Last updated: May 22, 2026
In this Agreement:
You, as the Responsible Party, determine the purpose and means of processing personal data through the Insyte Tracker platform. This includes the decision to record, upload and analyse video footage of your field technicians.
Insyte Tracker acts as the Operator and processes personal data solely on your instructions and for the purpose of providing the Service. We do not process personal data for any purpose beyond what is necessary to deliver the platform's functionality.
As the Responsible Party, you are responsible for:
Through your use of Insyte Tracker, the following categories of personal data may be processed:
Personal data is processed for the following purposes only:
We do not use your data or your technicians' data for any secondary purpose, including marketing, advertising or AI model training without explicit written consent.
Insyte Tracker is committed to compliance with the Protection of Personal Information Act 4 of 2013 (POPIA). In accordance with POPIA, we process personal information only:
As the Responsible Party, you are required to appoint an Information Officer under POPIA and register with the Information Regulator of South Africa where required by law.
Data subjects whose information is processed through your use of the platform have the right to request access to, correction of or deletion of their personal information. Such requests should be directed to you as the Responsible Party in the first instance.
For clients based in the European Economic Area or who process data of EEA residents, Insyte Tracker processes personal data in accordance with the General Data Protection Regulation (GDPR). The lawful basis for processing is the performance of a contract (Article 6(1)(b)) and legitimate interests (Article 6(1)(f)).
Where required, we will enter into standard contractual clauses or other appropriate transfer mechanisms for the transfer of personal data outside the EEA.
Personal data is retained only for as long as necessary to provide the Service:
Insyte Tracker implements the following technical and organisational security measures to protect personal data:
We use the following subprocessors to deliver the Service. All subprocessors are contractually bound to protect personal data to the same standard as this Agreement:
| Subprocessor | Purpose | Location |
|---|---|---|
| Supabase | Database, authentication and user management | EU / USA |
| Cloudflare R2 | Encrypted video storage | Global CDN |
| Google Gemini | AI video analysis and content understanding | USA |
| Anthropic Claude | AI report writing and structured output | USA |
| Resend | Transactional email delivery | EU |
| Railway | Application hosting and infrastructure | USA |
We will notify you of any changes to our subprocessors that may affect your data protection obligations.
In the event of a personal data breach that is likely to result in a risk to the rights and freedoms of data subjects, Insyte Tracker will notify you without undue delay and within 72 hours of becoming aware of the breach, in accordance with POPIA and GDPR requirements.
The notification will include the nature of the breach, the categories and approximate number of data subjects affected, the likely consequences of the breach and the measures taken or proposed to address it.
Data subjects whose personal information is processed through the platform have the following rights, which you as the Responsible Party are obligated to facilitate:
To assist with data subject requests, contact us at [email protected] and we will respond within 30 days.
Some of our subprocessors are located outside South Africa and the EEA. Where personal data is transferred internationally, we ensure appropriate safeguards are in place, including standard contractual clauses, adequacy decisions or other legally recognised transfer mechanisms.
This DPA remains in force for the duration of your subscription to Insyte Tracker. Upon termination of your subscription, we will delete all personal data processed on your behalf within 30 days, unless retention is required by applicable law.
For any queries relating to this Data Processing Agreement, data subject requests or data protection matters, please contact:
For complaints relating to the processing of your personal information under POPIA, you may also contact the Information Regulator of South Africa at inforeg.org.za.