This privacy notice advises you of the personal information we collect from you when you use our website or make use of our various cloud-based systems. In collecting any personal information, we are acting as a Responsible Party and, by law, we are required to provide you with information about us, about why and how we use your data, and about the rights you have over your data. 

Who are we? 

We are a software development company, namely Appnostic (Pty) Ltd. Our official physical address is First Floor, Ivory Tusk Office Block, 75 Douglas Street, Aqua Park, Tzaneen, 0850.

You can contact us by email at: dio@appnostic.co.za

Version 1.1. Updated: July, 30th 2021

How we use your information 

The privacy of your data is very important to us. This document explains how your data is stored, where it is stored and whether it is stored securely.

SECURITY INFRASTRUCTURE

Customer Data is stored and processed in the following data centres with appropriate physical, technological, and administrative controls enacted to ensure appropriate access of Customer Data.

Entity NameActivityLocationLinks
SteadFast NetworksData Center ColocationChicago, IL, United StatesSecurity and certifications

DATA ENCRYPTION

Appnostic encrypts data over the wire via 256-bit (SHA2) TLS certificate, TLS 1.0, 1.1 and 1.2. Database is encrypted via AES256. File attachments are also encrypted via AES256.

DATA BACKUPS AND DISASTER RECOVERY

Data is automatically backed up on an hourly basis. Since the data in the database is encrypted, backups are also encrypted. Backup files and server logs are copied to a secure disaster recovery facility where they are kept for 6 months before being permanently deleted. We do not utilize any type of removable media for backup storage, all backup files are stored on secure servers.

PERSONNEL ACCESS

A small team of Appnostic operations staff have administrative access to the infrastructure where databases are hosted.  Additionally, Appnostic developers occasionally require a read-only access to the database metadata to deal with troubleshooting. The support staff of Appnostic do not have access to customer databases unless they are invited or authorized by a customer. 

All Appnostic staff sign confidentiality agreements before gaining access to the code and data. All Appnostic staff are trained and made aware of security concerns and best practices. Remote access to servers is established via company VPN and limited to operators who need access for their day-to-day tasks. All access events are logged for all accounts by IP address.

INCIDENT RESPONSE

Once the Appnostic becomes aware of any suspected or confirmed data breach, Appnostic will notify all affected customers via e-mail within 72 hours.

PRIVACY

PERSONALLY IDENTIFIABLE INFORMATION

When a user registers a new account with Appnostic, the system asks for first and last name, e-mail address, password, locale and time zone information. The provision of your name helps to personalise your experience. E-mail address is used as a unique user identifier and for communication with the user. Locale and time zone information is used by the system to present numbers and dates in an appropriate format.

Due to various data integrity constraints, user accounts cannot be deleted, but it can be cleared from any personally identifiable information upon request directed in writing to the respective Appnostic administrator.

SHARING PERSONALLY IDENTIFIABLE INFORMATION

We undertake to never pass your personal information to third parties and we will use your name in marketing statements without prior permission. However, name and e-mail address may be copied into, and securely stored in other systems owned and operated by Appnostic – CRM support portal and internal billing system. Both systems are covered by the Appnostic Security and Privacy Policy.

COOKIES

Appnostic uses cookies on our website for authentication, keeping certain user preferences and tracking user movements around this website as well as on our Software. No cookies, however, contain personally identifiable information.

LAW ENFORCEMENT

Appnostic will not hand your data over to law enforcement unless requested by a court order. We will reject data requests from local and national law enforcement without a court order. And, unless we are legally prevented from it, we will always inform you when we receive such requests.

DATA RETENTION/DELETION

Customers are responsible for understanding and implementing their data retention and deletion requirements related to the data they upload to their database. Customers may delete their data at any time and primary instances of their data in production systems will be erased immediately, however, since our backups are kept for 6 months, it may take up to 6 months for their data to be completely purged from our backup systems after having been deleted from the apps.

DELETED RECORDS

Deleted records are moved to the Recycle Bin of each database, it is stored for 30 days and then purged automatically. Database administrator can purge records from Recycle Bin manually at any time.

EXPIRED DATABASES

A database is considered ‘expired’ when either its trial period ends, or a database subscription is cancelled. Appnostic blocks access to expired databases. Expired paid databases are securely kept in locked stage until being deleted by a database owner or administrator. Expired trial databases are deleted automatically within 90 days after expiration. Database administrators are provided with all the means to delete a database at any time, before or after its expiration.

DELETED DATABASES

Databases that are deleted by their owners or administrators will disappear from the reach of users immediately and will be physically deleted from the global database within 30 days.

BACKUPS

All types of data deleted from online databases (from individual records to whole databases) will reside in system backups for 6 months. It will not be restored back to production systems, except in certain rare instances such as the need to recover from a natural disaster or serious security breach. In such cases, some of deleted data instances may be restored from backups, but Appnostic will immediately take all necessary steps to honour the initial request to delete and erase the primary instance of the data again.

MISCELLANEOUS

INTELLECTUAL PROPERTY

Database data of Appnostic customers is the property of the data subjects. The structure and workflow configuration are considered by Appnostic as the intellectual property of Appnostic. Appnostic is committed to protect the intellectual property of their customers and will never share it with other customers.

Your rights as a data subject 

By law, data subjects may make an enquiry, directed to Appnostic about what information Appnostic holds about that data subject, and Appnostic may be request that personal information be corrected, if it is inaccurate. Any consent to Appnostic to process personal information may be withdrawn by following Appnostic processes in this regard. 

If we are processing your personal information for reasons of consent or to fulfil a contract, you may request Appnostic to provide you with a copy of the information in a machine-readable format.

If we are processing your personal information for reasons of consent or legitimate interest, you can request that your data be erased.

You have the right to request for Appnostic to stop using your information if you believe we are not doing so lawfully. 

To submit a request regarding your personal data, please use the contact information provided above in the Who Are We section of this policy.

Your right to complain 

If you have a complaint about our use of your personal information, we request you to raise the matter with us in the first instance, to give us the opportunity to correct the matter, but you may also contact the Information Regulator’s Office via their website at www.justice.gov.za/inforeg/contact.html  by email at inforeg@justice.gov.za or write to them at: 

The Information Regulator (South Africa) 

JD House

27 Stiemens Street

Braamfontein

Johannesburg

2001 

Updates to this privacy policy 

We regularly review and, if appropriate, update this privacy policy from time to time, and as our services and use of personal information evolve. If we want to make use of your personal information in a way that we have not previously identified, we will contact you to provide information about this and, if necessary, to request your consent. 

We will update the version number and date of this document each time it is changed.