zambia Data Protection Act and applicable law, you have the right to:
Access
Request a copy of the personal data we hold about you.
Correction
Request correction of inaccurate or incomplete data.
Deletion
Request deletion of your data where we no longer have a legal reason to retain it.
Portability
Receive your data in a structured, machine-readable format.
Objection
Object to processing based on legitimate interests or for direct marketing.
Withdraw Consent
Withdraw consent at any time where processing is based on consent.
To exercise any of these rights, contact us at business@riskcape.com. We will respond within 30 days. You may also lodge a complaint with the Zambia Information & Communications Technology Authority (ZICTA), which oversees data protection compliance in Zambia.
10. International Data Transfers
Some of our service providers (including payment processors and cloud hosting) may process data outside Zambia. Where such transfers occur, we ensure appropriate safeguards are in place — including contractual clauses and adequacy assessments — to protect your data to at least the same standard as required under Zambian law.
11. Children's Privacy
SmartGuard is a business-to-business platform intended for use by adults 18 years and older. We do not knowingly collect personal information from individuals under the age of 18. If you believe we have inadvertently collected such information, please contact us and we will delete it promptly.
12. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. When we make material changes, we will notify registered account holders by email and update the "Last updated" date at the top of this page. Your continued use of the Service after the effective date of any changes constitutes your acceptance of the updated policy.
13. Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or how we handle your data, please contact our Data Protection Officer:
Data Protection Officer — Riskcape Enterprises
22 Njoka Road, Olympia, Lusaka, Zambia
Email: business@riskcape.com
Phone: +260 975 372 975 / +260 570 602 428