Legal

Terms of Service

Last updated 19 June 2026
Plain-English summary. itemtrack is asset-tracking software for South African businesses — you track tools, equipment, and stock by scanning them on a phone. By signing up you agree to these terms. We've kept them simple and easy to exit. If anything seems unclear or unfair, tell us and we'll try to improve it.

1. Who we are

itemtrack is operated by Ironsyde (Pty) Ltd ("itemtrack", "we", "us", "our"), a company incorporated in South Africa (registration number 2026/025235/07), of Cape Town, South Africa. These terms form a binding agreement between you (the business customer, "you" or "Customer") and Ironsyde (Pty) Ltd. The information required under section 43 of the Electronic Communications and Transactions Act, 2002 is available on request via our contact form.

2. What the service does

A subscription to a web dashboard plus a mobile scanner app that tracks your physical assets — items, tools, equipment, and stock. The service records scan events (with time, location, and an optional photo), supports inspections and reconciliations, exports your data, and optionally syncs to third-party systems (ERPs) where you configure a connector. Features may change — material changes are notified under section 20.

3. Your account

  • You are responsible for keeping your password and any device keys secret. If you think an account or device has been compromised, revoke it from the dashboard immediately and contact support.
  • You must be at least 18 and authorised to enter contracts on behalf of your business.
  • One account per business. Each person who needs access should have their own login — don't share credentials.

4. Acceptable use

Don't do any of the following with itemtrack:

  • Use the service to track or surveil people beyond the legitimate, disclosed purpose of knowing where your assets are and who handled them.
  • Add team members, or capture their location and scan photos, without telling them as required by section 5.
  • Attempt to break, reverse-engineer, scrape, or overload the service.
  • Re-sell access, or use a single subscription for multiple unrelated businesses.
  • Upload illegal content or content that infringes someone else's rights.

5. Your team members, location, and POPIA

itemtrack tracks assets, not people — but the mobile app does record which team member performed each scan, the device's location at that moment, and any photo they take. That is personal information about an identifiable person under the Protection of Personal Information Act, 2013 ("POPIA").

The Customer is the Responsible Party for its team members' personal information. itemtrack is the Operator, acting only on the Customer's documented instructions. This means:

  • The Customer must notify each team member of the matters listed in POPIA section 18 before adding them — including the identity and contact details of the Responsible Party (you), the purpose of collection, that scans capture location and photos, who the information is shared with (including itemtrack and the sub-processors in section 6), the right to object, and the right to complain to the Information Regulator (section 23).
  • The Customer must have a lawful basis under POPIA for tracking — typically the employment relationship and a legitimate operational interest in the location and custody of company assets.
  • If a team member objects or leaves, the Customer must mark them inactive in the dashboard.

6. Roles, sub-processors, and your data

  • Tenant data ownership. Your tenant data — items, locations, scan events, photos, inspections, reports — belongs to you. You can export it at any time from the dashboard.
  • Operator obligations. itemtrack processes personal information only on your documented instructions and in line with sections 20 and 21 of POPIA. We will assist you with data-subject requests (access, correction, deletion, objection).
  • Categories of sub-processor we use:
    • Cloud hosting and encrypted object storage — application servers and item/scan photo storage, in South Africa.
    • Transactional email provider — signup, password reset, invites, operational email.
    • SMS provider — one-time sign-in PINs and job notifications.
    • Push-notification provider (Google Firebase Cloud Messaging) — app notifications.
    • Subscription payments provider — PayFast, processing card payments for paid plans.
    • AI inspection assistant — a third-party language-model provider, used only when you choose the AI step-builder, and only on the checklist text you enter.
    • Third-party ERP integrations of your choosing — only where you enable a connector.

    We use a small number of named vendors within each category. On reasonable written request, and where you have a legitimate compliance reason, we'll share the current named list under NDA.

  • Adding or changing sub-processor categories. We'll give at least 30 days' email notice before introducing a new category of sub-processor that processes your personal information. Vendor swaps within an existing category don't require notice. If we change a category and you reasonably object, you may terminate the affected portion of the service without penalty.
  • No training, no sale. We will never use your data to train our own or anyone else's AI models, and we will never sell, rent, or disclose it to advertisers or data brokers.

7. Retention, deletion, and data subject rights

  • Self-serve deletion. An admin can delete items, team members, and other records directly in the dashboard at any time.
  • Tenant data. Retained for the life of your subscription so the service works.
  • Account closure. When you close your workspace, its database and photos are removed from active systems; copies in encrypted backups roll off automatically within our backup-retention cycle, after which they are permanently gone.
  • Data subject requests. Team members raise requests with you as the Responsible Party. You action them in the dashboard, or raise them with us via the contact form, and we'll assist within a reasonable time — typically 5 working days.
  • Export. You can export your tenant data (items, locations, scan events, inspections) as CSV/XLSX from the dashboard at any time while your subscription is active.

8. Security and data breaches

  • All data is encrypted in transit (TLS) and at rest. Each tenant's data lives in an isolated database; cross-tenant access is structurally impossible.
  • Passwords and device keys are stored as bcrypt hashes. Connector secrets are encrypted at rest with a dedicated key.
  • Access is controlled by role, logged, and reviewed periodically.
  • If we become aware of a compromise affecting your personal information, we'll notify you as soon as reasonably possible, with the information you need to meet your own notification obligations under POPIA section 22.

