SkyAri Privacy & Data Protection Policy
(POPIA & ISP Compliance Edition – Last updated: January 2025)

1. Introduction

SkyAri (powered by Openserve) takes your privacy seriously. This Privacy & Data Protection Policy explains how we collect, use, store, and protect your personal information in line with the Protection of Personal Information Act, 2013 (POPIA) and relevant ISPA and ICASA guidelines.

This policy applies to all personal information processed through:

  • our website, apps, and online forms,
  • lead-generation and sign-up processes,
  • fibre and Wi-Fi installation and management systems,
  • ongoing service delivery, billing, and support activities.

By using our services, you consent to the practices described in this policy.

2. Key Definitions

  • Personal Information – any information relating to an identifiable person.
  • Processing – any activity involving personal data.
  • Responsible Party – SkyAri.
  • Operator – a third-party processing information for SkyAri.
  • Data Subject – the individual whose data is processed.

3. POPIA Compliance Principles

  1. Accountability
  2. Processing Limitation
  3. Purpose Specification
  4. Further Processing Limitation
  5. Information Quality
  6. Openness
  7. Security Safeguards
  8. Data Subject Participation

4. Information We Collect

4.1 Website and Comment Data

  • Comment data, IP address, and browser user-agent (spam prevention).
  • Gravatar hash for profile display.
  • Comments and metadata stored indefinitely.

4.2 Media Uploads

  • Remove GPS EXIF data before uploading images.

4.3 Contact and Lead Forms

  • Name, contact details, address, service interest.
  • Temporary credentials for fibre/Wi-Fi setup (encrypted only, deleted after onboarding).

4.4 Customer Account & Service Data

  • Contact info, installation address, ID (if required).
  • Service, billing, and usage records.
  • Device IDs, IP data.
  • Recorded calls (with notice).
  • Technical logs for ISP compliance.

4.5 Cookies & Tracking

  • Improves browsing and saves preferences.
  • Comment cookies: 1 year.
  • Login cookies: 2 days.
  • Display cookies: 1 year.
  • Temporary compatibility cookies removed on browser close.

4.6 Embedded Content

External embedded content behaves as if viewed on its original site.

4.7 Analytics

  • Used for performance and UX improvements.
  • Pseudonymised where possible.

5. Purpose and Legal Basis for Processing

PurposeLegal Basis
Account creation, lead management, onboardingContractual necessity
Billing and paymentsContractual necessity
Maintenance, support, troubleshootingLegitimate interest
Service updates, outagesLegitimate interest
MarketingConsent
Compliance with ICASA, ISPA, taxLegal obligation
Fraud prevention, securityLegal obligation

We do not sell or rent your personal information.

6. How We Protect Your Information

6.1 Technical Safeguards

  • Encryption at rest and in transit.
  • Hashed or encrypted credentials.
  • Role-based access + 2FA.
  • Security audits.
  • Firewalls and secure deletion.

6.2 Organisational Safeguards

  • POPIA training.
  • Third-party operators bound by data agreements.
  • Restricted access.

6.3 Data Breach Protocol

  • Notify affected users and the regulator.
  • Details of the breach shared promptly.
  • Mitigation and recommendations provided.

7. Data Retention

CategoryRetention Period
Comments & metadataIndefinitely
Lead-stage credentialsUntil onboarding
Customer billing recordsMinimum 5 years
Technical logs6–12 months
Cookies1 day – 1 year

Data is deleted or anonymised after expiry.

8. Sharing of Information

  • With Openserve and infrastructure partners.
  • With operators assisting in billing, analytics, support.
  • With regulators or law enforcement.
  • Spam detection services for comments.
  • Never sold to advertisers.

9. Cross-Border Data Transfers

  • Adequate protection laws, or
  • Contractual safeguards, or
  • Explicit consent.

10. Your Rights Under POPIA

  1. Access
  2. Correction
  3. Erasure
  4. Objection
  5. Data Portability
  6. Submit complaints to the Information Regulator

Requests: privacy@skyari.com

11. Customer Responsibilities

  • Protect your passwords.
  • Change router defaults.
  • Report suspicious access.
  • Avoid uploading GPS-tagged images.
  • Manage browser cookie settings.

12. Third-Party Websites

External links may have their own policies. Review them before providing information.

13. Data Breach Procedure

  • Investigation and containment.
  • Notification of affected parties.
  • Security enhancement actions.

14. Updates to this Policy

The latest version will be available at www.skyari.com/privacy. Continued use means acceptance of updates.

15. Contact Details

Information Officer
Email: privacy@skyari.com

Information Regulator (South Africa)
Email: complaints.IR@justice.gov.za
Website: https://inforegulator.org.za