AgricultureSA.io Logo
AgricultureSA.io

Data Privacy and Security Policy

Last Updated: May 2025

1. Purpose and Scope

This Data Privacy and Security Policy outlines the responsibilities and procedures agreed between Reisiger Investments (the Developer) and AgriSA (the Client) for protecting data within the South African Food Security Index (SAFSI) and Agriculturesa.io platform. It covers all data collected, processed, stored, or transmitted by the platform's Frontend, Backend, and Database layers. The policy applies to both parties (and any sub-contractors or partners involved) to ensure compliance with South Africa's Protection of Personal Information Act (POPIA) and other relevant laws. All users, developers, and partners with access to the system must adhere to this policy to safeguard data confidentiality, integrity, and availability.

2. Definitions

  • Platform (SAFSI): The South African Food Security Index platform, including AgriSA's web modules and associated backend services, which aggregates and analyses data to produce food security insights.
  • Personal Information: As defined by POPIA, any information relating to an identifiable natural person (or existing juristic person), including name, contact details, identification number, email, etc., as well as special personal information (sensitive data).
  • Public Data: Data gathered from publicly available sources (e.g. open websites, government open data portals, public reports).
  • Private Data: Data obtained through partnerships or proprietary agreements.
  • User Data: Data submitted directly by AgriSA's members, employees, or other end-users via the platform's frontend.

3. Data Classification and Sources

AgriSA and Reisiger categorize platform data into three distinct classes – Public, Private, and User – to apply appropriate handling procedures to each:

Public Data

Information scraped or collected from open public sources on the web. While not confidential in origin, it is stored in the platform's Public Database and tagged by source and timestamp for traceability.

Private (Partnership) Data

Data provided through exclusive partnerships, subscriptions, or proprietary sources that AgriSA has arranged. Such data is often subject to non-disclosure agreements (NDAs) or license terms restricting its use and sharing.

User Data

Data actively submitted by AgriSA's members, employees, or other authorized users via the platform's frontend interfaces, including incident reports, user profiles, and form submissions.

4. Your Rights

Under South Africa's Protection of Personal Information Act (POPIA), you have the following rights:

  • The right to be informed about how your personal information is being used
  • The right to access the personal information we hold about you
  • The right to request the correction of inaccurate personal information
  • The right to request that your personal information be deleted
  • The right to restrict processing of your personal information
  • The right to data portability
  • The right to object to the processing of your personal information

To exercise any of these rights, please contact our Information Officer at privacy@agriculturesa.io.

5. Data Security

We implement appropriate technical and organizational measures to protect your personal information against unauthorized or unlawful processing and against accidental loss, destruction, or damage. These measures include:

  • Encryption of personal data in transit and at rest
  • Role-based access controls and least privilege principles
  • Regular security assessments and penetration testing
  • Comprehensive logging and monitoring
  • Regular backups and disaster recovery procedures
  • Staff training on data protection and security

Ethical, Responsible, and Inclusive Data Approach

We ensure that agricultural data works for everyone—fair, secure, and beneficial to all. Our platform is built with ethical safeguards to promote equity, privacy, and sustainable growth in the industry.

Bias and Discrimination

We ensure fair, transparent data by using diverse sources and auditing algorithms to prevent bias in decision-making. Sources are always referenced and credits are given to the source/contributors.

Privacy and Data Security

All data is encrypted, anonymized, and stored securely, with strict access controls and compliance with industry standards. Furthermore, security is embedded as a design philosophy rather than just a feature.

Job Displacement and Inequality

Rather than replacing jobs, we upskill workers and support inclusive policies to ensure technology creates opportunity for all - allowing humans to focus on actions.

6. International Standards and Technical Safeguards

AgricultureSA.io adheres to international standards in software development and data protection. We also respect and comply with the privacy policies of all public and private data sources through robust protocols for security and information protection built into our infrastructure.

API-Level Protection

Our APIs are used for inbound & outbound communication to the dataset & primarily utilize Python (FastAPI) Security:

JWT-based Authentication (Cognito)

Validates token signature, expiration, and audience to ensure legitimate requests.

Role & Permission Management

Fine-grained RBAC structure lets you control which users can perform specific actions.

API Endpoint Protections

Requires Bearer token or cookie for auth, with optional admin checks for restricted routes.

S3 Security & File Operations

Uses pre-signed URLs, event-based DB sync, and a recycle bin flow to protect data integrity.

Data Validation

Prevents malformed inputs and reduces potential injection attacks using FastAPI & Pydantic.

Handling of Secrets

Stores credentials in environment variables, Cognito JWKs, or SSM to minimize sensitive data leakage.

Infrastructure Protection

Advanced security measures are embedded in every aspect of the infrastructure, backend and frontend as a design philosophy, rather than a feature:

Secrets Management

Minimizes plaintext exposure by encrypting at rest and restricting parameter retrieval using AWS SSM (SecureString).

Custom KMS Key for Encryption

Fine-grained access control over encryption/decryption and automatic key rotation.

User Authentication

Enforces strong password policy, secure OIDC flows, and auto-verification through Cognito User Pool Security.

Least Privilege Principle

Enforces principle of least privilege for S3, Lambda, and other AWS resources through IAM Roles.

Database Security

Private subnet deployment, backups enabled, and database passwords stored in SSM.

Network Security

Private subnets and controlled inbound/outbound rules reduce public exposure through VPC & Security Groups.

7. Data Retention

We retain your personal information only for as long as necessary to fulfill the purposes for which it was collected, including for the purposes of satisfying any legal, regulatory, accounting, or reporting requirements. Different types of personal information may be kept for different periods based on their purpose and sensitivity. When your personal information is no longer required, we will securely delete or anonymize it.

8. Contact Information

If you have any questions about this Privacy Policy or our data practices, please contact us at:

AgriSA Information Officer

Email: privacy@agriculturesa.io

Phone: +27 12 345 6789

Address: 123 Agriculture Street, Pretoria, South Africa

This is a summarized version of our full Data Privacy and Security Policy. For the complete policy document, please contact our Information Officer.