Privacy Policy
Last updated: 9 July 2026
1. INTRODUCTION
TrackMyApp.co.za ("we," "our," or "us") is committed to protecting your privacy and personal information in accordance with the Protection of Personal Information Act (POPIA) No. 4 of 2013 and other applicable South African privacy laws.
This Privacy Policy explains how we collect, use, process, and protect your personal information when you use our firearm licence and competency application tracking service.
2. DEFINITIONS (POPIA)
Personal Information: Information relating to an identifiable, living, natural person, including ID numbers, names, contact details, and other identifiers
Processing: Any operation performed on personal information, including collection, recording, organization, storage, updating, retrieval, alteration, consultation, use, dissemination, merging, linking, restriction, degradation, erasure, or destruction
Responsible Party: TrackMyApp.co.za as the party that determines the purpose and means of processing personal information
Data Subject: You, as the person to whom the personal information relates
3. INFORMATION WE COLLECT
3.1 Personal Information You Provide
Account Registration: Email address, password, display name
Profile Information: Phone number (optional), ID/passport number
Search Parameters: Application reference numbers, firearm serial numbers, ID numbers used in searches
Firearm Records: Voluntary firearm details you choose to save
3.2 Information Retrieved from Public Sources
We retrieve publicly available information from the official SAPS Firearms: Online Enquiry system, including:
Application status and processing information
Application dates and reference numbers
Firearm details (make, calibre, serial numbers) as displayed in public records
Status descriptions and updates
3.3 Technical Information
IP addresses and device identifiers
Browser type, version, and settings
Usage analytics and service interaction data
Session information and timestamps
3.4 Application Assistant Information
If you use our Application Assistant service to prepare firearm application documents, we collect additional personal information necessary to generate your motivation letter, testimonials, and supporting documents. This includes:
Identity Information: Full name, SA ID number, date of birth, gender, marital status
Contact and Address: Residential address, phone number, email address
Employment: Occupation, employer name
Background Declarations: Answers to background screening questions including criminal history, pending cases, domestic violence orders, mental health treatment, substance use, and employment history. Detail entries may include police station names, CAS numbers, and descriptions of circumstances
Training and Associations: Training institution, certificate numbers, association memberships, dedicated status information
Firearm Details: Make, model, calibre, action type, acquisition source, dealer information
Purpose Information: Reasons for the application, security situation descriptions, hunting or sport shooting activities, competition history
Referee Information: Names, ID numbers, contact details, and addresses of your nominated referees
Safe Storage: Safe make, model, type, mounting details, location, and photographs of your safe installation
Uploaded Documents: Copies of your ID, competency certificate, proof of residence, firearm invoice, completed SAPS forms, and other supporting documents
Payment Information: Transaction references processed through our payment processor (we do not store card numbers)
This information is used exclusively to generate your application documents and facilitate our review service. Your data is stored securely and only accessible to you and our team. We do not share this information with any third party except as required by law.
Special personal information: Some background questions may involve special personal information as defined by POPIA (such as health information or criminal history). We process this information solely for the purpose of preparing your firearm application documents, with your explicit consent given when you complete the Application Assistant wizard.
4. LEGAL BASIS FOR PROCESSING (POPIA COMPLIANCE)
We process your personal information under the following lawful bases as defined by POPIA Section 11:
4.1 Consent
You provide explicit, voluntary consent for us to process your personal information to provide tracking services.
4.2 Legitimate Interests
Processing necessary for pursuing our legitimate business interests in providing firearm application tracking services, provided such interests do not override your fundamental rights and freedoms.
4.3 Public Information
Processing of information that is deliberately made public through official SAPS systems, in accordance with POPIA Section 12.
5. HOW WE USE YOUR INFORMATION
Service Provision: To search for and retrieve application status information
Account Management: To create, maintain, and secure your user account
Data Storage: To save and organize your application searches and firearm records
Document Generation: To generate motivation letters and supporting documents using our Application Assistant service
Document Storage: To securely store uploaded documents (ID copies, certificates, photographs) needed for your application
Batch Statistics: To produce anonymised, crowd-sourced statistics about application processing times and trends, visible to all users
Service Improvement: To analyse usage patterns and improve our service (anonymised data)
Communication: To send transactional notifications, review status updates, and service-related emails
Security: To protect against unauthorised access and maintain service security
Legal Compliance: To comply with applicable laws and regulations
5A. AI PROCESSING OF PERSONAL DATA
Our Application Assistant service uses an AI document generation service to generate motivation letters and supporting documents based on the personal information you provide during the application wizard.
How It Works
Your personal details (name, ID number, address, background declarations, purpose information, and other wizard responses) are sent securely to our document generation technology
Your information is processed to generate your documents. No personal data is retained by the service provider after processing is complete
Generated documents are stored in your account and are accessible only to you and our authorised administrators
By using the Application Assistant, you consent to this processing. You may request details about how your data was processed by contacting us at .
5B. PAYMENT PROCESSING
Payments for the Application Assistant service (R325 for a Motivation Letter, R645 for the Complete Pack) are processed by our payment processor, which is PCI-DSS compliant.
We never receive, see, or store your credit or debit card numbers. All card data is handled entirely by our payment processor
We store only the transaction reference and payment status, so we can link your payment to your order
Our payment processor is PCI-DSS Level 1 certified
Payments are one-time charges. There are no recurring subscriptions or automatic renewals
5C. DOCUMENT UPLOADS
If you use the Application Assistant, you may upload documents such as copies of your ID, competency certificates, proof of residence, invoices, photographs of your safe installation, and completed SAPS forms.
Uploaded documents are stored securely. Only you and our authorised administrators can view your files
Documents are protected using industry-standard security measures
We retain uploaded documents for as long as your account is active or until you request their deletion
You may request deletion of all uploaded documents at any time by contacting
5D. REFEREE PORTAL
As part of the Application Assistant, you may nominate referees who will be contacted via a secure, token-based link to provide their testimonial. The referee portal collects the following information directly from your referees:
Full name, ID number, contact details, and residential address
Their relationship to you and how long they have known you
Their responses to the referee questionnaire
Referee links are single-use and expire after 30 days. Referees are data subjects under POPIA and have the same rights as any other data subject, including the right to access, correct, or request deletion of their information. Referees can exercise these rights by contacting .
You are responsible for informing your referees that they will receive a link from us and that their personal information will be collected and processed as described in this policy.
5E. BATCH STATISTICS
We collect and display anonymised, crowd-sourced batch statistics derived from the application data of all users. These statistics show processing trends, average timelines, and status distributions across different application batches.
Statistics are fully anonymised. No individual user, name, ID number, or application reference is exposed in the statistics
Data is aggregated at the batch level (grouped by the first four characters of the SAPS reference number) and cannot be traced back to any individual
All registered users contribute to and benefit from these statistics. There is no opt-out for aggregated statistics because the data is fully anonymised and does not constitute personal information under POPIA
5F. EMAIL COMMUNICATIONS
We send emails for the following purposes:
Transactional notifications: Order confirmations, payment receipts, and submission status updates related to the Application Assistant
Admin review updates: Notifications when your submitted application has been reviewed, approved, or requires changes
Lead follow-up emails: Occasional follow-up messages from our team if you started but did not complete the Application Assistant process
Emails are sent via our email delivery service. We do not sell or share your email address with third parties for marketing purposes. You may opt out of non-essential emails by contacting us.
6. YOUR RIGHTS UNDER POPIA
As a data subject under POPIA, you have the following rights:
6.1 Right to Access (Section 23)
You can request confirmation of whether we process your personal information and access to that information.
6.2 Right to Correction (Section 24)
You can request correction or updating of inaccurate or incomplete personal information.
6.3 Right to Deletion (Section 25)
You can request deletion of your personal information under certain circumstances.
6.4 Right to Object (Section 11(3))
You can object to the processing of your personal information in certain circumstances.
6.5 Right to Data Portability
You can request your data in a structured, commonly used, machine-readable format.
6.6 Right to Withdraw Consent
You can withdraw your consent for processing at any time, though this may limit service functionality.
7. DATA SHARING AND DISCLOSURE
We do not sell, trade, or otherwise transfer your personal information to third parties without your consent, except:
7.1 Data Processors
We use trusted third-party service providers for database hosting, payment processing, email delivery, and document generation. All providers are contractually bound to protect your data and handle your information in accordance with applicable data protection laws.
7.2 Legal Requirements
We may disclose information when required by law, court order, or government request in accordance with POPIA Section 37.
7.3 Public Information Access
We access publicly available information from SAPS systems using the same interface available to individual users.
8. DATA SECURITY
We implement appropriate technical and organizational measures to ensure security of personal information, including:
Your data is stored securely and only accessible to you and our team. We use industry-standard security measures to protect your personal information, regularly review our security practices, and collect only the information necessary to provide our services.
9. DATA RETENTION
We retain personal information only for as long as necessary to fulfill the purposes for which it was collected:
Active Accounts: Data retained while account is active and service is used
Inactive Accounts: Data retained for 2 years after last activity, then archived
Deleted Accounts: Data permanently deleted within 90 days of deletion request
Legal Requirements: Some data may be retained longer if required by law
Security Logs: Technical logs retained for 12 months for security purposes
10. INTERNATIONAL TRANSFERS
Some of our service providers may process data outside South Africa. We ensure that:
Transfers comply with POPIA Chapter 9 requirements
Adequate level of protection is maintained
Appropriate safeguards are in place
You are informed of any transfers
11. COOKIES AND TRACKING
We use essential cookies and similar technologies to:
Maintain your login session
Remember your preferences (theme, settings)
Ensure website security and functionality
You can control cookie settings through your browser preferences. Disabling cookies may limit service functionality.
12. CHILDREN'S PRIVACY
Our service is not intended for individuals under 18 years of age. We do not knowingly collect personal information from minors. If we become aware that we have collected information from a minor, we will take steps to delete it promptly.
In accordance with POPIA Section 35, any processing of children's information would require additional safeguards and parental consent.
13. DATA BREACH NOTIFICATION
In the event of a data breach that poses a risk to your rights and freedoms, we will:
Notify the Information Regulator within 72 hours (as required by POPIA)
Inform affected users without undue delay
Provide clear information about the nature of the breach
Explain the steps we are taking to address the breach
Recommend actions you can take to protect yourself
14. CONTACT INFORMATION
For privacy-related inquiries, to exercise your rights, or to make complaints:
Privacy Contact:
Data Protection Officer: Available upon request
Response Time: Within 30 days (POPIA requirement)
Address: Available upon request for formal complaints
Information Regulator (South Africa)
If you are not satisfied with our response to your privacy concerns, you may lodge a complaint with:
Information Regulator (South Africa)
Website: www.inforegulator.org.za
Email: enquiries@inforegulator.org.za
Phone: +27 12 406 4818
15. CHANGES TO THIS PRIVACY POLICY
We may update this Privacy Policy to reflect changes in our practices, technology, or legal requirements. We will:
Post the updated policy on our website
Notify you via email of significant changes
Provide at least 30 days notice before changes take effect
Seek additional consent if required by law
POPIA Compliance Commitment
This Privacy Policy demonstrates our commitment to protecting your personal information in accordance with the Protection of Personal Information Act (POPIA) and maintaining the highest standards of data privacy and security.
Privacy Policy Version: 2.0 | Last Updated: 2026/07/09 | Next Review Date: 2027/07/09