Privacy Policy

1. Who We Are

SmartKwam is a smart home control application developed and operated by AdvannoSmart (Pty) Ltd ("AdvannoSmart", "we", "us", or "our"), a company incorporated and registered in the Republic of South Africa.

AdvannoSmart is the responsible party as defined in the Protection of Personal Information Act 4 of 2013 ("POPIA") in respect of the personal information processed through the SmartKwam app, website (smartkwam.co.za), and related services (together, the "Services").

Contact details are set out in Section 13 below.

2. Information We Collect

We collect the following categories of personal information:

2.1 Account Information

When you register for a SmartKwam account we collect your name, email address, and a password (stored in hashed form). You may optionally provide a profile photo.

2.2 Smart Home Device Data

To provide the core functionality of the Services, we process data about the smart devices you connect to your account, including: device type and model, device names and room assignments, current device states (e.g. light on/off, thermostat temperature, lock status), automation rules and scene configurations, and historical device usage logs used to power energy monitoring features.

2.3 Usage and Analytics Data

We automatically collect information about how you interact with the Services, including: features used, screens visited, actions taken, session duration, error and crash reports, and app version. This data is collected in aggregated and pseudonymised form where possible.

2.4 Technical and Device Data

We collect technical information from the device you use to access SmartKwam, including: mobile device type and model, operating system version, unique device identifiers (e.g. advertising ID, if you have not opted out), IP address, mobile network information, and time zone. We also collect location data if you grant location permissions — this is used for geofencing automations (e.g. "turn off lights when I leave home") and is processed locally on your device where technically feasible.

3. How We Use Your Information

We use the personal information we collect to:

Create and manage your account and authenticate you when you sign in.
Provide, operate, and improve the SmartKwam Services, including syncing device states across your devices in real time.
Execute automations, scenes, and schedules you have configured.
Send you service-related communications, such as security alerts, account notifications, and important product updates.
Respond to your support requests and troubleshoot problems.
Detect, prevent, and investigate fraud, security incidents, and abuse.
Analyse usage patterns in aggregate to understand how the Services are used and to inform product improvements.
Comply with our legal obligations under applicable South African law.

We will not use your personal information for any purpose that is incompatible with the purposes described above without first obtaining your consent.

4. Legal Basis for Processing

Under POPIA, Section 11, we process your personal information on the following grounds:

Contractual necessity — processing required to provide you the Services you have signed up for (e.g. account management, device control).
Legitimate interest — processing necessary for our legitimate business interests, such as improving the Services, preventing fraud, and ensuring security, where those interests are not overridden by your rights and freedoms.
Consent — where we have asked for and you have freely given your consent (e.g. location access for geofencing). You may withdraw consent at any time without affecting the lawfulness of prior processing.
Legal obligation — where processing is required to comply with a legal obligation to which we are subject.

6. International Transfers

To provide the Services, your personal information may be transferred to and processed in countries outside the Republic of South Africa, including countries where our cloud infrastructure providers and third-party device platforms operate.

Where such transfers occur, we take appropriate steps to ensure an adequate level of protection is provided, consistent with the requirements of POPIA Section 72, including binding contractual obligations on recipients that require them to protect the personal information to a standard equivalent to South African law. By using the Services, you acknowledge and agree to these transfers.

7. Data Retention

We retain personal information only for as long as necessary to fulfil the purposes for which it was collected, or as required by law. Our specific retention periods include:

Account information — retained for the lifetime of your account and deleted within 30 days of a valid account deletion request.
Device data and automation rules — retained for the lifetime of your account; deleted or anonymised when you remove a device or delete your account.
Device usage history — detailed logs retained for 12 months; aggregated energy analytics retained for 24 months.
Analytics data — pseudonymised usage data aggregated and retained for up to 24 months.
Support correspondence — retained for 3 years after ticket resolution to assist with any follow-up disputes.

When personal information is no longer required, we securely delete or irreversibly anonymise it.

8. Data Security

We implement appropriate technical and organisational measures to protect your personal information against unauthorised access, accidental loss, destruction, or damage. These measures include:

Encryption of personal information in transit (TLS/HTTPS) and at rest.
Passwords stored using strong one-way hashing algorithms.
Role-based access controls limiting employee access to personal information on a need-to-know basis.
Regular security assessments and monitoring.
Incident response procedures, including notification to the Information Regulator and affected data subjects where required by POPIA.

