Exequtech Products & Services
Effective Date: 2 March 2026 | Last Updated: 2 March 2026
This Privacy Policy explains how Exequtech (“we”, “us”, or “our”) collects, uses, stores, shares, and protects your personal information when you use any of our products and services (collectively, “the Services”). The Services currently include:
We are committed to protecting your privacy and processing your personal information in accordance with the Protection of Personal Information Act, 2013 (Act No. 4 of 2013) (“POPIA”), the Electronic Communications and Transactions Act, 2002 (Act No. 25 of 2002) (“ECTA”), and all other applicable South African legislation.
By using our Services, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with the practices described herein, please discontinue use of the Services and contact your employer or our support team.
↑ Back to topIn terms of Section 18(b) of POPIA, the responsible party for the processing of your personal information is:
Responsible Party: Exequtech
Email: support@exequtech.com
All requests, enquiries, or complaints regarding the processing of your personal information may be directed to the contact details above. Our Information Officer is responsible for ensuring compliance with POPIA and for addressing any data subject requests.
↑ Back to topThe following terms, as used in this Policy, bear the meanings assigned to them under POPIA unless the context indicates otherwise:
Throughout this Policy, we refer to the following broad categories of personal information. These categories are used to describe what we collect, why, and how long we retain it:
| Category | Description |
|---|---|
| Identity Data | Name, username, unique user identifiers |
| Contact Data | Email addresses, phone numbers, physical addresses, site access instructions |
| Authentication Data | Credentials (email/password), PINs, access and refresh tokens, session identifiers, lockout information |
| Financial Data | Banking details, tax numbers, purchase records, invoices, quotations, billing records |
| Content Data | Job cards, work records, notes, photos, receipts, digital signatures, checklists, customer feedback, documents |
| Asset Data | Inventory items, SKUs, serial numbers, quantities, unit prices, categories |
| Device Data | Device model, operating system version, browser type and version, app version |
| Usage Data | Login timestamps, session activity, feature usage patterns |
| Location Data | GPS coordinates captured at specific events (e.g., job status changes); not continuous tracking |
| Profile Data | Roles, permissions, team assignments, user preferences |
| Technical Data | Server logs, IP addresses, API request metadata, error reports |
This Privacy Policy applies to all personal information processed through our Services, including data:
This Policy applies to all users of our Services, including field technicians, office administrators, managers, and any other persons authorised by their employer to access the Services. Where the Services display customer contact information as part of job card or business data, this Policy also covers the processing of that customer data within the Services.
Our Services are typically provided to users through their employer. Your employer may have separate privacy policies and data processing agreements with Exequtech that govern additional aspects of data processing. This Policy covers Exequtech’s responsibilities as the developer and operator of the Services.
In compliance with Section 18(a) of POPIA, the following describes the personal information we collect and process through our Services. The specific data collected depends on which Service you use and which features you access.
| Data Category | Mobile App | Web App |
|---|---|---|
| Identity Data | Yes | Yes |
| Contact Data | Yes (synced from cloud) | Yes (managed directly) |
| Authentication Data | Yes (email/password, PIN, tokens) | Yes (email/password, session cookies, tokens) |
| Financial Data | Purchases only | Yes (invoices, quotations, banking, tax) |
| Content Data | Yes (job cards, photos, signatures, checklists) | Yes (job cards, documents, reports) |
| Asset Data | Yes | Yes |
| Device Data | Yes (device model, OS, app version) | Yes (browser type and version) |
| Usage Data | Yes | Yes |
| Location Data | Yes (GPS on job status changes) | No |
| Profile Data | Yes | Yes |
| Technical Data | Yes (API metadata, error reports) | Yes (server logs, IP addresses) |
Not all data categories apply to every user. Where a feature requires additional personal information beyond what is described above, you will be informed at the point of collection and, where required by law, asked to provide your consent before that information is processed.
