Privacy Policy

1. Introduction

Welcome to eRemo, a Smart Gate Control System developed and operated by Eyona Software Development (Pty) Ltd ("we," "us," or "our"), based in Cape Town, South Africa.

This Privacy Policy describes how we collect, use, store, and protect your personal information when you use the eRemo system, including our mobile applications (Android and iOS), web portal, Bluetooth-enabled devices, RF remotes, and our website at eremo.io (collectively, the "Services").

By accessing or using our Services, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with the practices described herein, please discontinue use of our Services.

2. Information We Collect

2.1 Information You Provide to Us

When you create an account, use our Services, or contact us, you may provide the following information:

• Account Information: Full name and email address used to create and manage your eRemo account.
• Contact Form Data: Full name, email address, subject, and message content submitted via our website contact form.
• Payment Information: When you purchase eRemo products or subscriptions, payment details are collected and processed by our third-party payment processors. We do not store your full credit card or banking information on our servers.
• Communication Data: Any correspondence, feedback, or support requests you send to us.

2.2 Information Collected Automatically

When you use our Services, we automatically collect certain information, including:

• Device Information: Device model, operating system version, unique device identifiers, and app version.
• Location Data: With your permission, we collect precise or approximate location data to enable gate proximity features. This allows the app to detect when you are near your gate for automated or quick access. You can disable location permissions at any time in your device settings.
• Bluetooth Data: When Bluetooth is enabled, we collect Bluetooth signal data to facilitate communication between your mobile device and the eRemo gate controller. This includes Bluetooth device identifiers and signal strength. Bluetooth permissions are required for proximity-based gate access.
• Access Logs and Audit Trails: We record all gate access events, including timestamps, the method of access (app, Bluetooth, RF remote, or web portal), and the identity of the user who initiated access. These logs are essential for security and accountability.
• Push Notification Tokens: If you opt in to push notifications, we collect your device push notification token to send you real-time alerts about gate access events, security notifications, and system updates.
• Analytics Data: We use Google Analytics and similar tools to collect anonymised usage data such as pages visited, session duration, and interaction patterns to improve our Services. This may involve cookies or similar tracking technologies.
• Network and Connection Data: IP address, connection type, and browser information when accessing our web portal or website.

3. How We Use Your Information

We use the information we collect for the following purposes:

• Providing and Operating Our Services: To authenticate your identity, grant gate access, manage your account, and ensure the system functions correctly across all channels (app, Bluetooth, RF remote, and web portal).
• Security and Access Control: To maintain rolling code security, AES-256 encryption protocols, audit trails, and to detect and prevent unauthorised access to your property.
• Proximity-Based Features: To use location and Bluetooth data to enable automatic gate detection and proximity-based access.
• Real-Time Notifications: To send push notifications about gate access events, security alerts, and important system updates.
• Offline Mode: To enable secure gate access even when your device does not have an active internet connection.
• Customer Support: To respond to your enquiries, troubleshoot issues, and provide technical assistance.
• Analytics and Improvement: To analyse usage patterns, diagnose technical problems, and improve the performance, reliability, and features of our Services.
• Legal Compliance: To comply with applicable laws, regulations, and legal processes.
• Communications: To send important service-related communications, including policy updates and maintenance notices.

4. Information Sharing and Disclosure

We do not sell your personal information. We may share your information in the following limited circumstances:

• Service Providers: We engage trusted third-party service providers who assist us in operating our Services, including cloud hosting, payment processing, analytics (Google Analytics), and push notification delivery. These providers are contractually obligated to protect your data and use it only for the purposes we specify.
• Payment Processors: When you make a purchase, your payment information is handled directly by our third-party payment processors. We do not have access to your full payment card details.
• Property Administrators: If your gate is managed by a property administrator or estate manager, certain access log data may be shared with them as part of the system's intended use.
• Legal Requirements: We may disclose your information if required by law, regulation, legal process, or governmental request, or to protect the rights, safety, or property of eRemo, our users, or the public.
• Business Transfers: In the event of a merger, acquisition, or sale of assets, your personal information may be transferred as part of that transaction. We will notify you before your information becomes subject to a different privacy policy.

