QuipGuide Privacy Policy

Last Updated: February 9, 2026

Effective Date: February 9, 2026

Welcome to QuipGuide, an industrial technician assistant platform. We are committed to protecting your personal information and your right to privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application and web dashboard in compliance with South Africa's Protection of Personal Information Act (POPIA, Act 4 of 2013).

            Important: By using QuipGuide, you agree to the collection and use of information in accordance
            with this Privacy Policy. If you do not agree with our policies and practices, please do not use our services.
        

1. Information We Collect

1.1 Personal Information You Provide

When you create an account and use QuipGuide, we collect the following personal information:

Account Information: Name, email address, employee ID, company name, job role
Profile Information: User preferences, assigned equipment/facilities, role permissions
Contact Information: Phone number (optional), emergency contact details

1.2 Usage and Activity Data

As you interact with QuipGuide, we automatically collect:

Equipment Maintenance Logs: Event descriptions, fault codes, severity classifications, timestamps
Media Content: Photos and images of equipment, parts, or maintenance issues you upload
Voice Recordings: Audio notes recorded during maintenance activities (when using voice features)
AI Chat Conversations: Questions, responses, and context related to equipment assistance
QR Code Scans: Equipment scanned, scan timestamps
Task Activity: Task assignments, completion status, checklist progress
Document Access: Documents viewed, downloaded, or uploaded

1.3 Automatically Collected Information

Device Information: Device type, operating system version, unique device identifiers, mobile network information
Location Data: Your location when optionally documenting lockout/tagout procedures for safety compliance (only when permission granted)
Usage Analytics: App features used, session duration, navigation patterns, crash reports
Log Data: IP address, access times, pages viewed, app version

2. Legal Basis for Processing (POPIA Compliance)

We process your personal information based on the following lawful grounds under POPIA:

Processing Activity	Legal Basis
Account creation and authentication	Consent & Contractual necessity
Equipment maintenance logging	Legitimate interest (workplace safety) & Legal obligation (OHSA compliance)
AI assistance and chat processing	Consent & Contractual necessity
Photos and voice recordings	Explicit consent
Analytics and service improvement	Legitimate interest
Safety incident reporting	Legal obligation (OHSA) & Legitimate interest

3. How We Use Your Information

We use your personal information for the following purposes:

3.1 Core Service Delivery

Provide AI-powered maintenance assistance specific to your equipment
Enable QR code-based equipment identification and access
Facilitate task assignment and completion tracking
Store and retrieve equipment maintenance history
Enable document access for procedures and manuals

3.2 Safety and Compliance

Maintain 7-year maintenance logs as required by industrial standards (OHSA, SANS)
Track safety incidents and corrective actions
Provide audit trails for compliance verification
Optionally document lockout/tagout locations for safety compliance records

3.3 Service Improvement

Analyze usage patterns to improve AI assistance quality
Identify and fix technical issues
Develop new features based on user needs
Optimize app performance and user experience

3.4 Communication

Send push notifications for task assignments and urgent alerts
Provide system updates and maintenance notifications
Respond to support requests and inquiries

4. Data Sharing and Third-Party Service Providers

We share your information with trusted third-party service providers who assist us in operating QuipGuide. All service providers are contractually bound to protect your data and comply with POPIA requirements.

Important: AI Assistant Data Sharing

QuipGuide's AI Assistant uses OpenRouter, a third-party artificial intelligence service.

What Data is Sent to OpenRouter:

Your questions and chat messages
Equipment context (equipment names, specifications, maintenance history, fault codes)
Conversation history from your current chat session
Relevant documentation excerpts from your organization's uploaded manuals

What We Do NOT Share with OpenRouter:

Your name, email address, or phone number
Employee ID or personal identifiers
Your company's name or enterprise ID
Photos or voice recordings (only text is sent)

How OpenRouter Uses Your Data:

OpenRouter processes your questions to generate AI responses for technical support. The data is used solely for providing AI-powered maintenance assistance. OpenRouter's privacy policy is available at https://openrouter.ai/privacy.

Your Consent is Required:

Before using the AI Assistant for the first time, you will be asked to provide explicit consent to share this data with OpenRouter. You can decline AI features and continue using all other QuipGuide features without limitation. To revoke consent, visit your profile settings in the mobile app or contact your organization's administrator.

4.1 Service Providers We Use

Service Provider	Purpose	Data Shared	Location
Firebase (Google Cloud)	Database, authentication, file storage, cloud functions	All user data	Africa-South1 (South Africa)
OpenRouter	AI language model processing for chat assistance	Chat messages, equipment context (no personal identifiers)	United States
Pinecone	Semantic search for equipment documents	Document content embeddings (no personal identifiers)	United States
Google Cloud Vision	Image analysis for part recognition	Equipment photos (no faces or personal info)	United States

4.2 What We DO NOT Do

We do not sell your personal information to third parties
We do not share data with advertisers or marketing companies
We do not use your data for purposes unrelated to maintenance assistance
We do not allow third-party tracking for advertising

4.3 Within Your Organization

Your data is accessible to:

Supervisors and administrators within your company (role-based access)
Technicians assigned to the same equipment or facility
Users with appropriate permissions based on organizational hierarchy

5. Data Storage, Security, and Retention

5.1 Where We Store Your Data

Primary Storage: Firebase Cloud Firestore and Cloud Storage in the africa-south1 region (Johannesburg, South Africa)
Backups: Automated daily backups stored in Firebase's redundant infrastructure
Processing: Some AI processing occurs in US-based servers (OpenRouter, Pinecone) with appropriate safeguards

5.2 Security Measures

We implement comprehensive security measures to protect your personal information:

Encryption: All data encrypted in transit (TLS 1.3) and at rest (AES-256)
Authentication: Firebase Authentication with secure password hashing
Access Controls: Role-based permissions and multi-tenant data isolation
Firestore Security Rules: Server-side rules prevent unauthorized data access
Storage Security: File upload validation, size limits, MIME type restrictions
Audit Logging: All data access logged for security monitoring
Regular Security Audits: Periodic review of security controls and vulnerabilities

5.3 Data Retention Periods

Data Type	Retention Period	Reason
User account information	Active employment + 7 years after termination	Industrial compliance and audit requirements
Equipment maintenance logs	7 years from event date	OHSA and SANS industrial record-keeping standards
Photos and documents	7 years (linked to equipment records)	Compliance and safety documentation
AI chat sessions	24 hours (automatic deletion)	Privacy by design - temporary context only
Analytics data	Indefinite (aggregated, anonymized)	Service improvement (no personal identifiers)
Audit logs	3 years	Security monitoring and compliance

6. Your Rights Under POPIA

As a South African data subject, you have the following rights under POPIA:

6.1 Right to Access

You have the right to request access to your personal information we hold. You can:

View your profile information in the app settings
Export your maintenance logs and activity history
Request a complete data export by contacting us

6.2 Right to Correction

You have the right to correct inaccurate or incomplete personal information:

Update your profile information directly in the app
Request correction of maintenance logs or records
Contact us to update information you cannot modify yourself

6.3 Right to Deletion (Right to be Forgotten)

You have the right to request deletion of your personal information, subject to legal retention requirements:

Request account deletion through app settings or by contacting us
Note: Some data (maintenance logs) must be retained for 7 years for legal compliance
We will anonymize your personal identifiers while retaining required records

6.4 Right to Object and Restrict Processing

Opt-out of non-essential data processing (e.g., analytics)
Restrict processing of specific data types
Withdraw consent for processing based on consent

6.5 Right to Data Portability

Request a machine-readable export of your personal data
Transfer your data to another service provider (where technically feasible)

6.6 How to Exercise Your Rights

To exercise any of these rights, please contact us at:

Email: [email protected]
Subject Line: "POPIA Data Subject Request"
Response Time: We will respond within 30 days

7. International Data Transfers

While our primary data storage is in South Africa (africa-south1 region), some service providers process data outside South Africa:

7.1 Cross-Border Transfer Safeguards

Data Processing Agreements: Contractual commitments from all service providers to comply with POPIA standards
Standard Contractual Clauses: Use of EU-approved transfer mechanisms (POPIA recognizes these as adequate safeguards)
Data Minimization: Only necessary data transferred to international processors
Encryption: All data encrypted in transit and at rest
Anonymization: Personal identifiers removed where possible (e.g., Pinecone receives document content without user identifiers)

7.2 Service Providers Located Outside South Africa

OpenRouter (United States): AI language model processing - chat content with equipment context
Pinecone (United States): Vector database for semantic search - document embeddings without personal identifiers
Google Cloud Vision (United States): Image analysis - equipment photos without personal information

All international transfers comply with POPIA Section 72 requirements for cross-border data flows.

8. Cookies and Tracking Technologies

8.1 Mobile Application

Our mobile app does not use cookies. We use:

Local Storage: AsyncStorage for offline caching and app preferences (stored on your device only)
Firebase Authentication Tokens: Secure session management
Analytics SDKs: Firebase Analytics for app usage metrics (anonymized)

8.2 Web Dashboard

Our web dashboard uses the following cookies:

Essential Cookies: Required for authentication and security (cannot be disabled)
Functional Cookies: Remember your preferences and settings
Analytics Cookies: Help us understand how you use the platform (anonymized)

We do not use advertising or third-party tracking cookies.

9. Data Breach Notification

In the unlikely event of a data breach that compromises your personal information, we will:

9.1 Notification to Regulator

Notify the Information Regulator (South Africa) within 72 hours of discovering the breach
Provide details of the breach, affected data, and remedial measures taken

9.2 Notification to You

If the breach poses a high risk to your rights and freedoms, we will notify you directly
Notification will include: nature of the breach, likely consequences, measures taken, and steps you should take
Communication channels: Email, in-app notification, and public announcement (if widespread)

9.3 Breach Response Procedures

Immediate containment and investigation
Forensic analysis to determine scope and impact
Implementation of additional security measures
Documentation of incident and response actions

10. Children's Privacy

QuipGuide is designed for workplace use by adults (18 years or older). We do not knowingly collect personal information from individuals under 18 years of age.

If we discover that we have inadvertently collected information from a minor, we will delete it immediately. If you believe a child under 18 has provided us with personal information, please contact us at [email protected].

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of material changes through:

Email Notification: Sent to your registered email address
In-App Notification: Alert when you next open the app
Website Posting: Updated policy published on our website
Effective Date: Displayed at the top of this document

Your continued use of QuipGuide after the effective date of changes constitutes acceptance of the updated Privacy Policy. If you do not agree with changes, you may discontinue use of the service.

12. Legal and Regulatory Framework

12.1 Applicable Laws

This Privacy Policy complies with:

POPIA (Protection of Personal Information Act, 2013): South African data protection law
OHSA (Occupational Health and Safety Act, 1993): Industrial workplace safety requirements
SANS Standards: South African National Standards for industrial equipment management
Electronic Communications and Transactions Act (2002): E-commerce and electronic communications

12.2 Information Regulator Contact

If you have concerns about how we handle your personal information that we cannot resolve, you have the right to lodge a complaint with the Information Regulator:

Information Regulator (South Africa)

Address: 33 Hoofd Street, Forum III, 3rd Floor Braampark, Braamfontein, Johannesburg, 2017

Email: [email protected]

Website: https://inforegulator.org.za

Complaint Form: Available on the Information Regulator website

13. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

QuipGuide Privacy Office

Responsible Party: QuipGuide (Pty) Ltd

Email: [email protected]

Support Email: [email protected]

Phone: 082 696 3205

Physical Address: First Floor, Block A Clearwater Office Park North Atlas Road, Parkhaven Boksburg, Gauteng South Africa 1459

Response Time: We aim to respond to all inquiries within 5 business days

14. Consent and Acknowledgment

By creating an account and using QuipGuide, you acknowledge that:

You have read and understood this Privacy Policy
You consent to the collection, use, and disclosure of your personal information as described
You understand your rights under POPIA and how to exercise them
You consent to the transfer of data to service providers located outside South Africa with appropriate safeguards
You understand that some data (maintenance logs) must be retained for 7 years for legal compliance

            Your Privacy Matters: We are committed to transparency, data protection, and
            respecting your privacy rights. If you have any concerns or questions about how we handle your
            personal information, please do not hesitate to contact us.
        