For clarity, our Services do not collect, access, or transmit the following:
In compliance with POPIA Section 13 (purpose specification), Section 11 (lawfulness of processing), and Section 18(c) and (f), the following table describes the purposes for which we process each data category and the legal basis on which we rely:
| Data Category | Purpose | Legal Basis |
|---|---|---|
| Identity Data | To identify you within the system, display your name to colleagues, and associate records with your account | Performance of a contract (s11(1)(b)) |
| Contact Data | To enable communication, navigation to job sites, and delivery of service-related notifications | Performance of a contract (s11(1)(b)) |
| Authentication Data | To verify your identity, secure your account, prevent unauthorised access, and manage sessions | Performance of a contract (s11(1)(b)); Legitimate interest (s11(1)(f)) for security measures |
| Financial Data | To process invoices and quotations, record purchases, manage billing, and support financial reporting | Performance of a contract (s11(1)(b)); Legal obligation (s11(1)(c)) for tax records |
| Content Data | To manage job assignments, document work performed, capture customer feedback and sign-off, and maintain service records | Performance of a contract (s11(1)(b)) |
| Asset Data | To track materials and parts used or reserved for jobs, manage inventory, and reconcile stock | Performance of a contract (s11(1)(b)) |
| Device Data | To diagnose platform-specific issues, monitor compatibility, and support debugging | Legitimate interest (s11(1)(f)) |
| Usage Data | To enforce idle timeouts and account lockout policies, and to monitor system health | Legitimate interest (s11(1)(f)) |
| Location Data | To record where job status changes occur for service verification, proof of attendance, and operational reporting | Consent (s11(1)(a)) via device permission; Legitimate interest (s11(1)(f)) |
| Profile Data | To manage roles and permissions, assign team members, and personalise the user experience | Performance of a contract (s11(1)(b)) |
| Technical Data | To maintain system security, debug errors, and monitor platform performance | Legitimate interest (s11(1)(f)) |
We process your personal information only for the purposes described above or for compatible purposes permitted by law. We do not sell your personal information to third parties. We may send you service-related communications; where these constitute direct marketing, we will provide an easy way to opt out.
You may withdraw consent at any time where processing is based on consent. For mobile device permissions (camera, location, gallery, notifications), you can withdraw consent by revoking the relevant permission in your device’s system settings. Withdrawal of consent does not affect the lawfulness of processing conducted prior to the withdrawal. See Section 13 for full details on exercising your rights.
↑ Back to topIn terms of POPIA Section 18(d) and (e), we disclose which information is mandatory and which is voluntary, along with the consequences of not providing it:
The following information is required for the Services to function:
The following information is optional. You may choose not to provide it, with the noted consequences:
In compliance with POPIA Section 72 and Section 18(g), we disclose that your personal information is transferred outside of the Republic of South Africa as follows:
Your personal information is primarily stored and processed within the EU/EEA via the Exequtech cloud platform. In the course of providing our Services, limited personal information may be transferred to other countries where our service providers operate. Where such transfers occur, we ensure appropriate safeguards under POPIA Section 72, including binding data processing agreements with contractual obligations substantially similar to POPIA’s conditions.
| Destination | Service Provider | Legal Basis (POPIA s72) |
|---|---|---|
| EU/EEA | Exequtech Cloud Platform (central server and data storage) | Adequate protection — GDPR (s72(1)(a)); performance of a contract (s72(1)(c)) |
| United States | Google / Firebase (analytics, crash reporting) | Binding agreement — Data Processing Agreement + Standard Contractual Clauses (s72(1)(a)) |
In terms of POPIA Section 14 (retention limitation), we retain your personal information only for as long as is necessary for the purpose for which it was collected, or as required by law:
| Data Category | Retention Period | Deletion Trigger |
|---|---|---|
| Authentication Data | Tokens: short-lived with automatic refresh or until logout; PINs: until changed or account removal | Automatic expiry, logout, or account deprovisioning |
| Identity & Profile Data | Duration of account existence | Account deprovisioning by employer |
| Content Data | Active records: while in use; completed records: per employer retention policy | Employer-initiated deletion or data subject request |
| Financial Data | As required by South African tax and financial legislation (typically 5–7 years) | Expiry of legal retention period |
| Location Data | Retained as part of job event records; follows Content Data retention | Same as Content Data |
| Asset Data | Duration of business use; follows employer retention policy | Employer-initiated deletion |
| Device, Usage & Technical Data | Server logs retained for up to 90 days for debugging and security monitoring | Automatic rotation and deletion |
| Contact Data | Duration of business relationship | Account deprovisioning or data subject request |
When data is no longer required, it is deleted or anonymised. On the mobile app, local data is removed when the app is uninstalled or when the local database is cleared. You or your employer may request deletion of cloud-stored data as described in Section 13.
We may retain anonymised or aggregated data — from which no individual can be identified — indefinitely for business analysis, service improvement, and reporting purposes. Such data is no longer personal information as defined by POPIA and is not subject to the retention limitations above.
↑ Back to topIn compliance with POPIA Condition 7 (Security Safeguards), we implement appropriate technical and organisational measures to protect your personal information against loss, damage, unauthorised access, or unlawful processing:
In the event of a security compromise involving your personal information, we will notify the Information Regulator and affected data subjects as required by POPIA Section 22, and take immediate steps to contain the breach and mitigate harm.
You are responsible for keeping your login credentials, PIN, and any other authentication information confidential. You should not share your account credentials with any other person. If you believe your credentials have been compromised, you should change your password immediately and contact your employer or our support team at support@exequtech.com.
We regularly review and update our security practices to reflect current industry standards and evolving threats. Specific technical details regarding our security measures are available on request by contacting support@exequtech.com.
