Privacy Policy
Last updated: 20 Apr 2026
This policy explains what data we collect, why we need it, and how we protect it. We've tried to keep it readable — no walls of legal jargon.
The short version: We collect only what we need to run batapp. We don't sell your data. You own your data and can delete it anytime.
By using batapp, you also agree to our Terms & Conditions.
Who we are
batapp is provided by Albertec IT Solutions CC (Reg No: 2008/017765/23), a South African company.
- Information Officer: Theuns Alberts
- Email: support@batapp.co.za
- Website: https://batapp.co.za
We're the "responsible party" under POPIA (South Africa's data protection law).
What we collect and why
Information you give us
| What | Why we need it |
|---|---|
| Name & email | To create your account and contact you about your service |
| Password | To secure your account (we store it encrypted, never in plain text) |
| Company details | To set up your organisation in batapp |
Your asset data
Everything you add to batapp — assets, categories, locations, custom fields, check-out records — belongs to you. We store it to provide the service.
Photos you upload
When you attach photos to assets, we store them in cloud storage. Photos are linked to your organisation and deleted when you delete the asset or your account.
Location data (mobile app)
If you enable GPS on the mobile app:
- We capture coordinates when you tag an asset's location
- We use this for the "locate asset" feature and address lookup
- You can disable this in your device settings anytime
We don't track your location in the background — only when you explicitly capture an asset location.
Barcode & camera access
The mobile app uses your camera to:
- Scan barcodes and QR codes for quick asset lookup
- Take photos of assets
We don't access your camera roll or other photos — only what you explicitly capture in the app.
Payment information
When you subscribe to a paid plan:
| What | How it's handled |
|---|---|
| Card details | Processed by our PCI-DSS compliant payment provider — we never see or store your full card number |
| Billing name & address | Stored for invoicing and tax purposes |
| Transaction history | We keep records of payments for accounting |
| Payment method tokens | Stored securely to process recurring payments |
We do not:
- Store your full card number, CVV, or PIN
- Have access to your banking credentials
- Share payment data with anyone except our payment processor
Our payment processor is certified to the highest security standards (PCI-DSS Level 1) and handles all sensitive card data directly.
Automatic technical data
We automatically collect:
- Usage data: Which features you use, how often, error logs
- Device info: Browser type, operating system, screen size
- Mobile specifics: App version, device ID, push notification tokens
This helps us fix bugs, improve the app, and provide support.
How we use your data
We use your information to:
- Run batapp — deliver features, sync data between devices, process your requests
- Provide support — respond when you contact us, troubleshoot issues
- Improve the service — understand usage patterns, fix bugs, develop new features
- Keep things secure — detect fraud, prevent unauthorized access
- Send important updates — service changes, maintenance notices, security alerts
- Marketing — only with your consent, and you can opt out anytime
We process your data based on:
- Contract: We need it to provide the service you signed up for
- Consent: Where you've specifically agreed (like marketing emails)
- Legitimate interest: For security, fraud prevention, and improving the service
- Legal obligation: Where the law requires it
Who can see your data
Within your organisation
batapp has role-based access. What people see depends on their role:
| Role | What they can see |
|---|---|
| Viewer | Read-only access to assets |
| Scanner | View assets + scan barcodes |
| Editor | Add, edit, and manage assets |
| Admin | Everything + organisation management + user management |
| Support | Full but typically temporary access for troubleshooting |
Admins in your organisation control who has access. We don't share data between different organisations.
Check-out records
When assets are checked out/in, we record who, when, and any notes. This is visible to users with appropriate access in your organisation.
Third-party services
We use trusted services to run batapp:
- Cloud hosting & storage — for your data and photos
- Email delivery — for notifications and support
- Analytics — to understand how the app is used
- Payment processing — for subscriptions (PCI-DSS Level 1 certified)
Our payment processor receives only what's needed to process your payment: card details, billing address, and transaction amount. They may use this data for fraud prevention as required by card networks.
These providers only access what they need to provide their service. We don't sell or rent your data to anyone.
Legal requirements
We may share data if required by law, court order, or to protect our legal rights. We'll notify you if legally permitted.
Where your data lives
Your data may be processed outside South Africa (for cloud hosting and services). When this happens, we ensure appropriate protections are in place — either the destination has adequate data protection laws, or we have contractual safeguards.