Notwithstanding these measures, no system is completely secure. We cannot guarantee the absolute security of your information and encourage you to use a strong, unique password and enable any available multi-factor authentication.

9. Your Rights Under POPIA

As a data subject under POPIA, you have the following rights in respect of personal information we hold about you:

Right of access — you may request confirmation of whether we hold personal information about you and a description of that information.
Right to correction — you may request correction of inaccurate, incomplete, or outdated personal information.
Right to deletion — you may request that we delete or destroy personal information that is no longer necessary for the purpose for which it was collected, or where you have withdrawn consent and we have no other lawful basis to retain it.
Right to object — you may object to the processing of your personal information on grounds of legitimate interest, in which case we will cease processing unless we can demonstrate compelling legitimate grounds that override your interests.
Right to data portability — where technically feasible, you may request a structured machine-readable copy of personal information you have provided to us.
Right to lodge a complaint — you have the right to lodge a complaint with the Information Regulator of South Africa (details below).

To exercise any of these rights, contact our Information Officer at privacy@smartkwam.co.za. We will respond within 30 days of receiving your request.

Information Regulator of South Africa

JD House, 27 Stiemens Street, Braamfontein, Johannesburg, 2001

Email: inforeg@justice.gov.za

Website: www.justice.gov.za/inforeg

10. Children's Privacy

The SmartKwam Services are not directed at children under the age of 13. We do not knowingly collect personal information from children under 13. If you are between 13 and 17 years old, you must obtain the consent of your parent or legal guardian before creating an account and using the Services.

If we become aware that we have collected personal information from a child under 13 without verifiable parental consent, we will take steps to delete that information promptly. If you believe we may have inadvertently collected such information, please contact us at privacy@smartkwam.co.za.

11. Third-Party Services

SmartKwam integrates with third-party smart home platforms and cloud services (including but not limited to Tuya Smart) to enable device control. These integrations are subject to their own privacy policies, which we encourage you to review. We are not responsible for the privacy practices of third-party device manufacturers or platform providers.

Our Services may contain links to third-party websites or services. This policy does not apply to those external sites, and we are not responsible for their content or privacy practices.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or for other operational reasons. When we make material changes, we will notify you by email (to the address associated with your account) and/or by posting a prominent notice in the app at least 30 days before the changes take effect.

The "Last updated" date at the top of this policy indicates when it was most recently revised. Your continued use of the Services after any changes become effective constitutes your acceptance of the revised policy.

13. Contact & Information Officer

If you have questions about this policy or wish to exercise any of your rights under POPIA, please contact our designated Information Officer:

AdvannoSmart (Pty) Ltd — Information Officer

Email: privacy@smartkwam.co.za

General enquiries: support@smartkwam.co.za

Website: advannosmart.co.za

1. Who We Are

Contact details are set out in Section 13 below.

2. Information We Collect

We collect the following categories of personal information:

2.1 Account Information

When you register for a SmartKwam account we collect your name, email address, and a password (stored in hashed form). You may optionally provide a profile photo.

2.2 Smart Home Device Data

2.3 Usage and Analytics Data

2.4 Technical and Device Data

3. How We Use Your Information

We use the personal information we collect to:

Create and manage your account and authenticate you when you sign in.
Provide, operate, and improve the SmartKwam Services, including syncing device states across your devices in real time.
Execute automations, scenes, and schedules you have configured.
Send you service-related communications, such as security alerts, account notifications, and important product updates.
Respond to your support requests and troubleshoot problems.
Detect, prevent, and investigate fraud, security incidents, and abuse.
Analyse usage patterns in aggregate to understand how the Services are used and to inform product improvements.
Comply with our legal obligations under applicable South African law.

We will not use your personal information for any purpose that is incompatible with the purposes described above without first obtaining your consent.

