Ividiyo Mobile — Privacy Policy
Effective date: 8 July 2026
Covers the Ividiyo Mobile app for iOS and Android. Compliant with the Protection of Personal Information Act 4 of 2013 (POPIA).
1. Introduction
This Privacy Policy applies to the Ividiyo Mobile application for iOS and Android ("the App"), published by AD Infratech (Pty) Ltd ("AD Infratech", "we", "us"), a company registered in the Republic of South Africa. Ividiyo is a self-hosted video management system: your cameras and recordings live on your own servers, and the App is a viewer for that system.
This policy explains what information the App handles, how it is protected, and your rights under the Protection of Personal Information Act 4 of 2013 ("POPIA") and other applicable privacy laws. By using the App you acknowledge that you have read and understood this policy.
For AD Infratech's general privacy policy covering our website and managed IT services, see adinfratech.co.za/privacy-policy.
2. Responsible Party
Business name: AD Infratech (Pty) Ltd
Product: Ividiyo — AI Video Management System (ividiyo.com)
Address: Johannesburg, Gauteng, South Africa
Email: info@adinfratech.co.za
Our Information Officer can be contacted at the email address above.
3. Information the App Handles
Account credentials. To sign in, the App sends your username and password either to your own Ividiyo server (local sign-in) or to the Ividiyo Cloud service (cloud sign-in). Session tokens are stored on your device in the operating system's secure storage (iOS Keychain / Android Keystore) and are removed when you sign out.
Ividiyo Cloud account data (cloud sign-in only). If you use an Ividiyo Cloud account, we store your email address, the sites linked to your account, remote-access session records (for security, so you can review and revoke devices), and per-site bandwidth usage for remote viewing (used to apply fair-use allowances on your plan).
Video and audio. The App displays live and recorded video from your own cameras and servers. We do not store your video or audio on our servers. See section 4 for how remote streaming works.
Local network discovery. On your own Wi-Fi network, the App uses local network discovery (mDNS/Bonjour) to find your Ividiyo server so it can connect directly. This is why the App may request the Local Network permission on iOS. Discovery traffic never leaves your network.
Biometric data. You can optionally lock the App with Face ID, Touch ID, or fingerprint. Biometric authentication is performed entirely by your device's operating system — the App only receives a success or failure result, and no biometric data is ever collected, stored, or transmitted by the App or by us.
Diagnostics. The App keeps a technical log on your device to help troubleshoot connectivity issues. This log stays on your device and is only shared with us if you explicitly choose to send it.
Microphone. The App may request microphone access to support two-way talk features. Audio from your microphone is never captured or transmitted without an explicit in-app action by you.
4. What We Do NOT Collect
- The App contains no advertising and no third-party analytics or tracking SDKs.
- We do not sell, rent, or trade any personal information.
- We do not store your camera footage on our infrastructure — recordings remain on your own servers, under retention rules you control.
- The App does not access your contacts, photos, location, or messages.
5. How Remote Streaming Works
When you view your cameras away from home, the App connects to your Ividiyo server over the internet:
- Live video is streamed using WebRTC with mandatory DTLS-SRTP encryption. Where possible the stream travels peer-to-peer, directly between your phone and your own server. When a direct path is not possible, the stream is carried via our relay servers — but because the encryption is end-to-end between your phone and your server, the relay cannot view your video.
- Recorded footage and app data are retrieved over encrypted HTTPS connections, proxied through our relay infrastructure when you are away from your local network. Relay servers pass this traffic through; they do not store your footage.
- Our relay infrastructure is located in the European Union and South Africa. Traffic through it is encrypted in transit. Aggregate byte counts (not content) are recorded per site for fair-use metering.
6. Purpose of Processing
We process the limited information described above solely to:
- Authenticate you to your own Ividiyo system and/or your Ividiyo Cloud account
- Establish and secure connections between your device and your servers
- Apply plan allowances for remote-viewing bandwidth
- Let you review and revoke remote-access sessions and devices
- Provide support when you contact us or share diagnostics
We do not use this information for advertising, profiling, or any purpose incompatible with the above.
8. Data Retention
- Session tokens remain on your device until you sign out or remove the App.
- Cloud account data is retained while your account is active.
- Remote-access session records and bandwidth usage are retained for security review and billing-period accounting, then aged out.
- Camera footage is retained on your own servers according to the retention settings you configure there — we have no access to it and no role in its retention.
9. Account and Data Deletion
The App does not create accounts. It is a viewer for remote access: you sign in with an existing Ividiyo Cloud account or with credentials for your own Ividiyo server. Ividiyo Cloud accounts are created and managed on the Ividiyo Cloud portal, not in the App.
You may delete your Ividiyo Cloud account and its associated data at any time from the Ividiyo Cloud portal, or by emailing info@adinfratech.co.za from the account's email address. Deletion requests are actioned within 30 days. Step-by-step instructions: adinfratech.co.za/ividiyo/delete-account.
Signing out of the App removes its stored tokens from your device. Uninstalling the App removes all locally stored App data, including the diagnostics log.
10. Security
- All connections between the App, our cloud, and your servers are encrypted in transit (TLS 1.2+ / DTLS-SRTP).
- Credentials and tokens are stored in the operating system's hardware-backed secure storage.
- Passwords are never stored in plain text; cloud account passwords are stored as salted hashes.
- Remote-access devices can be reviewed and revoked from the cloud portal at any time.
11. Children
The App is a professional/home security tool and is not directed at children. We do not knowingly collect personal information from children. If you believe a child has provided us personal information, contact us and we will delete it.
12. Your Rights
Under POPIA (and, where applicable, the GDPR and similar laws) you have the right to:
- Request access to the personal information we hold about you
- Request correction of inaccurate information
- Request deletion of your information (see section 9)
- Object to processing of your information
- Lodge a complaint with the Information Regulator of South Africa (inforeg.org.za)
To exercise any of these rights, contact info@adinfratech.co.za. We will respond within a reasonable time, and no later than 30 days.
13. Changes to This Policy
We may update this policy from time to time. The effective date at the top of this page reflects the latest revision. Material changes will be highlighted in the App or on this page. Continued use of the App after changes take effect constitutes acceptance of the revised policy.
Questions about this policy?
info@adinfratech.co.za