How we protect your data
- Encryption: All data is encrypted in transit and server-side data at rest
- Access controls: Staff access is limited and logged
- Secure authentication: We use industry-standard security practices
- Regular monitoring: We watch for suspicious activity
No system is 100% secure, but we take reasonable precautions to protect your information.
How long we keep your data
| Data type | Retention period |
|---|---|
| Account data | While you're subscribed + 30 days after cancellation |
| Asset data & photos | While your account is active + 30 days after cancellation (so you can export) |
| Audit trail (asset history, check-outs) | 7 years (for compliance) |
| Payment & billing records | 5 years (required by tax law) |
| Support messages | 3 years from last contact |
| Usage analytics | 2 years |
| Security logs | 1 year |
After organisation deletion: Admins have 30 days to export data before it's permanently deleted. Audit trails and financial records are retained longer for compliance — see details below.
Your rights
Under POPIA (and GDPR if you're in Europe), you have the right to:
- Access — request a copy of your data
- Correction — fix inaccurate information
- Deletion — have your data removed
- Object — stop certain processing (like marketing)
- Portability — get your data in a usable format
- Complain — lodge a complaint with the Information Regulator
How to delete your account
You can delete your own account directly from the app:
- Go to Profile settings
- Select Delete account
- Confirm the action — this is permanent
Alternatively, email support@batapp.co.za with subject "Account Deletion Request" and include your name and account email.
When your account is deleted:
- Your login credentials are removed (you can no longer access the service)
- Your organisation memberships are removed
- Your personal asset data and photos are deleted
The following is retained:
- User profile record — retained for audit trail integrity (see below)
- Audit trail records (7 years — for compliance)
- Security logs (1 year — for security purposes)
Audit trail retention
batapp is an asset management system. Records of who authorised asset movements, disposals, and write-offs form part of your organisation's compliance and accountability trail.
We retain your user profile record (name, email) after account deletion to preserve the integrity of these audit records — so that historical records continue to show who performed each action. This is a legitimate interest under Art. 17(3) of GDPR and equivalent POPIA provisions. Your access credentials are removed, so you cannot log in.
If you formally invoke your right to erasure and wish your profile record removed from audit history, contact us at support@batapp.co.za. We will consider each request on its merits, weighing your rights against the legitimate interests of the organisations whose records reference your actions.
Organisation deletion
When an organisation admin deletes the entire organisation:
- All asset data, photos, locations, and configuration are permanently deleted
- All member accounts are removed from the organisation
- You have 30 days to export your data before deletion completes
The following is retained after organisation deletion:
- Audit trail records (7 years — for compliance, anonymised)
- Transaction & billing records (5 years — required by tax law)
- Security logs (1 year — for security purposes)
Deleting specific data
Want to delete specific data without closing your account? Email us at support@batapp.co.za with subject "Partial Data Deletion Request" and describe what you'd like removed.
Making a request
For any data request, email support@batapp.co.za. We'll respond within 30 days.
Cookies
On the web app
We use cookies for:
- Essential functions — keeping you logged in, remembering preferences
- Analytics — understanding how the app is used
You can control cookies through your browser settings.
On the mobile app
We use:
- App analytics to improve performance
- Crash reporting to fix bugs
- Push notification tokens for alerts
Control these through your device's privacy settings.
Mobile app permissions
| Permission | Why we ask |
|---|---|
| Camera | To scan barcodes and take asset photos |
| Storage | To save photos locally before upload |
| Location | For GPS asset tracking (optional) |
| Notifications | To send important updates |
You can revoke any permission in your device settings. Some features won't work without their required permissions.
Offline mode and sync
When you work offline:
- Data is stored locally on your device
- It syncs automatically when you reconnect
- Local data has the same security protections
Conflict resolution: If you and another user edit the same asset while offline, the most recent change wins (last-write-wins). When this happens, you'll see a notification showing what changed and who made the change. You can review conflicts and re-apply your changes if needed.
Children
batapp is for business use. We don't knowingly collect data from anyone under 18. If we discover we have, we'll delete it immediately.
Beta testing
batapp is currently in beta. During this phase, we may collect additional diagnostic data to improve the service. Your participation is voluntary.
Changes to this policy
We'll update this policy when our practices change. For significant changes:
- We'll email you
- We'll note the change on our website
- Continued use means you accept the changes
Questions or complaints
Contact us:
- Email: support@batapp.co.za
- Information Officer: Theuns Alberts
Information Regulator South Africa:
- Website: https://inforegulator.org.za
- Email: complaints.ir@justice.gov.za