Privacy Policy
Effective: February 2026
Last Updated: February 2026
1. Overview & Scope
This policy explains what data we collect, why we collect it, and how we protect it across all Pincident services.
This Privacy Policy applies to all Pincident services, including our website, mobile applications, and application programming interface (API). It describes the personal information we collect when you use the Pincident platform, the purposes for which we use that information, how we share it, and the choices available to you regarding our use of your data.
Pincident is a civic incident reporting platform that enables communities to share, verify, and respond to local events. Because our platform is built around geographic data and community participation, we take particular care to be transparent about how we handle location information and user-generated content.
This policy should be read together with our Terms of Service, Content Moderation Policy, and Governance Model, which together govern your use of Pincident.
2. Legal Bases for Processing
We process your data only when we have a lawful reason to do so.
Under the Protection of Personal Information Act (POPIA) Section 11 and the General Data Protection Regulation (GDPR) Article 6, we rely on the following legal bases for processing your personal information:
Where we rely on your consent as the legal basis for processing, you have the right to withdraw that consent at any time. Withdrawing consent does not affect the lawfulness of processing carried out before withdrawal. You can withdraw consent through your account privacy settings or by contacting us at privacy@pincident.com.
| Processing Activity | Legal Basis | Details |
|---|---|---|
| Account management & service delivery | Contractual necessity | Required to provide the service you signed up for |
| Location services & dent placement | Consent | You choose to share location; can withdraw via device settings |
| Safety, fraud prevention & moderation | Legitimate interest | Protecting users and platform integrity |
| Brass score calculation & content ranking | Legitimate interest | Maintaining content quality and trust |
| Advertising (localized) | Consent / Legitimate interest | Serving relevant ads based on geographic context |
| Legal compliance & dispute resolution | Legal obligation | Meeting regulatory and legal requirements |
| Analytics & platform improvement | Legitimate interest | Improving service quality and reliability |
3. Information You Provide
We collect information you give us directly when you create an account and use the platform.
Account information. When you register for Pincident, we collect your email address, username, and password. You may optionally provide a display name, biography, and profile image to personalize your account.
User-generated content. We collect the content you create on the platform, including dents, comments, validation votes, and media uploads such as photos and videos. This content is stored and displayed according to the privacy settings of the net where it is posted.
Payment information. If you make a purchase or transaction through Pincident, payment details are processed by our third-party payment providers. We do not store your credit card numbers or full payment credentials on our servers.
Communications. When you contact us for support, submit feedback, or participate in surveys, we collect the content of those communications along with any contact information you provide.
4. Location Information
Location data powers core features like dent placement and net boundaries, and you control how it is shared.
GPS and device sensors. With your permission, we collect precise location data from your device's GPS and other sensors. This information is used for placing dents on the map and determining your proximity to net boundaries.
IP-derived location. We derive an approximate location from your IP address. This provides a general geographic area and is used when precise location data is unavailable.
Background location. If you enable background location collection, Pincident may access your location even when the application is not actively in use. This allows you to receive relevant alerts about incidents near you. You can disable background location at any time through your device settings.
Historical location data. Location information is embedded in the dents you post. This data remains associated with your content as long as the dent exists on the platform.
How to control location sharing. You can manage location access through your device operating system settings, application-level permissions within Pincident, and the per-dent location toggle that allows you to exclude location data from individual posts.
5. Device & Technical Information
We collect technical data about your device and how you interact with the platform.
When you access Pincident, we automatically collect certain technical information, including:
- Device type, model, and operating system version
- Browser type and version
- IP address
- Unique device identifiers
- Application logs and diagnostic data
- Pages visited, features used, and session duration
- Sensor data (such as accelerometer and gyroscope readings) if used for platform features
This information helps us deliver a stable and secure experience across different devices and browsers, diagnose technical problems, and improve platform performance.
6. Cookies & Tracking Technologies
We use cookies and similar technologies for functionality, analytics, and advertising.
| Category | Purpose | Examples |
|---|---|---|
| Essential | Core functionality, authentication, security | Session cookies, CSRF tokens |
| Functional | Preferences, language, display settings | Theme preference, notification settings |
| Analytics | Usage patterns, performance monitoring | Page views, feature adoption, error rates |
| Advertising | Serving location-relevant ads, measuring ad effectiveness | Ad interaction tracking, frequency capping |
Third-party analytics and advertising services may set their own cookies when you use Pincident. We will identify specific third-party providers in our cookie consent interface, which is presented when you first access the platform and can be revisited through your privacy settings.
We do not currently respond to Do Not Track browser signals. You can manage cookie preferences through your browser settings or our in-app privacy controls.
