Group 19 Cybersecurity (Pty) Ltd ("Group 19", "we", "us", "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, and safeguard your information in compliance with the Protection of Personal Information Act (POPIA) of South Africa.
1. Information We Collect
1.1 Information You Provide
- Account Information: When you sign up, we collect your name, company name, email address, and billing information.
- Employee Data: To facilitate phishing simulations and training, you may upload or sync (via Directory Sync) the names, email addresses, and department information of your employees ("Data Subjects").
- Usage Data: We collect data on how your employees interact with the Service (e.g., whether they opened a simulation email, clicked a link, or passed a quiz).
1.2 Information We Do NOT Collect
- We do not store user passwords or any other information captured via our simulated landing backges.
- We do not monitor your employees' personal browsing habits outside of our simulated landing pages.
2. How We Use Your Information
We process personal information only for the purpose of providing the Service:
- To deliver the weekly security newsletters and simulation emails.
- To generate risk scores and compliance reports for your organisation.
- To bill and collect money for your use of the Service.
- To communicate with you regarding your account or service updates.
3. Information Sharing and Disclosure
We do not sell, trade, or rent your personal information to others.
We may share generic aggregated demographic information not linked to any personal identification information regarding visitors and users with our business partners for the purposes of improving our Service (e.g., "Industry Benchmark Reports").
We may disclose your information to:
- Service Providers: Third-party vendors who provide services on our behalf (e.g., payment processing, email delivery infrastructure), provided they agree to keep this information confidential and compliant with POPIA.
- Legal Requirements: If required by law or in the good faith belief that such action is necessary to comply with a legal obligation, protect and defend the rights or property of Vigilance Signal, or protect the safety of the public.
4. Data Security
We implement appropriate technical and organisational measures to secure your personal information from unauthorised access, use, disclosure, alteration, or destruction.
- All data is encrypted in transit (TLS 1.2+) and at rest.
- Access to production data is restricted to authorised engineering staff on a need-to-know basis.
- We regularly conduct security audits and vulnerability assessments.
5. Your Rights (POPIA)
As a Data Subject or Responsible Party under POPIA, you have the right to:
- Access: Request a copy of the personal information we hold about you or your organisation.
- Correction: Request that we correct or update any inaccurate personal information.
- Deletion: Request that we delete your personal information (subject to our legal obligations to retain certain records).
- Objection: Object to the processing of your personal information.
To exercise these rights, please contact our Information Officer at support@vigilancesignal.com.
6. International Data Transfers
If you are located in South Africa, note that some of our infrastructure may be hosted in data centers outside of South Africa (e.g., AWS/Azure regions in Europe or the US). We ensure that these jurisdictions provide an adequate level of protection for personal information or that we have entered into appropriate data transfer agreements.
7. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Effective Date" at the top.
8. Contact Us
If you have any questions about this Privacy Policy, please contact us: