Data Security & Retention Policy

1. Data security measures

All personal data is stored in an encrypted database.
Profile photographs are stored in a private, access-controlled storage system. Photos are not accessible directly by URL — they are served via time-limited authenticated links generated server-side.
Emergency profile data is publicly readable only via your permanent card URL. You explicitly consent to this public accessibility when creating your account.
Account access is protected by email and password authentication.
The platform administrator has access to all account data for operational purposes — this is disclosed in our Privacy Policy.
No personal data is sold or shared with third parties.

2. Data retention periods

Data state	Retention period
Active account	For the duration of the subscription
Grace period (0–60 days past expiry)	Full profile retained and displayed with banner
Expired (60+ days past expiry)	Critical fields displayed; full data retained in database pending review
Deactivated account	90 days post-deactivation, then permanently deleted
Emergency page access logs	12 months, then purged. No personal data is stored in access logs.
Account deletion requests	Actioned within 30 days, with confirmation to the data subject

3. Breach notification

If a data breach occurs affecting your personal information, TrailSOS will notify the Information Regulator and affected individuals as soon as reasonably possible, in accordance with Section 22 of POPIA.

4. Your right to deletion

You may request deletion of your personal information at any time by contacting our Information Officer. Requests are actioned within 30 days. Note that deletion of your account will permanently deactivate your NFC card.

Contact: Contact page or privacy@trailsos.co.za