Privacy Policy

How we collect, use, store, and protect your personal information when you use the WIMS Mobile application.

Effective Date:  1 Jan 2023 ·

Last Updated: 1 March 2026



1. Introduction

ITE WIMS Water Information (Pty) Ltd ("WIMS", "we", "us", or "our") operates the WIMS Mobile application ("the App"). This Privacy Policy explains how we collect, use, store, and protect your personal information when you use the App.

By using the App, you agree to the collection and use of information in accordance with this policy. If you do not agree with the terms of this Privacy Policy, please do not use the App.


2. Data We Collect

We collect only the data necessary to provide our water information management service. We do not collect data for advertising, profiling, or marketing purposes.

Account Information

  • Email address — Used for account authentication and user identification. Collected at registration by a site administrator.
  • First name and surname — Displayed in the App and used to attribute captured readings to the correct user. Collected at registration.
  • Password — Used for account authentication. Stored as a salted SHA-512 hash — never in plaintext. Collected at registration and on password change.

Location Data

  • GPS coordinates (latitude and longitude) — Used to show your position on the map and auto-populate coordinates when creating boreholes, flow meters, or rainfall stations in the field. Collected only when you open the map or create a new monitoring point. Requires your explicit permission via the iOS location prompt. Location is accessed in the foreground only — the App never tracks your location in the background.

Water Monitoring Data

  • Water level readings (metres below ground level) — Record and visualise groundwater monitoring data. Collected when you capture a reading.
  • Flow meter readings (cumulative m³ or instantaneous m³/h) — Record and visualise water flow data. Collected when you capture a reading.
  • Hour meter / pump utilisation readings (hours) — Record pump run-time data. Collected when you capture a reading.
  • Rainfall readings (mm) — Record rainfall data. Collected when you capture a reading.
  • Date and time of readings — Timestamp each captured data point. Collected automatically at the time of capture.
  • User-defined difference flag — Records when a meter has been reset or replaced. Collected when you indicate a meter reset during capture.

Device Storage

  • Local database — Site data, monitoring points, and readings are cached on your device for offline field use. Populated automatically during data synchronisation.
  • Authentication tokens — Used to maintain your login session. Stored at login.


3. How We Store Your Data

On Your Device

  • Authentication tokens and credentials are stored in the iOS Keychain via Expo SecureStore, which provides hardware-backed encryption.
  • Monitoring data is cached in a local SQLite database on your device for offline access during field work.
  • Local data is erased when you log out or delete your account.

On Our Servers

  • Data is stored in secured SQL Server databases hosted on Microsoft Azure and on-premises infrastructure.
  • All passwords are salted and hashed using SHA-512 — we never store passwords in plaintext.
  • Access to server databases is restricted to authorised personnel only.

In Transit

  • All communication between the App and our servers is encrypted using HTTPS (TLS).
  • The App does not transmit data over unencrypted connections.


4. How We Use Your Data

We use the data we collect solely to provide and improve the WIMS water information management service:

  • Authenticate users and provide access to assigned monitoring sites.
  • Record, store, and visualise environmental and water monitoring data.
  • Enable offline field data capture with automatic background synchronisation when connectivity is restored.
  • Display your position on the map to help you navigate to monitoring points in the field.

We do not use your data for advertising, marketing, user profiling, behavioural analysis, or sale/sharing with third parties.


5. Third-Party Services

The App uses the following third-party service:

  • Esri ArcGIS (satellite imagery) — Provides satellite map tiles for the in-app map. No user data, credentials, or location data is sent to Esri — only standard tile image requests are made.

The App does not use:

  • Analytics or tracking SDKs (no Firebase, Sentry, Mixpanel, Google Analytics, or similar)
  • Advertising SDKs or networks
  • Device identifiers (IDFA) or the App Tracking Transparency framework
  • Social media SDKs or login providers
  • Crash reporting services


6. Permissions

The App requests the following device permissions:

  • Location (When In Use) — Shows your position on the map and auto-populates GPS coordinates when creating monitoring points. This permission is optional — the App functions without location access and you can enter coordinates manually.
  • Internet — Synchronises data with the server and authenticates your account. Required for online features; the App works offline with previously synced data.

The App does not request:

  • Background location access
  • Camera or microphone access
  • Contacts, calendar, or photo library access
  • Push notification permissions
  • Bluetooth or health data access


7. Data Retention

  • Active accounts: Your data is retained for as long as your account is active and you have access to one or more monitoring sites.
  • Deleted accounts: When you delete your account (via Settings in the App), all site associations are removed and you will no longer be able to log in. All local data on your device is erased immediately. Your user record is retained on the server with access disabled for audit and regulatory compliance purposes.
  • Local data: Cached data on your device is automatically managed. You can clear all local data by logging out or deleting your account.
  • Monitoring data: Water level, flow meter, rainfall, and pump utilisation readings are retained as part of the site's historical record. This data serves long-term environmental monitoring and compliance purposes.


8. Account Deletion

You can delete your account at any time from within the App:

  1. Tap the profile icon in the navigation header.
  2. Select Settings.
  3. Tap Delete Account.
  4. Enter your password to confirm.

Upon deletion:

  • All your site associations are permanently removed.
  • All local data (SQLite database, cached credentials, authentication tokens) is erased from your device.
  • You will no longer be able to log in.
  • A site administrator may restore your access if requested.


9. Data Security

We take the security of your data seriously and implement the following measures:

  • Encryption in transit: All API communication uses HTTPS (TLS).
  • Encryption at rest: Authentication credentials are stored in the iOS Keychain (hardware-backed encryption).
  • Password security: All passwords are salted and hashed using SHA-512.
  • Access control: The App enforces role-based access control. Users can only access sites they have been explicitly assigned to by an administrator.
  • Multi-tenant isolation: Each monitoring site's data is isolated. Users cannot access data from sites they are not assigned to.


10. Children's Privacy

The App is not intended for use by children under the age of 13. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us at the address below so we can remove it.


11. Your Rights

You have the following rights regarding your personal data:

  • View your information: Your name and email are displayed in the Settings screen of the App.
  • Delete your account: You can delete your account from within the App at any time (Settings > Delete Account).
  • Request data export: Contact us at info@wims.co.za to request an export of your data.
  • Request full deletion: Contact us at info@wims.co.za to request complete removal of your user record from our servers.
  • Withdraw location permission: You can revoke location access at any time via your device's Settings. The App will continue to function — you can enter coordinates manually.

If you are located in the European Economic Area (EEA), you may also have rights under the General Data Protection Regulation (GDPR), including the right to access, rectification, erasure, restriction of processing, data portability, and the right to object. To exercise these rights, please contact us using the details below.


12. International Data Transfers

Our servers are located in South Africa and on Microsoft Azure infrastructure. If you access the App from outside South Africa, your data may be transferred to and processed in South Africa. By using the App, you consent to this transfer. We ensure that appropriate safeguards are in place to protect your data in accordance with this Privacy Policy.


13. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or for legal, regulatory, or operational reasons. When we make changes:

  • The updated policy will be posted on this page.
  • The "Last Updated" date at the top will be revised.
  • Continued use of the App after changes are posted constitutes acceptance of the updated policy.

We encourage you to review this Privacy Policy periodically.


14. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us:

Email: info@wims.co.za