Evidence Web – Terms & Conditions

Evidence Web – Terms & Conditions

These Terms & Conditions (“Terms”) govern your access to and use of Evidence Web (“we”, “us”, “our”, the “Service”). By creating an account or using the Service, you agree to these Terms.

1) Terms & Conditions

1.1 Accounts, access, and security

  • You must provide accurate registration information and keep it up to date.
  • You are responsible for all activity under your account and for keeping credentials confidential.
  • Two-factor authentication (2FA). We support 2FA to protect accounts. We strongly recommend enabling 2FA for all users, and we may require it for certain roles or in higher-risk situations.
  • Notify us promptly if you suspect unauthorised access.

1.2 Evidence integrity and deletion (append-only)

Evidence integrity (append-only). The Service is designed to preserve an auditable record of case activity. Unless we state otherwise in writing, evidence items and event records are append-only and cannot be deleted by users, including administrators within a customer account.

Corrections and withdrawals. If you uploaded an item in error, you may (where the Service allows):

  • mark it as Superseded / Incorrect / Withdrawn;
  • upload a replacement; and
  • link the replacement to the original,

so the audit trail remains intact.

Legal compliance removals. We may remove or restrict access to content only where we reasonably believe it is required by law, valid legal process, or platform safety/security. Where technically feasible and legally permitted, we will preserve a tombstone audit record (for example: item ID, timestamps, action taken, and reason category) without retaining the removed content.

1.3 Data retention, export, and account closure

Retention. Case evidence is retained according to your plan and your instructions at the case/account level (for example: archiving, export, closure), plus limited backup retention. Because evidence items are append-only, the Service generally does not support user-initiated, item-level deletion.

Export and closure. Upon termination or closure, we will provide a reasonable method to export your Case Data, and then delete Case Data within [60 days] after the end of the retention window, subject to:

  • backup retention cycles;
  • legal holds; and
  • legal obligations to retain certain records.

Access restriction. If you need an item removed from day-to-day visibility (for example, an upload mistake), the Service may provide ways to restrict access, withdraw, or supersede the item while keeping an audit record.

1.4 Payments and subscriptions

  • Plan pricing, included storage, and add-ons are described on our pricing pages and/or inside the Service.
  • Payments are processed by our payment processor(s). We do not store full card details.
  • If payment fails, access may be limited until payment is resolved (subject to any trial rules you publish).

1.5 Acceptable use

You must use the Service lawfully and must not misuse the platform, attempt to bypass security, upload malware, or use the Service for harassment, unlawful surveillance, or other prohibited activity. See the Acceptable Use Policy below.

1.6 Your content and licence

You retain ownership of Case Data you upload. You grant us a limited licence to host, process, transmit, and display your Case Data solely to operate the Service and provide the features you enable. Your licence grant includes the right to maintain audit logs and integrity records necessary to operate an append-only evidence system.

1.7 Security

We use reasonable safeguards appropriate to the risk, which may include TLS encryption in transit, access controls, audit logging, monitoring, and backups. No system is 100% secure — you must also protect your credentials and enable 2FA where available.

1.8 Limitation of liability

To the maximum extent permitted by law, the Service is provided “as is” and “as available”. We are not liable for indirect or consequential losses. Any liability is limited as permitted by applicable law and your agreement with us.

1.9 Governing law

These Terms are governed by the laws of South Africa and international, unless a different jurisdiction is agreed in writing.

2) Privacy Policy

Operator: [Legal Entity Name] (“Evidence Web”, “we”, “us”, “our”)
Platform: Evidence Web App (“Service”)
Contact: support@evidenceweb.app

2.1 Scope

  • Visitors to our website(s)
  • Users who create accounts and use the Service
  • People whose personal information may appear inside uploaded or ingested case material (“Case Data”)

2.2 POPIA roles (South Africa)

Depending on the context, Evidence Web may act as the Responsible Party for platform account and billing data; and/or as an Operator when processing Case Data on behalf of a business customer. Where you are a business customer uploading Case Data, you are typically the Responsible Party for that Case Data.

2.3 Information we collect

Account & contact details

  • Name, surname
  • Email address
  • Mobile/contact number
  • Company/organisation name (if applicable)
  • User role and permissions

Billing & transaction details

  • Plan, invoices, payment status
  • Payment reference IDs from processors (e.g., PayFast)
  • We do not store full card details (handled by the payment processor)

Case Data (uploaded/ingested content)

  • Files, images, video, audio, documents
  • Notes, descriptions, tags, metadata
  • Email-to-case messages and attachments (if enabled)

Technical and usage data

  • IP address, device/browser data
  • Login timestamps, audit logs, security logs
  • Cookies and similar technologies (see Cookie Policy)

2.4 Data retention

  • Account & billing data: retained as required for business and legal purposes (e.g., tax and audit), typically for [7 years].
  • Case Data: retained according to your plan and case/account-level instructions (archiving, export, closure) plus limited backup retention. Evidence items are generally append-only and cannot be deleted by users to protect chain-of-custody and the audit trail.
  • Corrections: where an item was uploaded in error, we support withdrawal/superseding/annotation (where available) rather than deletion.
  • Legal compliance removals: if we must remove content for legal reasons, we may retain a tombstone audit record (timestamps, action taken, reason category) without retaining the removed content.
  • Logs: retained for security and troubleshooting for [12months].

2.5 Security safeguards

We use reasonable technical and organisational measures which may include encryption in transit (TLS), access controls, audit logging, monitoring, backups, and abuse prevention. 2FA is supported and recommended for all accounts.

2.6 Data subject rights (POPIA)

You may have the right to request access, correction, restriction, or deletion of your personal information where applicable. However, where deletion requests relate to append-only Case Data and deletion would undermine lawful retention, integrity, or audit requirements, we may instead (as permitted by law) restrict access, de-identify, or attach a correction/withdrawal record to preserve the audit trail. If the request concerns Case Data controlled by a business customer, we may redirect you to that customer (the Responsible Party).

3) Data Processing Addendum (DPA) – Business Clients

This DPA forms part of the agreement between the Customer and Evidence Web when we process Case Data on Customer’s behalf.

3.1 Assistance to Customer (data subject requests)

Evidence Web will provide reasonable assistance to Customer for data subject requests relating to Case Data (access/correction/restriction/annotation and deletion where applicable), to the extent technically feasible and consistent with the Service’s append-only audit design and Applicable Data Protection Laws.

3.2 Return, export, and deletion of data

Upon termination of the Service or upon Customer request (where available in-product), Evidence Web will:

  • provide a reasonable method to export Case Data; and/or
  • delete Case Data at the case/account level within [60 days], subject to backup retention and legal obligations.

Because the Service is designed to preserve chain-of-custody, user-initiated item-level deletion is generally not supported. If Evidence Web must remove content for legal compliance, Evidence Web may preserve a tombstone audit record (timestamps, action taken, reason category) without retaining the removed content, where technically feasible and legally permitted.

4) Acceptable Use Policy (AUP)

You must not use the Service to break the law, upload unlawful content, upload malware, bypass security controls, or abuse other users.

5) Refund Policy

Refund rules depend on your published plan terms. If you want, we can lock this down to your final business model (monthly, trials, upgrades, storage add-ons).

6) Cookie Policy

We use cookies for authentication/session management, security, and (optionally) analytics, as described in your Cookie Policy.