5. Data Retention

We retain your personal information for as long as necessary to fulfil the purposes described in this Privacy Policy, including:

• Account Data: Retained for the duration of your active account. Upon account deletion, your personal data will be removed within 30 days, except where retention is required by law.
• Access Logs and Audit Trails: Retained for a minimum period necessary for security purposes and to comply with legal obligations. Typically, access logs are retained for up to 12 months unless a longer period is required by law or legitimate security needs.
• Analytics Data: Anonymised analytics data may be retained indefinitely as it cannot be used to identify you.
• Contact Form Data: Retained for as long as necessary to resolve your enquiry and for a reasonable period thereafter.

When personal data is no longer needed, we will securely delete or anonymise it in accordance with our data retention procedures.

6. Data Security

We take the security of your personal information seriously and implement robust technical and organisational measures to protect it, including:

• AES-256 Encryption: All sensitive data transmitted between your device and the eRemo system is encrypted using AES-256, an industry-standard encryption protocol.
• Rolling Code Security: Our RF communication uses rolling code technology to prevent replay attacks and signal interception.
• Secure Authentication: Multi-layer authentication mechanisms protect your account from unauthorised access.
• Encrypted Storage: Personal data stored on our servers is encrypted at rest.
• Access Controls: Strict internal access controls ensure only authorised personnel can access your personal data.
• Regular Security Audits: We conduct periodic security reviews and vulnerability assessments.

7. Your Rights and Choices

Under the Protection of Personal Information Act (POPIA) and the General Data Protection Regulation (GDPR), you have the following rights regarding your personal information:

• Right of Access: You may request a copy of the personal information we hold about you.
• Right to Rectification: You may request correction of any inaccurate or incomplete personal information.
• Right to Erasure: You may request deletion of your personal information, subject to legal obligations that require us to retain certain data.
• Right to Restriction: You may request that we restrict the processing of your personal information in certain circumstances.
• Right to Data Portability: You may request a copy of your data in a structured, commonly used, machine-readable format.
• Right to Object: You may object to the processing of your personal information for direct marketing or profiling purposes.
• Right to Withdraw Consent: Where processing is based on your consent, you may withdraw that consent at any time without affecting the lawfulness of prior processing.
• Right to Lodge a Complaint: You may lodge a complaint with the Information Regulator of South Africa or the relevant data protection authority in your jurisdiction.

Managing Permissions

You can manage the following permissions on your mobile device at any time:

• Location: Disable location access in your device settings. Note that this will affect gate proximity features.
• Bluetooth: Disable Bluetooth access in your device settings. Note that this will affect Bluetooth-based gate access.
• Push Notifications: Disable push notifications through your device settings or within the eRemo app.

To exercise any of these rights, please contact us using the details provided in the Contact Us section below. We will respond to your request within 30 days.

8. Children's Privacy

Our Services are not intended for use by individuals under the age of 18. We do not knowingly collect personal information from children under 18 years of age.

If we become aware that we have inadvertently collected personal information from a child under 18, we will take immediate steps to delete that information from our records. If you believe that a child under 18 has provided us with personal information, please contact us at eremo@eyonasoftware.co.za so that we can take appropriate action.

9. International Data Transfers

Eyona Software Development (Pty) Ltd is based in Cape Town, South Africa. Your personal information may be transferred to, stored, and processed in countries other than your country of residence, including countries that may have different data protection laws.

When we transfer personal data internationally, we ensure that appropriate safeguards are in place, including:

• Standard contractual clauses approved by relevant data protection authorities.
• Ensuring that receiving parties maintain adequate levels of data protection.
• Compliance with POPIA's requirements for cross-border transfers of personal information.

By using our Services, you acknowledge and consent to the transfer of your information to jurisdictions outside of your own, where applicable safeguards are maintained.

10. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or for other operational reasons. When we make material changes, we will:

• Update the "Last Updated" date at the top of this policy.
• Notify you via email or through an in-app notification where appropriate.
• Post the revised policy on our website.

We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your information. Your continued use of our Services after any changes to this policy constitutes acceptance of those changes.

11. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please do not hesitate to contact us:

For data protection-related requests, please include "Privacy Request" in the subject line of your email. We aim to respond to all legitimate requests within 30 days.