4. Legal Basis for Processing

Under POPIA, Section 11, we process your personal information on the following grounds:

Contractual necessity — processing required to provide you the Services you have signed up for (e.g. account management, device control).
Legitimate interest — processing necessary for our legitimate business interests, such as improving the Services, preventing fraud, and ensuring security, where those interests are not overridden by your rights and freedoms.
Consent — where we have asked for and you have freely given your consent (e.g. location access for geofencing). You may withdraw consent at any time without affecting the lawfulness of prior processing.
Legal obligation — where processing is required to comply with a legal obligation to which we are subject.

6. International Transfers

7. Data Retention

We retain personal information only for as long as necessary to fulfil the purposes for which it was collected, or as required by law. Our specific retention periods include:

Account information — retained for the lifetime of your account and deleted within 30 days of a valid account deletion request.
Device data and automation rules — retained for the lifetime of your account; deleted or anonymised when you remove a device or delete your account.
Device usage history — detailed logs retained for 12 months; aggregated energy analytics retained for 24 months.
Analytics data — pseudonymised usage data aggregated and retained for up to 24 months.
Support correspondence — retained for 3 years after ticket resolution to assist with any follow-up disputes.

When personal information is no longer required, we securely delete or irreversibly anonymise it.

8. Data Security

We implement appropriate technical and organisational measures to protect your personal information against unauthorised access, accidental loss, destruction, or damage. These measures include:

Encryption of personal information in transit (TLS/HTTPS) and at rest.
Passwords stored using strong one-way hashing algorithms.
Role-based access controls limiting employee access to personal information on a need-to-know basis.
Regular security assessments and monitoring.
Incident response procedures, including notification to the Information Regulator and affected data subjects where required by POPIA.

9. Your Rights Under POPIA

As a data subject under POPIA, you have the following rights in respect of personal information we hold about you:

Right of access — you may request confirmation of whether we hold personal information about you and a description of that information.
Right to correction — you may request correction of inaccurate, incomplete, or outdated personal information.
Right to deletion — you may request that we delete or destroy personal information that is no longer necessary for the purpose for which it was collected, or where you have withdrawn consent and we have no other lawful basis to retain it.
Right to object — you may object to the processing of your personal information on grounds of legitimate interest, in which case we will cease processing unless we can demonstrate compelling legitimate grounds that override your interests.
Right to data portability — where technically feasible, you may request a structured machine-readable copy of personal information you have provided to us.
Right to lodge a complaint — you have the right to lodge a complaint with the Information Regulator of South Africa (details below).

To exercise any of these rights, contact our Information Officer at privacy@smartkwam.co.za. We will respond within 30 days of receiving your request.

Information Regulator of South Africa

JD House, 27 Stiemens Street, Braamfontein, Johannesburg, 2001

Email: inforeg@justice.gov.za

Website: www.justice.gov.za/inforeg

10. Children's Privacy

11. Third-Party Services

Our Services may contain links to third-party websites or services. This policy does not apply to those external sites, and we are not responsible for their content or privacy practices.

12. Changes to This Privacy Policy

13. Contact & Information Officer

If you have questions about this policy or wish to exercise any of your rights under POPIA, please contact our designated Information Officer:

AdvannoSmart (Pty) Ltd — Information Officer

Email: privacy@smartkwam.co.za

General enquiries: support@smartkwam.co.za

Website: advannosmart.co.za

1. Who We Are

2. Information We Collect

2.1 Account Information

2.2 Smart Home Device Data

2.3 Usage and Analytics Data

2.4 Technical and Device Data

3. How We Use Your Information

4. Legal Basis for Processing

5. Data Sharing & Disclosure

6. International Transfers

7. Data Retention

8. Data Security

9. Your Rights Under POPIA

10. Children's Privacy

11. Third-Party Services

12. Changes to This Privacy Policy

13. Contact & Information Officer

Privacy Policy

1. Who We Are

2. Information We Collect

2.1 Account Information

2.2 Smart Home Device Data

2.3 Usage and Analytics Data

2.4 Technical and Device Data

3. How We Use Your Information

4. Legal Basis for Processing

5. Data Sharing & Disclosure

6. International Transfers

7. Data Retention

8. Data Security

9. Your Rights Under POPIA

10. Children's Privacy

11. Third-Party Services

12. Changes to This Privacy Policy

13. Contact & Information Officer