↑ Back to topUnder POPIA Section 5 and Condition 8, and in compliance with Section 18(h)(iii)–(v), you have the following rights regarding your personal information:
You have the right to request confirmation of whether we hold personal information about you, and to request a copy of that information. We will respond to access requests within a reasonable time, and no later than the timeframes prescribed by POPIA.
You have the right to request that we correct or update personal information about you that is inaccurate, misleading, or incomplete. Certain information (such as your user profile) may be managed by your employer through the cloud platform; corrections to employer-managed data should be directed to your employer.
You have the right to request the deletion or destruction of personal information that we are no longer authorised to retain, or that is no longer necessary for the purpose for which it was collected. Note that we may be required to retain certain records for legal or contractual compliance.
You have the right to object, on reasonable grounds relating to your particular situation, to the processing of your personal information. We will cease processing unless we can demonstrate compelling legitimate grounds that override your interests.
Where processing is based on your consent, you may withdraw consent at any time. For mobile device permissions (camera, location, gallery, notifications), you can withdraw consent by revoking the relevant permission in your device’s system settings. Withdrawal of consent does not affect the lawfulness of processing conducted prior to the withdrawal.
Upon request, we can provide you or your employer with an export of your personal information in a commonly used, machine-readable format. To request a data export, please contact us at support@exequtech.com.
You have the right to lodge a complaint with the Information Regulator if you believe that your personal information has been processed in violation of POPIA. See Section 21 for the Information Regulator’s contact details.
To exercise any of the rights described above, please contact us at support@exequtech.com. We may need to verify your identity before processing your request. We will respond within a reasonable period, and in any event within the timeframes required by POPIA.
↑ Back to topOur Services are workplace tools intended for use by employed or contracted personnel. They are not directed at, designed for, or intended for use by children under the age of 18. We do not knowingly collect personal information from children.
If we become aware that we have inadvertently collected personal information from a person under 18, we will take steps to delete such information promptly. If you believe a child has provided personal information through our Services, please contact us immediately at support@exequtech.com.
↑ Back to topOur Services may use automated tools to assist with operational functions such as scheduling or workload management. All final decisions with legal or similarly significant effects are made by human operators—you, your employer, or your team.
↑ Back to topWe may update this Privacy Policy from time to time to reflect changes in our practices, the functionality of our Services, or applicable law. When we make material changes:
We encourage you to review this Privacy Policy periodically. Your continued use of our Services after any changes constitutes your acceptance of the updated policy.
↑ Back to topOur Services may contain links to, or integrations with, third-party websites, applications, or services that are not operated by Exequtech. If you follow a link to any third-party service, please note that the third party has its own privacy policy and practices.
We have no control over, and assume no responsibility for, the content, privacy policies, or practices of any third-party websites or services. We encourage you to read the privacy policy of every website or service you visit or use.
↑ Back to topIn the event that Exequtech is involved in a merger, acquisition, reorganisation, sale of assets, or similar business transaction, your personal information may be transferred as part of that transaction. In such circumstances:
Our Services are provided “as is” and “as available” without warranties of any kind, whether express or implied, to the fullest extent permitted by applicable South African law, including the Consumer Protection Act, 2008 (Act No. 68 of 2008) (“CPA”). We do not warrant that the Services will be uninterrupted, error-free, or free of harmful components.
To the maximum extent permitted by law, Exequtech shall not be liable for any indirect, incidental, special, consequential, or punitive damages arising out of or related to your use of the Services, including but not limited to loss of data, loss of profits, or business interruption.
Nothing in this section excludes or limits liability for:
You agree to indemnify and hold harmless Exequtech, its directors, employees, and agents from and against any claims, damages, losses, or expenses (including reasonable legal fees) arising from your misuse of the Services or violation of this Privacy Policy, to the extent permitted by applicable law.
↑ Back to topThis Privacy Policy shall be governed by and construed in accordance with the laws of the Republic of South Africa, including POPIA, ECTA, and the CPA where applicable.
Any dispute arising out of or in connection with this Privacy Policy shall be subject to the exclusive jurisdiction of the courts of the Republic of South Africa.
↑ Back to topIf you are dissatisfied with our handling of your personal information, you have the right to lodge a complaint with South Africa’s Information Regulator:
The Information Regulator (South Africa)
Physical Address: Woodmead North Office Park, 54 Maxwell Drive, Woodmead, Johannesburg
Postal Address: P.O. Box 31533, Braamfontein, Johannesburg, 2017
Telephone: 010 023 5200
General Enquiries: enquiries@inforegulator.org.za
POPIA Complaints: POPIAComplaints@inforegulator.org.za
If you have any questions, concerns, or requests regarding this Privacy Policy or our processing of your personal information, please contact us:
Exequtech
Email: support@exequtech.com
We will endeavour to respond to all enquiries within a reasonable timeframe.
↑ Back to top