Legal

Privacy Policy

Last updated: February 27, 2026

This Privacy Policy explains how Riskcape Enterprises ("we", "our", or "us"), operating as SmartGuard, collects, uses, stores, and protects personal information when you use our security guard management platform at smartguard.app and any associated mobile or web applications (collectively, the "Service"). We are committed to protecting your privacy in accordance with the Zambia Data Protection Act No. 3 of 2021 and applicable international standards.

1. Who We Are

The data controller responsible for your personal information is:

Riskcape Enterprises

22 Njoka Road, Olympia, Lusaka, Zambia

Email: business@riskcape.com

Phone: +260 975 372 975

2. Information We Collect

2.1 Account & Business Information

  • Company name, registration details, and physical address
  • Administrator name, email address, and phone number
  • Billing address and subscription preferences

2.2 Staff & Employee Data

  • Names, national ID numbers, and contact details of security personnel
  • Employment details including department, position, and employment dates
  • Payroll information such as salary, deductions, and bank account details
  • Leave records, attendance logs, and performance evaluations
  • Emergency contact information

2.3 Operational Data

  • GPS location data from patrol tracking and guard check-ins
  • Shift schedules, patrol routes, and checkpoint scan records
  • Incident reports including descriptions, photographs, and timestamps
  • Emergency response records and SOS alert history
  • Site information and client details

2.4 Payment Information

  • Subscription payment records and transaction references
  • Mobile money numbers used for payment (processed via PawaPay or Flutterwave)
  • Card details are never stored by us — card payments are processed directly by our payment providers

2.5 Technical & Usage Data

  • IP address, browser type, and device identifiers
  • Pages visited, features used, and time spent on the platform
  • Error logs and diagnostic data
  • Session tokens and authentication logs

3. How We Use Your Information

We use the information we collect to:

  • Provide and operate the Service — create and manage accounts, process payroll, schedule shifts, track patrols
  • Process payments — handle subscription billing and generate invoices/receipts
  • Send operational communications — shift reminders, incident alerts, patrol missed notifications, trial expiry warnings
  • Maintain platform security — detect fraud, prevent unauthorised access, and protect against abuse
  • Improve our platform — analyse usage patterns to fix bugs and develop new features
  • Comply with legal obligations — respond to regulatory requests and maintain required records
  • Provide customer support — respond to enquiries and resolve issues

5. Data Sharing & Third Parties

We do not sell your personal data. We share data only where necessary with trusted service providers operating under appropriate data protection agreements:

Payment Processors

PawaPay (mobile money), Flutterwave (card & mobile money), and PayFast (card payments) process subscription payments on our behalf. These providers operate under their own privacy policies and PCI-DSS compliance standards. We share only the minimum data required to complete a transaction.

Email & SMS Delivery

We use SMTP email services and SMS.to for delivering transactional notifications (invoices, alerts, reminders). Only the recipient name, email, and phone number are shared for delivery purposes.

Cloud Hosting

Our platform is hosted on secure cloud infrastructure. All servers are protected by enterprise-grade security controls and data is encrypted at rest and in transit.

Legal & Regulatory Authorities

We may disclose information when required by Zambian law, a court order, or to protect the rights, property, or safety of our users or the public.

6. Data Retention

We retain your data for as long as your account is active or as needed to provide the Service. Specific retention periods:

  • Active account data — retained for the duration of the subscription
  • Financial records (invoices, payments) — 7 years to comply with Zambia's tax and accounting regulations
  • Payroll & employment records — 7 years after employment ends
  • Incident reports — 5 years, or longer if required for legal proceedings
  • Application/access logs — 90 days
  • After account deletion — anonymised or deleted within 30 days, except where legal obligations require longer retention

7. Security Measures

We implement industry-standard technical and organisational safeguards, including:

  • TLS/HTTPS encryption for all data in transit
  • Bcrypt password hashing — we never store plain-text passwords
  • Encrypted session cookies with HTTPS-only flags
  • Role-based access controls — staff can only access data relevant to their role
  • Webhook signature verification for all payment gateway callbacks
  • Regular automated backups with offsite storage
  • Firewall rules and intrusion detection monitoring

No method of transmission over the Internet is 100% secure. If you suspect a security breach affecting your account, please contact us immediately at business@riskcape.com.

8. Your Rights

Under the Zambia Data Protection Act and applicable law, you have the right to:

Access

Request a copy of the personal data we hold about you.

Correction

Request correction of inaccurate or incomplete data.

Deletion

Request deletion of your data where we no longer have a legal reason to retain it.

Portability

Receive your data in a structured, machine-readable format.

Objection

Object to processing based on legitimate interests or for direct marketing.

Withdraw Consent

Withdraw consent at any time where processing is based on consent.

To exercise any of these rights, contact us at business@riskcape.com. We will respond within 30 days. You may also lodge a complaint with the Zambia Information & Communications Technology Authority (ZICTA), which oversees data protection compliance in Zambia.

9. Cookies & Tracking

We use cookies and similar technologies to operate the Service:

  • Essential cookies — session management and authentication. These are strictly necessary and cannot be disabled.
  • Preference cookies — remember your settings and language preferences.
  • Analytics cookies — understand how users interact with the platform so we can improve it. No personally identifiable information is shared with analytics providers.

You can control non-essential cookies through your browser settings. Disabling essential cookies will prevent you from logging in.

10. International Data Transfers

Some of our service providers (including payment processors and cloud hosting) may process data outside Zambia. Where such transfers occur, we ensure appropriate safeguards are in place — including contractual clauses and adequacy assessments — to protect your data to at least the same standard as required under Zambian law.

11. Children's Privacy

SmartGuard is a business-to-business platform intended for use by adults 18 years and older. We do not knowingly collect personal information from individuals under the age of 18. If you believe we have inadvertently collected such information, please contact us and we will delete it promptly.

12. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. When we make material changes, we will notify registered account holders by email and update the "Last updated" date at the top of this page. Your continued use of the Service after the effective date of any changes constitutes your acceptance of the updated policy.

13. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or how we handle your data, please contact our Data Protection Officer:

Data Protection Officer — Riskcape Enterprises

22 Njoka Road, Olympia, Lusaka, Zambia

Email: business@riskcape.com

Phone: +260 975 372 975 / +260 570 602 428