Privacy Policy

This Privacy Policy explains how the License Preparation - SA web application handles information. It is drafted for a privacy-conscious South African deployment and should be reviewed before production use.

1. Personal information

The wizard may ask users to enter names, contact details, location, application path, competency information, firearm application information, document status and motivation notes. This information can be sensitive and should be treated carefully.

2. Local browser storage

The current static web application saves draft progress in the user's browser using localStorage. The draft is not sent to a server by this application unless a future backend, form endpoint or integration is added. Users can clear the draft at any time using the clear draft button or browser settings.

3. Browser and device risk

Because localStorage is tied to a browser profile, people with access to the same device and browser profile may be able to view saved draft content. Users should not enter sensitive information on shared or public devices.

4. Data minimisation

The application should avoid collecting identity numbers, licence numbers, serial numbers and supporting documents unless they are necessary for a user-controlled draft. Production versions should collect only what is required for a clearly explained purpose.

5. Future form submissions

If contact forms, provider enquiries, saved accounts, payments or reminders are added later, the platform must explain what information is collected, the purpose, legal basis, retention period, who receives it and how users can exercise their rights.

6. Consent

Any future data transmission should require clear consent before personal information is sent to the platform owner, a provider, a payment service, a CRM, an email provider or any other third party.

7. Sharing

The current static web application does not share draft data. A future production version should not share user information with training providers, advisers or other third parties unless the user has specifically requested or authorised that sharing.

8. Retention

Local draft data remains in the browser until the user clears it, the browser clears it, or the site key changes. Future backend data should have defined retention limits, for example deleting abandoned enquiries after a reasonable period.

9. Security

Static hosting should use HTTPS. Future production forms should use server-side validation, access controls, bot protection, secure secrets management and appropriate logging practices.

10. POPIA considerations

A production version should be aligned with the Protection of Personal Information Act, including lawful processing, purpose specification, minimality, transparency, security safeguards and data subject participation.

11. User rights

In the current static web application, users control their local draft by editing, exporting or deleting it. A production version should provide a process for users to request access, correction or deletion of personal information held by the platform.