9. Your responsibilities

  • Notify your team members of everything required under POPIA section 18, including that scans capture location and photos (see section 5).
  • Maintain a lawful basis for tracking and for the personal information you load into itemtrack.
  • Designate your own Information Officer as required by POPIA, and make your PAIA manual available to data subjects.
  • Pay subscription fees on time. If a payment fails we'll email you; after 14 days of non-payment we may suspend the account.
  • Keep your device OS and the itemtrack app up to date.

10. Our responsibilities

  • Provide the service with reasonable skill and care.
  • Aim for high uptime. Scheduled maintenance is announced in advance; unplanned outages are rare but do happen.
  • Maintain encryption, access controls, per-tenant isolation, and backups.
  • Never sell your data or use it to train AI models.
  • Assist you with POPIA compliance as set out in sections 6, 7, and 8.

11. Free trial

New accounts start on a 14-day free trial — no card required. During the trial you have access to the plan's features subject to any limits shown at signup. We may change or end the trial offer for new signups at any time; this won't affect a trial already in progress.

12. Pricing and billing

  • Current pricing is published at itemtrack.co.za. We may change pricing with at least 30 days' email notice.
  • Subscriptions are billed in advance — monthly or annually, as chosen at signup — and renew automatically for the same period until cancelled.
  • Card payments are processed by PayFast, our South African payment gateway. Your card details are entered on PayFast's secure systems; we receive only a token and the transaction result, and never store your full card number.
  • Fees are in South African Rand (ZAR) and, where applicable, include VAT.

13. Cancellation, suspension, and exit

  • Cancel any time. Cancel from the dashboard whenever you like. Your subscription stays active until the end of the current billing period, then stops renewing. We do not provide pro-rata refunds for the unused portion of a period — you keep access until it ends.
  • 14-day money-back on your first subscription. If you're unhappy within 14 days of your first paid charge, email us and we'll refund that payment in full and close the subscription. This applies once per customer, to a first subscription only — renewals and any later subscriptions are covered by the no-pro-rata rule above. (Most customers evaluate on the free trial first; this is a safety net for anyone who commits to a plan and changes their mind quickly.)
  • By us, for non-payment. If a payment fails, we'll email you. After 14 days of non-payment we may suspend the account; after 60 days we may close it.
  • By us, for material breach. We may suspend or close immediately for breach of section 4 (acceptable use). We'll tell you why.
  • Export on exit. Export your tenant data from the dashboard before you close the account. After closure we remove your data as described in section 7.

14. Warranties and disclaimers

The service is provided "as is" and "as available". To the maximum extent permitted by law, we disclaim all implied warranties, including merchantability, fitness for a particular purpose, and non-infringement. We do not warrant that the service will be uninterrupted or error-free, or that GPS, scanning, or sync will be perfectly accurate.

Beta features. Features marked "beta", "preview", or "experimental" are excluded from any uptime or availability expectation and are provided on a best-effort basis.

15. Indemnity

You agree to indemnify and hold itemtrack harmless against third-party claims, including claims from your team members or the Information Regulator, arising from:

  • Your failure to notify team members or maintain a lawful basis as required by POPIA.
  • Your use of the service outside the scope of these terms or applicable law.
  • Content or data you upload that infringes a third party's rights.

16. Liability cap

To the maximum extent allowed by South African law, itemtrack's total liability to you under these terms is capped at the fees you paid us in the 12 months before the claim. We are not liable for indirect, consequential, or lost-profit damages.

17. Intellectual property

We own the itemtrack software, brand, and related IP. You own your tenant data. Nothing in these terms transfers ownership of our IP to you, or of your data to us. You grant us only the licence needed to operate the service on your behalf.

18. Confidentiality

Each party will keep the other's non-public information confidential and use it only to perform or use the service. This obligation survives termination for three years.

19. Force majeure

Neither party is liable for delays or failures caused by events beyond its reasonable control — including load-shedding, natural disasters, cyber attacks on upstream providers, or government action. The affected party must notify the other and do what it reasonably can to minimise the impact.

20. Electronic communications, notices, and changes

You consent to receive notices from us by email at the address on your account; this is valid written communication for purposes of the Electronic Communications and Transactions Act, 2002, and you must keep that address current. We may update these terms occasionally — material changes are emailed to the address on file at least 14 days before they take effect, and continuing to use the service after that means you accept the new terms.

21. Consumer Protection Act

This service is sold to businesses. The Customer confirms it is a juristic person and that the Consumer Protection Act, 2008 does not apply to this agreement under section 5(2)(b), either because the Customer's asset value or annual turnover exceeds the threshold determined by the Minister, or because the Customer otherwise falls outside the Act's application.

22. Governing law and disputes

These terms are governed by the laws of the Republic of South Africa, and disputes are subject to the exclusive jurisdiction of the South African courts. The parties will try to resolve disputes in good faith by email or a meeting before starting formal proceedings.

23. Information Officer and the Information Regulator

24. Contact

Questions or complaints? Send us a message.

Note on this document. These are general-purpose terms written for clarity, not a substitute for formal legal advice. Have a South African attorney review before relying on them. Items highlighted in yellow need real values filled in before this goes live.