Privacy & Protection.

We process Personal Information for the following lawful purposes under POPIA:

• Investigation Services: To conduct investigations as requested by clients for lawful purposes including litigation support, fraud detection, and due diligence.
• Case Management: To manage investigation cases, track progress, and deliver results through the Secure Client Portal.
• Legal Compliance: To comply with PSIRA regulations, court orders, and other legal obligations.
• Security: To protect the security of our systems, clients, and investigation subjects.
• Communication: To communicate with clients about case updates, invoices, and service-related matters.
• Payment Processing: To process payments and issue invoices for services rendered.
• Quality Assurance: To improve our services through internal quality control and training.

We retain Personal Information only for as long as necessary for the purposes outlined above, unless required by law to retain it longer:

• Active Cases: Information related to active investigations is retained until case closure.
• Closed Cases: Case files are retained for 5 years after closure in accordance with PSIRA requirements.
• Legal Proceedings: Information may be retained longer if involved in ongoing legal proceedings.
• Financial Records: Financial records are retained for 7 years in accordance with tax regulations.
• Portal Accounts: Inactive portal accounts are deactivated after 12 months of inactivity.
• Secure Destruction: Upon retention expiry, data is securely deleted or anonymized in accordance with POPIA.

We may disclose Personal Information to third parties only in specific circumstances:

• Legal Authorities: When required by court order, subpoena, or other legal process.
• PSIRA: To the Private Security Industry Regulatory Authority for compliance purposes.
• Service Providers: To trusted third-party service providers (e.g., payment processors, IT services) under strict confidentiality agreements.
• Legal Counsel: To attorneys representing clients in legal proceedings.
• Law Enforcement: To law enforcement agencies when required by law or to prevent criminal activity.
• Subcontractors: To PSIRA-registered subcontractors assisting with investigations, bound by identical confidentiality obligations.
• No Sale of Data: We never sell Personal Information to third parties for marketing or commercial purposes.

We implement industrial-grade security measures to protect Personal Information:

In the event of a data breach, we follow POPIA notification requirements:

• Assessment: Immediate assessment of the breach scope and potential impact on data subjects.
• Containment: Immediate measures to contain the breach and prevent further data loss.
• Notification to IR: Notification to the Information Regulator within 72 hours of becoming aware of the breach.
• Notification to Data Subjects: Notification to affected data subjects if the breach poses a real risk of harm.
• Notification Content: Breach notifications include the nature of the breach, data compromised, and remediation steps.
• Documentation: Comprehensive documentation of the breach and response for regulatory compliance.

Under POPIA, you have the following rights regarding your Personal Information:

We use cookies and tracking technologies for the following purposes:

• Essential Cookies: Required for the Secure Client Portal to function properly (authentication, session management).
• Security Cookies: Used for CSRF protection and security validation.
• Analytics Cookies: Used to understand website usage and improve our services (anonymized data only).
• Preference Cookies: Remember your language and display preferences.

You can manage cookie preferences through your browser settings. Disabling essential cookies may affect portal functionality.

The Secure Client Portal implements additional security measures:

• Two-Factor Authentication (2FA): Optional 2FA using TOTP authenticator apps.
• Session Management: Automatic session timeout after 30 minutes of inactivity.
• Activity Logging: Comprehensive logging of all portal activities for audit purposes.
• Secure File Transfer: Encrypted file upload and download for evidence and reports.
• IP Restrictions: Optional IP whitelisting for corporate clients.
• Password Recovery: Secure password recovery with time-limited tokens.

Evidence collected during investigations receives special privacy protections:

• Chain of Custody: Strict chain-of-custody documentation for all evidence.
• Secure Storage: Physical evidence stored in access-controlled facilities; digital evidence in encrypted systems.
• Redaction: Sensitive information redacted from reports before sharing with third parties.
• Court Admissibility: Evidence handling procedures designed to ensure court admissibility.
• Subject Privacy: Investigation subjects' privacy protected unless disclosure is legally required.

Our approach to international data transfers:

• Primary Storage: All Personal Information is primarily stored within South Africa.
• Trans-Border Restrictions: We do not transfer data internationally unless essential for case performance.
• Equivalent Protection: International transfers only to jurisdictions with data protection laws equivalent to POPIA.
• Client Authorization: International transfers require explicit client authorization.
• Adequate Safeguards: Appropriate contractual and technical safeguards for any international transfers.

Our services are not directed to children under 18. We do not knowingly collect Personal Information from children. If we discover we have collected Personal Information from a child, we will take steps to delete it immediately. In investigations involving minors, we require parental or guardian consent where required by law.

We may update this Privacy Policy to reflect changes in our practices, legal requirements, or operational needs:

• Notice: Material changes will be communicated via email and portal notification 30 days prior to effectiveness.
• Legal Changes: Immediate changes may be made to comply with legal requirements without notice.
• Continued Use: Continued use of our services after amendments constitutes acceptance of the updated policy.
• Version History: Previous versions will be archived and available upon request.

For privacy inquiries, data access requests, or to report a security concern, please contact: