Privacy Policy
1. Who this policy applies to
This Privacy Policy applies to personal information processed through the ILSS (Integrated Logistic Support System) platform, including the websites at ilss.co.za, admin.ilss.co.za, phone.ilss.co.za, api.ilss.co.za, docs.ilss.co.za and flow.ilss.co.za.
ILSS is a private B2B platform operated for industrial operators and authorised partners. In most cases, ILSS acts as an Operator (as defined in the Protection of Personal Information Act, 4 of 2013 — "POPIA") for personal information processed on instruction of a customer who is the Responsible Party. In other cases (e.g. enquiries via this marketing website, security disclosures) ILSS itself is the Responsible Party.
2. Information we process
| Category | Examples | Role |
|---|---|---|
| Account information | Name, work email, role, organisation, encrypted password hash, MFA secret (if enabled), preferred language. | Operator on behalf of the customer. |
| Operational data | Tickets, job cards, work entries, exception reports, photos, notes, sign-offs, training records, equipment configuration data. | Operator on behalf of the customer. |
| Authentication & session data | JWT access and refresh tokens, IP address at sign-in, user-agent, sign-in timestamps, MFA challenges. | Operator. Used for security and audit. |
| Audit logs | Who did what and when in the platform — required for accountability and customer service-level reporting. | Operator. |
| Communications | Email you send to support@, security@, privacy@, legal@ or hello@ilss.co.za. | Responsible Party (ILSS). |
| Technical telemetry | Edge logs (request URL, status, latency, IP, user-agent) generated by Cloudflare to operate the service securely. | Operator / Responsible Party as applicable. |
3. Why we process it
- To provide the service to the customer (authentication, authorisation, executing the workflows the platform exists to run).
- To secure the service (rate limiting, abuse detection, audit logging, incident response).
- To meet contractual and legal obligations (service-level reporting to the customer, compliance with POPIA and applicable South African law).
- To answer enquiries sent to our contact addresses.
4. Legal basis
Processing is justified under one or more of the following grounds in section 11 of POPIA: performance of a contract; compliance with a legal obligation; protection of a legitimate interest of the data subject; or pursuit of the legitimate interests of the Responsible Party or a third party to whom the information is supplied.
5. Where data is stored
Application data is stored in Cloudflare D1 (a serverless SQLite service replicated across Cloudflare's global edge), Cloudflare R2 (object storage for files and attachments) and Cloudflare KV (sessions and short-lived caches). All data is encrypted in transit (TLS 1.2+) and at rest. Backups and operational copies are subject to the same controls.
6. Sharing
We do not sell personal information. We share it only:
- with the customer organisation (Responsible Party) whose tenant the information belongs to, including that customer's authorised administrators;
- with our service providers (Cloudflare for hosting, edge networking and storage) under contractual confidentiality and processing terms equivalent to those required by POPIA;
- where required by law, court order, or to protect the rights, property or safety of ILSS, our customers or others.
7. Retention
Customer data is retained for the duration of the customer relationship and, after termination, for any period reasonably necessary for legal, accounting, audit or evidentiary purposes — typically not more than seven (7) years. Audit logs are retained for a minimum of one (1) year. Marketing-website enquiry emails are retained for up to two (2) years unless you request deletion earlier.
8. Your rights
Subject to POPIA, you have the right to:
- request access to the personal information we hold about you;
- request correction or deletion of information that is inaccurate, irrelevant, excessive, out of date, incomplete, misleading or obtained unlawfully;
- object to processing on the grounds permitted by POPIA;
- lodge a complaint with the Information Regulator (South Africa) — see inforegulator.org.za.
Where ILSS is processing data on behalf of a customer (Operator), we will route your request to that customer and assist them in fulfilling it. To exercise these rights, email privacy@ilss.co.za with the information described on the contact page.
9. Cookies and similar technology
The marketing site at ilss.co.za uses no analytics cookies, no advertising cookies and no third-party trackers. The application surfaces (admin., phone.) use strictly necessary storage for authentication tokens, offline data and user preferences — those are not used for tracking and are scoped to the device.
10. Security
See the security page for a detailed description of the controls we apply, our responsible-disclosure programme and how to report an issue.
11. Changes
We will publish any material change to this policy at this URL and update the "Last updated" date. Material changes affecting customers will additionally be notified through the customer's normal communication channel.
12. Contact
Privacy queries: privacy@ilss.co.za. See the contact page for postal address and other routes.