Skip to main content
EvTrack
Compliance & Data Protection

Built to help your organisation comply

EvTrack supports POPIA, GDPR, and CCPA. We do not sell personal information. Full documentation is available at docs.evtrack.com

Privacy Policy ↓ GDPR ↓ POPIA ↓ Data Security ↓ FAQ ↓

Legal

Privacy Policy

Our Privacy Policy describes how EvTrack (Pty) Ltd collects, uses, stores and discloses personal information for those who use our services or interact with our platform.

Read our Privacy Policy →

European Union

General Data Protection Regulation (GDPR)

EvTrack operates in accordance with the GDPR. We collect only the personal data your organisation defines as mandatory, mask PII in event logs by default, and a Data Processing Agreement (DPA) is available on request.

description

DPA available

On request · legal@evtrack.com

verified_user

Data subject rights

Access · rectification · erasure · portability

Read our full GDPR documentation →

South Africa

Protection of Personal Information Act (POPIA)

POPIA applies to every visitor record your organisation captures. EvTrack acts as an Operator on your behalf — your organisation is the Responsible Party. We support consent capture, configurable data retention, and data subject rights.

schedule

Default data retention

365 days · configurable per site

task_alt

Consent

Digital consent captured at every check-in

Read our full POPIA documentation →

Infrastructure

Data Security & Hosting

Hosted on Amazon AWS with an on-premise option for strict data residency requirements. All data encrypted in transit and at rest.

lock

AES-256 at rest

https

FIPS-140-2 in transit

HTTPS / TLS

dns

Cloud or on-premise

Your choice of deployment

Read our full security documentation →

Common questions

Is EvTrack POPIA compliant?

EvTrack is built to enable POPIA compliance. We act as an Operator on behalf of your organisation, which remains the Responsible Party.

Full details →

Where is visitor data stored?

Amazon AWS by default. On-premise available for strict data residency requirements.

Full details →

How long is visitor data kept?

365 days by default, configurable per site.

Full details →

Can visitors request deletion of their data?

Yes — email legal@evtrack.com. Requests processed within 30 days.

Full details →

Is a Data Processing Agreement available?

Yes — email legal@evtrack.com to request a DPA.

Full details →

Does EvTrack sell personal information?

No. EvTrack does not sell personal information under any circumstances.

Full details →

Ready to Streamline Your Visitor Management?

Join hundreds of organisations worldwide using EvTrack for secure, seamless access control.

Book a Demo View All Features