7. How We Use Your Information
We use your data to operate, secure, and improve Pincident.
We use the information we collect for the following purposes:
- Operating, maintaining, and improving the Pincident platform
- Powering content ranking, feed personalization, and the validation system
- Delivering location-relevant content based on your nets and proximity
- Detecting and preventing abuse, fraud, and policy violations
- Calculating and maintaining brass credibility scores
- Serving localized advertising based on geographic context
- Conducting analytics to improve platform performance and reliability
- Complying with legal obligations and responding to lawful requests
8. Advertising & Monetization
We fund Pincident through localized ads based on geography, not by selling your personal data.
Pincident is funded through localized advertising. Ads displayed on the platform are targeted based on geographic context, including your current location area, net membership, and regional relevance. Advertising on Pincident is not based on personal profiles sold to advertisers.
We do not sell your personal information to anyone, for any purpose.
You can opt out of personalized advertising through the privacy settings in your Pincident account. If you opt out, you will still see advertisements on the platform, but they will be less tailored to your geographic context.
9. Sharing Your Information
We share data only with other users as you direct, with service providers under contract, and when legally required.
Other Users
Your public dents and comments are visible to other Pincident users based on the privacy settings of the net where they are posted. Profile information you choose to make public, such as your username, display name, and biography, is visible to other users. Your brass score is also visible to other community members.
Service Providers
We engage trusted third-party companies to help us operate the platform. These providers offer services such as hosting and infrastructure, analytics, payment processing, email delivery, and customer support tools. All service providers operate under data processing agreements that restrict how they may use your information.
Advertising Partners
We share only aggregated and anonymized data with advertising partners. We never share your name, email address, or account details with advertisers without your explicit consent.
Legal Authorities
We may disclose your information when required by law, court order, or subpoena, or when we believe in good faith that disclosure is necessary to prevent imminent harm to individuals.
Corporate Transactions
In the event of a merger, acquisition, or sale of assets, your personal information may be transferred as part of that transaction. We will notify you before your data becomes subject to a different privacy policy.
With Your Consent
We may share your information with third parties when you explicitly direct us to do so.
10. International Data Transfers
Your data is primarily processed in South Africa and may be transferred internationally with appropriate safeguards.
Pincident primarily processes and stores data in South Africa. Cloud infrastructure and hosting services may process data in South Africa, the European Union, and the United States. Your information may also be transferred to other countries as necessary for service delivery.
When we transfer personal data across borders, we implement appropriate safeguards, including Standard Contractual Clauses (SCCs) where required by applicable law. We ensure that all international transfers of personal information meet the requirements of POPIA and GDPR.
11. Data Retention
We keep your data only as long as needed for the purpose it was collected.
| Data Category | Retention Period | Basis |
|---|---|---|
| Account information | Duration of account + 30 days after deletion | Service provision |
| Dent content | Duration of account; de-identified aggregate data may persist | Platform integrity |
| Location history | 24 months from collection, then anonymized | Service improvement |
| Device and usage logs | 12 months | Security and analytics |
| Support communications | 24 months from resolution | Service quality |
| Payment records | As required by applicable tax and financial law | Legal obligation |
When you delete your account, we remove your profile and personal content from public view within 30 days. De-identified aggregate data (such as anonymized location patterns and validation statistics) may be retained for platform integrity and improvement.
12. Data Security
We protect your information with encryption, access controls, and continuous monitoring.
We implement technical and organizational measures to safeguard your personal information, including:
- Encryption of data in transit (TLS) and at rest
- Role-based access controls limiting who can access personal data
- Regular security assessments and penetration testing
- Monitoring for unauthorized access attempts
Breach notification. Under POPIA Section 22, we notify the Information Regulator as soon as reasonably possible after becoming aware of a data breach. Under GDPR Article 33, we notify the relevant supervisory authority within 72 hours of becoming aware of a breach. Affected users are notified without unreasonable delay when the breach poses a risk to their rights and freedoms.
13. Children's Privacy
Pincident is not intended for users under 16, and we do not knowingly collect their data.
Pincident is not intended for users under the age of 16. We do not knowingly collect personal information from anyone under 16. If you are under 16, please do not create an account or submit any personal information through the platform.
If we learn that we have collected personal information from a user under the age of 16, we will take steps to delete that information promptly. Parents or guardians who believe their child has provided personal information to Pincident can report underage accounts to privacy@pincident.com.
14. Your Privacy Rights
You have rights over your personal data, and we provide clear ways to exercise them.
South Africa (POPIA)
Under the Protection of Personal Information Act, you have the following rights:
- Right to access your personal information
- Right to request correction of inaccurate data
- Right to request deletion of your personal information
- Right to object to processing based on legitimate interest
- Right to lodge a complaint with the Information Regulator
Contact the Information Regulator: https://inforegulator.org.za/
European Economic Area & United Kingdom (GDPR)
Under the General Data Protection Regulation, you have the following rights:
- Right of access (Article 15)
- Right to rectification (Article 16)
- Right to erasure (Article 17)
- Right to data portability (Article 20)
- Right to restrict processing (Article 18)
- Right to object to processing (Article 21)
- Right to withdraw consent at any time
- Right to lodge a complaint with your local supervisory authority
California (CCPA)
Under the California Consumer Privacy Act, you have the following rights:
- Right to know what personal information we collect and how we use it
- Right to request deletion of your personal information
- Right to opt out of the sale of personal information (we do not sell your data)
- Right to non-discrimination for exercising your rights
To exercise any of these rights, contact us at privacy@pincident.com. We respond within 30 days for POPIA and GDPR requests, and within 45 days for CCPA requests.
15. Pseudonymity
You can use a pseudonym on Pincident, but your identity may be disclosed in response to valid legal process.
You may use a pseudonymous username on Pincident. Your dents, comments, and other contributions are attributed to your chosen username, not your legal name. However, we may be required to disclose your identity in response to valid legal process, court orders, or to protect the safety of our users.
16. Public Content & Location-Linked Data
Content posted in public nets is visible to all users and is geographically anchored.
Dents posted in public nets are visible to all Pincident users and may be accessible via the Pincident API. This content is geographically anchored and associated with the location where it was created.
Be mindful of the information you share in public nets. Do not post sensitive personal details such as home addresses, phone numbers, or financial information in public dents.
Public content may be indexed by search engines or accessed through authorized third-party integrations.
17. Safety & Automated Processing
We use automated systems for safety and moderation, and you can request human review of automated decisions.
We use automated systems for abuse detection, spam prevention, fraud identification, and content moderation. These systems help us maintain a safe environment for all users in accordance with our Content Moderation Policy.
The brass credibility score is calculated using automated processing that considers factors such as reporting accuracy, community participation, and policy compliance.
Under GDPR Article 22, you have the right to not be subject to decisions based solely on automated processing that significantly affect you. You may request human review of any automated decision, including brass score adjustments, by contacting us at privacy@pincident.com.
18. Net-Level Privacy
Privacy settings differ between public and private nets, and moderators have limited visibility into member activity.
Privacy on Pincident operates differently depending on the type of net:
- Public nets: Content is visible to all Pincident users. Member lists may be publicly visible.
- Private nets: Content is visible only to members of the net. Membership is not publicly disclosed.
Net moderators (owners, admins, and moderators) can see member activity within their net, including posts, comments, and validation history. However, net moderators cannot access your private account data, direct messages, or your activity in other nets.
19. Third-Party Services
Third-party services linked from or embedded in Pincident have their own privacy policies.
Pincident may contain links to third-party websites and services that are governed by their own privacy policies. We encourage you to review the privacy practices of any third-party service before providing your information.
Embedded content (such as maps or media) from third parties may independently collect data about your interaction with that content.
If we offer third-party login options, connecting your account shares information as described during the connection process.
We are not responsible for the privacy practices of third-party services.
20. Changes to This Policy
We will notify you at least 30 days before material changes take effect.
We may update this Privacy Policy to reflect changes in our practices, services, or legal requirements. For material changes, we will notify you at least 30 days in advance through a platform notification and, where possible, via the email address associated with your account.
The "Last Updated" date at the top of this policy indicates when it was most recently revised. Your continued use of Pincident after the effective date of changes constitutes acceptance of the updated policy.
21. Data Protection Officer
Our Information Officer and Data Protection Officer can be reached at privacy@pincident.com.
Pincident's Information Officer (as designated under POPIA) and Data Protection Officer (as designated under GDPR) can be reached at:
- Email: privacy@pincident.com
- Physical address: No.4 16th Avenue, Cape Town, 7430
The Information Officer is registered with the South African Information Regulator as required by POPIA.
22. Contact & Complaints
Reach us for any privacy concern, or escalate to the relevant regulatory authority.
General privacy inquiries: privacy@pincident.com
Physical address: No.4 16th Avenue, Cape Town, 7430
South Africa (POPIA): The Information Regulator, P.O. Box 31533, Braamfontein, Johannesburg, 2017. Website: https://inforegulator.org.za/
European Union (GDPR): You may lodge a complaint with your local data protection supervisory authority.
We aim to respond to all privacy-related inquiries within 14 business days.