Privacy Policy

1.Information We Collect

Account Information

• Name, email address, company name, and role when you register or are added as a user.
• Login credentials (passwords are stored as irreversible hashes — we never store plaintext passwords).

Business Data

• Product catalogues, stock levels, warehouse locations, supplier and customer records, orders, invoices, and other operational data you enter into the Service.

Usage Data

• Audit logs recording which user performed which action and when.
• Session information (IP address, browser type) for security purposes.

2.How We Use Your Information

• Provide the Service — to operate, maintain, and improve the warehouse management features you use.
• Authentication & Security — to verify your identity and protect your account.
• Audit & Compliance — to maintain an audit trail required for internal governance.
• Communication — to send service-related notices, support responses, and (with your consent) product updates.
• Legal Obligations — to comply with applicable laws, regulations, or legal processes.

3.Multi-Tenant Data Isolation

VasKem is a multi-tenant application. Each organisation's data is logically isolated at the database level using tenant identifiers. No user from one tenant can access another tenant's data. Global query filters enforce this isolation across every database operation.

4.Data Sharing & Third Parties

We do not sell your personal information or business data. We may share information only in these circumstances:

• Service providers — hosting and infrastructure providers that process data on our behalf under strict confidentiality agreements.
• Legal requirements — when required by law, court order, or government request.
• Business transfer — in the event of a merger, acquisition, or asset sale, your data may be transferred as part of that transaction.

5.Data Security

• HTTPS encryption for all data in transit.
• Password hashing using industry-standard algorithms.
• Data protection key management for session tokens.
• Role-based access control limiting what each user can view and modify.
• Regular database backups with restoration capability.

While we implement commercially reasonable security measures, no system is completely immune to threats. We encourage you to use strong passwords and report any suspected security issues immediately.

6.Data Retention

1. We retain your Data for as long as your Subscription is active.
2. Upon cancellation, you may request an export of your Data within 30 days.
3. After 30 days, Data may be permanently deleted from our systems and backups.
4. Audit logs may be retained for a longer period for legal compliance.

7.Your Rights

Under POPIA and applicable legislation, you have the right to:

• Access — request a copy of the personal information we hold about you.
• Correction — request correction of inaccurate or incomplete information.
• Deletion — request deletion of your personal information, subject to legal retention obligations.
• Object — object to processing of your personal information for direct marketing purposes.
• Data portability — request your Data in a machine-readable format (CSV export is available within the Service).

To exercise any of these rights, contact us on WhatsApp at +27 81 438 8821.

8.Cookies

The Service uses essential cookies for authentication and session management only. We do not use advertising or analytics tracking cookies. No third-party tracking scripts are loaded.

9.Children's Privacy

The Service is not directed at individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have collected data from a child, we will delete it promptly.

10.Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via the Service or by email. The "Last updated" date at the top indicates when the latest revision was published.

11.Contact

For any questions regarding this Privacy Policy or to exercise your data rights, please contact: