Legal

Privacy Policy

Effective Date: 19 March 2026 · Last Updated: 19 March 2026

1. Introduction

DigiMine (Pty) Ltd ("DigiMine", "we", "us", "our") is committed to protecting the privacy and personal information of our users. This Privacy Policy explains how we collect, use, store, share and protect your Personal Information when you use our platform at digimine.app ("Platform").

This policy is issued in compliance with the Protection of Personal Information Act 4 of 2013 (POPIA) of South Africa and is designed to meet the requirements of applicable privacy legislation in all regions we serve, including PIPEDA (Canada), the Australian Privacy Act 1988, and the California Consumer Privacy Act (CCPA/CPRA) in the United States.

2. Responsible Party / Data Controller

DigiMine (Pty) Ltd

Information Officer: DigiMine Privacy Team

Email: digimine.app@gmail.com

Website: digimine.app

As required under POPIA Section 55, our Information Officer is registered with the South African Information Regulator.

3. Personal Information We Collect

We collect the following categories of Personal Information:

Account Information

Full name, email address, company name, phone number, job title/role, password (encrypted).

Billing Information

Company billing details, subscription plan, payment history. We do not store credit card numbers directly; payment processing is handled by third-party payment providers (e.g. PayFast).

Usage Data

Login timestamps, pages visited, features used, browser type, device information, IP address.

Operational Data (Customer Data)

Equipment records, downtime events, shift reports, site information and other mining operational data entered by you or your Users. This data may incidentally contain Personal Information (e.g. operator names in shift logs).

Location Data

Approximate geographic location derived from your IP address for the purpose of regional pricing and currency detection.

4. How We Collect Information

  • Directly from you: When you register, complete forms, submit demo requests, contact us or use the Platform.
  • Automatically: Through cookies, server logs and analytics tools when you access the Platform.
  • From your organisation: When an Admin adds you as a User to their company account.

5. Purpose of Processing

We process your Personal Information for the following specific purposes, in accordance with POPIA Section 13 (purpose limitation):

  • To provide, operate and maintain the Platform and its features.
  • To create and manage your account and Subscription.
  • To process payments and manage billing.
  • To communicate with you about your account, service updates and support.
  • To detect and prevent fraud, abuse and security threats.
  • To comply with legal obligations and respond to lawful requests.
  • To improve the Platform through aggregated, anonymised analytics.
  • To send transactional emails (billing alerts, account notifications).

6. Lawful Basis for Processing

Under POPIA Section 11, we rely on the following conditions for lawful processing:

  • Contractual necessity: Processing necessary to perform our contract with you (your Subscription).
  • Consent: Where you have given voluntary, specific and informed consent (e.g. marketing communications).
  • Legal obligation: Processing required to comply with applicable laws.
  • Legitimate interest: Processing necessary for our legitimate business interests (e.g. platform security, fraud prevention), provided such interests do not override your rights.

7. Sharing and Disclosure

We do not sell your Personal Information. We may share your information with the following categories of recipients:

  • Cloud hosting providers: Supabase (database and authentication), Vercel (application hosting).
  • Payment processors: PayFast (South Africa) and applicable payment providers for other regions.
  • Email service providers: Resend (transactional email delivery).
  • Legal and regulatory authorities: Where required by law, court order or regulation.
  • Professional advisers: Auditors, lawyers and accountants, under confidentiality obligations.

All third-party service providers are bound by data processing agreements and are required to protect your information to standards equivalent to those set out in this policy.

8. International Data Transfers

As a global platform, your data may be transferred to and processed in countries outside your country of residence. Our infrastructure providers operate data centres in various regions.

South African Users (POPIA Section 72): Where we transfer your Personal Information outside of South Africa, we ensure that the receiving country provides an adequate level of protection, or that binding agreements are in place to protect your information, or that you have provided consent.

Canadian Users (PIPEDA): We remain accountable for the protection of your information when it is transferred to third parties in other jurisdictions.

Australian Users (APP 8): Before disclosing your information to an overseas recipient, we take reasonable steps to ensure the recipient complies with the Australian Privacy Principles.

9. Data Retention

We retain your Personal Information only for as long as necessary to fulfil the purposes for which it was collected, or as required by law (POPIA Section 14, PIPEDA Principle 5). Specifically:

  • Active accounts: All Customer Data is retained for the duration of your Subscription and for up to 5 years of historical data to support long-term performance analysis, trend reporting and benchmarking.
  • Post-termination: Identifiable Customer Data is available for export for 30 days after termination and securely deleted or anonymised within 90 days. Anonymised operational data may be retained for up to 5 years for industry analysis (see Section 10 of our Terms of Service).
  • Billing records: Retained for 7 years to comply with tax and financial reporting obligations.
  • Server logs: Retained for up to 90 days for security and troubleshooting purposes.
  • Aggregated and Anonymised Data: Retained indefinitely. This data cannot be traced back to any individual, company or mining operation and is used for platform improvement, industry benchmarking and commercial purposes as described in our Terms of Service.

