Privacy Policy

Effective date: 13 March 2026 | Version 1.0

1. Introduction

ARGUS Flight Center is a drone operations management platform built for compliance with the South African Civil Aviation Authority (SACAA) regulations. This policy describes how we process personal information in compliance with the Protection of Personal Information Act 4 of 2013 (POPIA).

2. Responsible Party

The UASOC (Unmanned Aircraft Systems Operator Certificate) holder using ARGUS Flight Center is the responsible party as defined in POPIA. Each UASOC designates an Information Officer who is responsible for ensuring compliance with POPIA within their organisation.

3. Personal Information We Collect

  • Account information: name, email address, password (hashed)
  • Pilot records: ID number (encrypted), RPC number, medical certificates, endorsements, emergency contact (encrypted)
  • UASMT records: authorisation number, qualifications, approved aircraft types
  • Flight records: flight dates, durations, routes, operational data
  • Device telemetry: drone position, altitude, speed, battery data (retained for 30 days)
  • Usage data: audit logs, notification history

4. Purpose of Processing

Aviation safety compliance under CATS Part 101, operational management of unmanned aircraft systems, regulatory reporting to the SACAA, pilot and UASMT certification tracking, and flight safety management.

5. Legal Basis

  • Consent — provided via the data processing consent mechanism presented on first login
  • Legal obligation — CATS Part 101 regulatory requirements for flight records, pilot certification, and occurrence reporting
  • Legitimate interest — operational safety monitoring and device telemetry

6. Third-Party Processing

  • Anthropic(Claude AI): Powers in-app AI assistance. Messages are sent to Anthropic's servers (US-based) for processing. No personal data is stored by Anthropic beyond the session.
  • Google: OAuth authentication (if enabled). Only email and name are received.
  • Cloud storage: Files are stored in Azure Blob Storage or MinIO (self-hosted).

7. Cross-Border Transfers

When using AI features, data is transmitted to Anthropic's servers in the United States. This transfer is disclosed and consented to per POPIA Section 72.

8. Data Retention

  • Flight records: 5 years (CATS 101.04.5)
  • Pilot certificates: duration of validity + 2 years
  • Occurrence reports: 5 years
  • Device telemetry: 30 days (configurable)
  • Audit logs: 3 years minimum
  • Notifications: 1 year

9. Security Measures

Application-level encryption (AES-256-GCM) for ID numbers and emergency contacts, HTTPS in transit, role-based access control, audit logging, and session management with 8-hour expiry.

10. Your Rights Under POPIA

  • Right to access your personal information
  • Right to request correction of inaccurate data
  • Right to request deletion (subject to regulatory retention requirements)
  • Right to object to processing
  • Right to lodge a complaint with the Information Regulator

11. How to Exercise Your Rights

Submit a Data Subject Access Request through the ARGUS platform (Settings → Data Requests) or contact your UASOC's designated Information Officer.

12. Information Regulator Contact

13. Changes to This Policy

We may update this policy from time to time. The version number and effective date at the top will be updated accordingly. Users will be prompted to re-accept if the privacy notice version changes.