Last updated: 16 May 2026

Privacy Policy

How MicMap collects, uses, and protects your personal information under POPIA.

MicMap (“we”, “us”, or “MicMap”) is committed to protecting your privacy and the personal information of your drivers, employees, and business contacts. This Privacy Policy describes what we collect, why we collect it, and the rights you have under the Protection of Personal Information Act, 4 of 2013 (POPIA).

By creating an account or using the MicMap platform, you confirm that you have read and understood this policy and that you have the authority to share the personal information of drivers and employees you upload.

1. Who we are

MicMap is operated by Citadene Technologies (Pty) Ltd, registration number 2025/296372/07, a private company incorporated in the Republic of South Africa. Our registered address is 42 Parkland Drive, Kempton Park, Gauteng, 1602.

Our Information Officer can be contacted at privacy@micmap.co.za. For POPIA-specific queries see our POPIA Notice.

2. Information we collect

From you (the account holder)

  • Your name, email address, mobile number, and password.
  • Company information: registered name, CIPC number, VAT number, physical address.
  • Billing information processed via our payment provider PayFast (we do not store card details).
  • Communications you send us (support requests, document requests).

About your drivers and employees

  • Names and South African ID numbers.
  • Driver's licence codes, PrDP details, and contact numbers.
  • Compliance documents you upload (roadworthy certificates, PrDP, tax clearance, etc.).

About your vehicles

  • Vehicle registrations, fleet numbers, make/model/year.
  • Linked compliance documents and expiry dates.

Automatic data

  • Session cookies (required for login) and basic usage logs (IP address, browser type, timestamps) for security.

3. Why we collect it (purpose)

  • To provide the MicMap compliance tracking service you signed up for.
  • To notify you of upcoming document expiries via email and (in future) WhatsApp.
  • To verify your identity and prevent fraudulent access.
  • To process payments and produce tax-compliant invoices.
  • To respond to your support requests and improve the platform.
  • To comply with applicable laws (tax, anti-fraud, court orders).

4. Legal basis for processing

We process personal information under one or more of the following POPIA lawful bases:

  • Contract — to deliver the service you subscribed to.
  • Legitimate interest — to maintain platform security and prevent fraud.
  • Consent — for optional features (e.g. marketing emails). You can withdraw consent at any time.
  • Legal obligation — to comply with SA tax law and lawful court orders.

5. Who we share it with

We do not sell or rent your personal information. We share data only with the following operators, under written agreements:

  • Supabase — database and authenticated file storage (EU region).
  • PayFast (Pty) Ltd — payment processing (South Africa).
  • Resend — transactional email delivery.
  • Vercel — application hosting.

Some operators may store data outside South Africa. Where this occurs, we ensure they offer protection at a level comparable to POPIA, in line with section 72 of the Act.

6. How long we keep it

  • Account & compliance data — for as long as your account is active, plus up to 7 years thereafter for tax record-keeping.
  • Uploaded documents — deleted on request, or within 30 days of subscription cancellation unless required by law.
  • Backups — overwritten on a 30-day rolling cycle.

7. How we protect it

  • All documents are encrypted at rest (AES-256) in Supabase Storage.
  • All connections use HTTPS/TLS in transit.
  • Passwords are hashed with industry-standard algorithms — we never see them.
  • Two-factor authentication is available on every account.
  • Database access is restricted by role and audited.

In the event of a security compromise involving your personal information, we will notify you and the Information Regulator as required by section 22 of POPIA.

8. Your rights

Under POPIA you have the right to:

  • Ask what personal information we hold about you (right of access).
  • Request that we correct or delete inaccurate information.
  • Object to processing of your information.
  • Withdraw consent (where consent is the lawful basis).
  • Lodge a complaint with the Information Regulator if you believe your rights have been infringed.

To exercise any of these rights, email privacy@micmap.co.za. We will respond within 30 days.

9. Children

MicMap is a business product and is not intended for use by anyone under 18. We do not knowingly collect personal information of children.

10. Cookies

We use only essential cookies required to keep you signed in. We do not use third-party advertising or tracking cookies.

11. Changes to this policy

We may update this policy from time to time. The “Last updated” date at the top reflects the most recent change. For material changes we will notify you by email.

12. Contact the Information Regulator

Information Regulator (South Africa)
JD House, 27 Stiemens Street, Braamfontein, Johannesburg, 2001
Email: inforeg@justice.gov.za
Complaints: POPIAComplaints@inforegulator.org.za