10. Data Security

We implement appropriate technical and organisational measures to protect your Personal Information against unauthorised access, alteration, disclosure or destruction, in accordance with POPIA Section 19. These measures include:

  • Encryption of data in transit (TLS/SSL) and at rest.
  • Row-Level Security (RLS) policies ensuring users can only access their own organisation's data.
  • Secure authentication with hashed passwords and session management.
  • Role-based access controls within the Platform.
  • Regular security reviews and vulnerability assessments.

11. Data Breach Notification

In the event of a data breach that poses a risk to your rights and freedoms, we will notify affected parties in accordance with:

  • South Africa (POPIA Section 22): The Information Regulator and affected data subjects will be notified as soon as reasonably possible.
  • Canada (PIPEDA): The Privacy Commissioner and affected individuals will be notified where there is a real risk of significant harm.
  • Australia (NDB scheme): The OAIC and affected individuals will be notified where an eligible data breach is likely to result in serious harm.
  • United States: Notification will be provided in accordance with applicable state breach notification laws.

12. Your Rights

Depending on your jurisdiction, you have the following rights regarding your Personal Information:

All Users

  • Access: Request a copy of the Personal Information we hold about you.
  • Correction: Request correction of inaccurate or incomplete information.
  • Deletion: Request deletion of your Personal Information, subject to legal retention requirements.
  • Data portability: Export your data using our built-in tools.
  • Withdraw consent: Where processing is based on consent, you may withdraw it at any time.

South African Users (POPIA)

  • Right to access (Section 23) and correction (Section 24).
  • Right to object to processing (Section 11(3)).
  • Right not to be subject to automated decision-making (Section 71).
  • Right to lodge a complaint with the Information Regulator.

USA Users (CCPA/CPRA)

  • Right to know what Personal Information is collected, used, shared or sold.
  • Right to delete Personal Information.
  • Right to opt out of the sale or sharing of Personal Information. Note: DigiMine does not sell your Personal Information.
  • Right to correct inaccurate Personal Information.
  • Right to non-discrimination for exercising your rights.

Canadian Users (PIPEDA)

  • Right of access to your Personal Information (Principle 9).
  • Right to challenge accuracy and request amendments.
  • Right to withdraw consent.
  • Right to complain to the Office of the Privacy Commissioner of Canada.

Australian Users (Privacy Act)

  • Right to access your Personal Information (APP 12).
  • Right to correction of Personal Information (APP 13).
  • Right to complain to the Office of the Australian Information Commissioner (OAIC).

To exercise any of these rights, please contact us at digimine.app@gmail.com. We will respond within the timeframe required by your applicable law (generally 30 days).

13. Aggregated and Anonymised Data

We create Aggregated and Anonymised Data from your use of the Platform by irreversibly removing all identifiers that could link the data back to you, your company, your Users, your equipment or your mining sites. This anonymised data may include patterns such as equipment downtime frequencies, failure mode distributions, maintenance intervals, shift performance trends and operational benchmarks.

How we use it: We may use Aggregated and Anonymised Data for platform improvement, research, industry benchmarking, and to create data products or reports for third parties including Original Equipment Manufacturers (OEMs), mining consultancies and industry bodies. Full details are set out in Section 10 of our Terms of Service.

Your protection: Anonymised data is not Personal Information under POPIA, PIPEDA, the Australian Privacy Act or the CCPA/CPRA, as it cannot be used to identify any individual or organisation. We contractually prohibit any third-party recipients from attempting to re-identify anonymised data.

14. Cookies and Tracking

The Platform uses essential cookies required for authentication and session management. We may also use analytics cookies to understand how the Platform is used and to improve our service. You can manage cookie preferences through your browser settings. For detailed information, we maintain a cookie notice accessible within the Platform.

15. Children's Privacy

The Platform is not directed at individuals under the age of 18. We do not knowingly collect Personal Information from children. In accordance with POPIA Section 35 and US COPPA regulations, if we become aware that we have collected information from a child, we will take steps to delete it promptly.

16. Do Not Track / Global Privacy Control

We honour Global Privacy Control (GPC) signals as required by the CCPA/CPRA. If your browser sends a GPC signal, we will treat it as a request to opt out of any sale or sharing of Personal Information (although DigiMine does not sell Personal Information).

17. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable law. We will notify you of material changes via email or through the Platform at least 30 days before the changes take effect. Your continued use of the Platform after the updated policy takes effect constitutes your acceptance of the changes.

18. Complaints and Supervisory Authorities

If you are dissatisfied with how we handle your Personal Information, please contact us first. If you are not satisfied with our response, you may lodge a complaint with the relevant supervisory authority:

South Africa: Information Regulator — inforegulator.org.za — complaints@inforegulator.org.za
Canada: Office of the Privacy Commissioner — priv.gc.ca
Australia: Office of the Australian Information Commissioner — oaic.gov.au
USA: Your state Attorney General's office or the California Privacy Protection Agency (for CCPA matters).

19. Contact Us

For any questions, requests or concerns about this Privacy Policy or how we handle your Personal Information:

DigiMine (Pty) Ltd

Information Officer / Privacy Team

Email: digimine.app@gmail.com

Website: digimine.app