Security Policy

1. Purpose

1.1 This Security Policy explains how Sethala (Pty) Ltd approaches security for Meshtrack.

1.2 This Security Policy is intended to help prospective and existing customers understand Sethala’s security approach, customer responsibilities and support expectations.

1.3 This Security Policy does not create an absolute guarantee of security and must be read with the Meshtrack Terms of Service and Meshtrack Privacy Policy.

1.4 Meshtrack security depends on both Sethala’s controls and the customer’s own configuration, access management, network security, device handling, user behaviour and internal processes.

2. Security approach

2.1 Sethala uses reasonable technical and organisational measures appropriate to the nature of Meshtrack, the type of information processed and the operational risks associated with app-based asset and site management.

2.2 Sethala’s security controls may evolve as Meshtrack develops, as customer requirements change and as operational risks are identified.

2.3 Sethala does not represent that Meshtrack is suitable as a life-critical, emergency, medical, safety-critical or sole security system.

2.4 Meshtrack is intended to support operational visibility and decision-making. It must not be used as a substitute for legally required safety, emergency, access control, security, fire, evacuation, medical or occupational health and safety systems.

3. Access control

3.1 Meshtrack uses access control measures to help restrict access to authorised users.

3.2 Meshtrack may use role-based access control to help customers manage what different users can access and perform.

3.3 Customers are responsible for assigning appropriate roles, reviewing access and removing users who no longer require access.

3.4 Customers must ensure that account access is limited to authorised personnel with a legitimate business need.

3.5 Customers must not share login credentials between users.

3.6 Customers are responsible for all activity performed through their Meshtrack accounts, except where caused by Sethala’s proven fault or unlawful conduct.

4. Passwords and authentication

4.1 Customers and authorised users are responsible for keeping login credentials secure.

4.2 Sethala recommends that customers use strong passwords, unique user accounts and multi-factor authentication where available.

4.3 Customers must promptly notify Sethala if they suspect compromised credentials, unauthorised access, account misuse or unusual account activity.

4.4 Sethala may require additional verification before assisting with account recovery, billing changes, administrative changes, support requests or other account-level changes.

5. Audit logs and system logs

5.1 Meshtrack may keep logs of important system and security events, including account access, configuration changes, device activity, support access, legal acceptance events and security-relevant activity.

5.2 Audit logs and system logs may be used for security, troubleshooting, support, compliance, dispute resolution, service administration and platform improvement.

5.3 Log availability, retention periods and export functionality may depend on the customer’s subscription, system configuration and Sethala’s operational practices.

5.4 Customers should not rely on Meshtrack logs as their sole audit, employment, safety, legal or compliance record unless expressly agreed in writing.

6. Data protection

6.1 Sethala uses reasonable safeguards to protect personal information, customer account data, app-management data, technical service data, support information and security information against unauthorised access, loss, damage, destruction and unlawful processing.

6.2 Safeguards may include access controls, authentication, environment separation, monitoring, backups, audit logs, internal policies and other appropriate technical and organisational measures.

6.3 No system can be guaranteed completely secure, uninterrupted or immune from cyber risk.

6.4 Customers and authorised users must also protect passwords, devices, networks, account access and any information exported from Meshtrack.

7. App-management and technical service data

7.1 Sethala may process app-management, technical, diagnostic, service, audit, security and support information required to operate, manage, secure and support Meshtrack.

7.2 This may include customer account settings, authorised user roles, device configuration, site configuration, hardware status, connectivity status, service logs, audit logs, diagnostics, support history and security events.

7.3 Sethala does not, as part of its ordinary website enquiry, sales, invoicing, account-management or support process, intentionally collect or process personal information of the customer’s own end-users, employees, contractors, visitors or other persons who may be managed, monitored or tracked by the customer at its own site.

7.4 If the customer includes personal information of its own end-users, employees, contractors, visitors or other persons in support requests, screenshots, emails, attachments, configuration fields or other information supplied to Sethala, the customer is responsible for ensuring that it is authorised to do so.

8. Support access

8.1 Sethala support personnel may need to access customer account information, technical service data, diagnostics or configuration information to provide support, investigate faults, resolve incidents or maintain Meshtrack.

8.2 Support access should be limited to authorised personnel and appropriate support, security, diagnostic or service-management purposes.

8.3 Customers must not share passwords with Sethala personnel.

8.4 Where support access is required, it should be provided through approved support mechanisms.

8.5 Sethala may keep records of support requests, support actions and support-related communications.

9. Hosting and infrastructure

9.1 Meshtrack may use cloud hosting, infrastructure providers, database services, storage services, communication services, monitoring services and other technology providers.

9.2 Sethala selects providers based on practical, technical, commercial, operational and security considerations.

9.3 Infrastructure locations, hosting arrangements and providers may change from time to time.

9.4 Where personal information is processed through service providers or infrastructure outside South Africa, Sethala will take reasonable steps to ensure that appropriate safeguards are in place as required by applicable law.

9.5 Third-party hosting, infrastructure, communication and service providers may have their own security practices, service levels, limitations and terms.

10. Backups and resilience

10.1 Sethala may maintain backups or resilience measures appropriate to the nature of the service.

10.2 Backups are intended for service resilience, restoration and disaster recovery. They are not a substitute for the customer’s own records management, reporting, exports or archival processes.

10.3 Customers should export and retain their own records where required for operational, legal, compliance, insurance, audit or internal governance purposes.

10.4 Backup deletion may occur according to Sethala’s ordinary backup lifecycle and may not be immediate.

11. Security incidents

11.1 If Sethala becomes aware of reasonable grounds to believe that personal information processed by Sethala has been accessed or acquired by an unauthorised person, Sethala will take reasonable steps to investigate, contain and remediate the incident.

11.2 Where legally required, Sethala will take steps to notify affected persons and/or the Information Regulator as required by applicable law.

11.3 Where an incident affects a customer account or service, Sethala may contact the customer using the account, billing, administrative or support contact details on record.

11.4 Customers must promptly notify Sethala of suspected unauthorised access, compromised credentials, lost devices, unusual activity, security weaknesses or security concerns affecting Meshtrack.

11.5 Customers must cooperate reasonably with Sethala in investigating and responding to security incidents affecting their own accounts, users, devices, networks or deployment.

12. Customer responsibilities

12.1 Customers are responsible for:

12.1.1 selecting appropriate user roles and permissions;

12.1.2 managing passwords and authentication;

12.1.3 securing their own networks, devices and systems;

12.1.4 protecting physical devices from tampering, misuse, damage or theft;

12.1.5 limiting access to Meshtrack data to authorised persons only;

12.1.6 disabling access for former employees, contractors or users who no longer require access;

12.1.7 maintaining accurate account, billing and support contact details;

12.1.8 complying with internal security, privacy, workplace and governance policies;

12.1.9 ensuring lawful and secure deployment at their own sites;

12.1.10 reporting suspected incidents promptly;

12.1.11 keeping their own records, exports and backups where needed for their internal purposes; and

12.1.12 ensuring that users are properly trained or instructed on secure use of Meshtrack.

13. Customer deployment risk

13.1 Sethala provides the Meshtrack technology, but the customer is responsible for how Meshtrack is deployed and used at the customer’s own site.

13.2 The customer is responsible for ensuring that any use of Meshtrack involving identifiable persons, workplace processes, visitor processes, site access, operational monitoring or internal controls is lawful, fair, transparent and properly governed.

13.3 The customer is responsible for providing required notices, obtaining required consents, limiting access, managing retention and complying with POPIA, workplace privacy requirements, employment requirements and internal policies where applicable.

13.4 The customer must not use Meshtrack for covert, unlawful, discriminatory, excessive or disproportionate monitoring.

13.5 The customer must ensure that access to Meshtrack data is limited to authorised persons with a legitimate need to access that information.

14. Physical device security

14.1 Customers are responsible for the physical security of Meshtrack hardware once delivered or installed at the customer’s site.

14.2 Customers must take reasonable steps to protect devices from tampering, misuse, damage, theft, unauthorised movement, environmental exposure and unsafe installation.

14.3 Customers must use hardware only in accordance with applicable specifications, installation instructions, environmental limits and manufacturer requirements.

14.4 Incorrect installation, unsafe use, tampering, unauthorised modification or use outside specifications may affect performance, security, warranty support and service reliability.

15. Third-party systems and connectivity

15.1 Meshtrack may depend on third-party services, connectivity, networks, devices, operating systems, app stores, infrastructure providers, APIs, communication systems and other systems outside Sethala’s direct control.

15.2 Sethala is not responsible for security incidents, outages, loss, delays, data issues or service failures caused by third-party systems outside Sethala’s reasonable control.

15.3 Customers are responsible for maintaining their own internet access, power, network infrastructure, compatible devices, browsers, internal IT controls and third-party system security.

16. Limitations

16.1 No technology system can be guaranteed completely secure.

16.2 Meshtrack security depends partly on customer configuration, user behaviour, network security, device placement, physical security, access management and internal customer controls.

16.3 Sethala is not responsible for security incidents caused by customer misuse, weak passwords, unauthorised sharing, compromised customer devices, third-party systems, unsafe deployment or failure to follow security guidance.

16.4 Meshtrack is not a substitute for legally required safety systems, emergency systems, physical security systems, access control systems, employee supervision, occupational health and safety systems or professional judgement.

16.5 Sethala does not guarantee uninterrupted availability, absolute accuracy, complete protection from cyber risk or suitability for every customer environment.

17. Changes to this Security Policy

17.1 Sethala may update this Security Policy from time to time.

17.2 The latest version will be published on the Meshtrack website or made available through the platform.

17.3 Security controls, practices and service providers may change as Meshtrack develops, provided Sethala continues to use reasonable measures appropriate to the nature of the service.

18. Contact

18.1 Security queries may be sent to Sethala using the contact details published on the Meshtrack website.

18.2 General contact email: [email protected].

18.3 Support email: [email protected].