This policy explains what personal information Augmenta Cyber Security Ltd collects, why we collect it, how long we keep it, and the rights you have over it. It is written to meet the Botswana Data Protection Act, 2018 and the privacy expectations of the boards, auditors and regulators we serve.
Effective date: 19 June 2026 · Version 1.0
Augmenta Cyber Security Ltd ("Augmenta", "we", "us", "our") is a private cyber security firm registered in the Republic of Botswana and headquartered in Gaborone. When you visit this website, contact us, or engage our services, Augmenta acts as the data controller of the personal information we collect directly from you.
When we deliver managed Cyber Security Operations Centre (CSOC) services to a client, the client is the data controller of the operational data routed through our platforms and Augmenta acts as a data processor under the terms of the signed services agreement. The processing terms in that agreement take precedence over this policy for client operational data.
This policy covers personal information processed through our public website at augcyba.com, our published enquiry channels (telephone, e-mail), and the back-office systems we use to administer enquiries, proposals and the commercial side of a client relationship. It does not cover content on third-party websites we link to, and it does not replace any data processing addendum or master services agreement signed with a client.
Information you provide directly. When you contact us by e-mail, telephone or through any form we publish, we collect the information you choose to share - typically your name, organisation, role, contact details and the substance of your enquiry. If you are responding to a tender or signing an engagement, we also collect the identity and signing details of authorised representatives.
Information we collect during an engagement. Delivering a CSOC, vault, alerting or audit service may require us to process information about your staff and systems - for example operator identities, role assignments, system event logs, and (in the case of an incident) artefacts relevant to investigation. The scope, purpose and retention of this processing are governed by the signed services agreement and any data processing addendum.
Information collected automatically by the website. Our web host records standard server-side information for each request - the IP address that connected, the time of the request, the path requested, the response status, the referring page (if any) and the user agent string. We use this to keep the site available, to investigate technical faults, and to detect abuse of the service. We do not run analytics scripts, advertising pixels or social-network embeds on this site.
Cookies. This website does not set tracking cookies. The only cookies that may be set are strictly necessary cookies issued by our hosting platform to maintain security and route requests.
We do not actively solicit special categories of personal information (such as data revealing race, religion, trade union membership, health or biometric data) through this website.
Where such data is unavoidably present in evidence collected during an incident response engagement, it is handled strictly under the terms of the signed services agreement, restricted to named personnel, and retained only for the period required for the lawful purpose of the investigation.
We process personal information only where we have a lawful basis to do so under the Botswana Data Protection Act, 2018. The principal bases on which we rely are:
To take steps at your request before entering into an agreement (responding to enquiries, preparing proposals) and to perform a signed services agreement (provisioning users, delivering monitoring, handling incidents, billing).
To run our business safely and effectively - keeping the site available, preventing fraud and abuse, defending our legal rights, and maintaining the integrity of our operations - balanced against your rights and freedoms.
To comply with applicable laws of the Republic of Botswana - including tax, accounting, anti-money-laundering and lawful cooperation with competent authorities.
Where consent is the appropriate basis, we ask for it clearly and you can withdraw it at any time without affecting processing already carried out.
We do not sell, rent or trade personal information. We share information only where it is necessary for one of the purposes set out above, and only with parties that are bound to handle it confidentially. The categories of recipient are limited to:
Our primary processing locations are inside the Republic of Botswana. Some of our service providers (for example, the platforms that host this website and our e-mail) operate from data centres outside Botswana. Where personal information is transferred outside Botswana, we transfer it only where the destination provides an adequate level of protection, or where we have put appropriate safeguards in place - typically a written data processing agreement containing internationally recognised contractual protections.
For client engagements, the location of processing, the permitted sub-processors, and the cross-border transfer mechanism are agreed in writing in the services agreement before the engagement begins.
We do not keep personal information longer than is necessary for the purposes for which it was collected, or longer than the law requires. The retention periods we apply are summarised below; specific retention for an engagement is defined in the services agreement.
Kept for up to 24 months from the last contact, then deleted, so that we can pick up a later conversation in context.
Kept for the duration of the relationship and for a further period required by Botswana tax, accounting and company law - typically seven (7) years.
Operator action logs and tamper-evident audit records are retained per our internal information-security policy and are not normally less than twelve (12) months.
Retained for the period set out in the engagement, or longer where required to preserve evidence in support of a lawful investigation.
We hold ourselves to the operating standard we sell. Every administrative action on our platform is identity-bound, logged and tamper-evident; secrets are sealed under a zero-trust vault and released only on a justified, audited request; segregation-of-duties is enforced and reviewed weekly; high-security credentials are rotated on a defined schedule; and our information-security procedures are documented and made available to clients during due diligence on request.
No control set can eliminate residual risk. If we suffer a breach of personal information that meets the notification threshold of the Data Protection Act, 2018, we will notify the Information and Data Protection Commission and any affected parties without undue delay, in accordance with the Act.
Subject to the Data Protection Act, 2018 and any limitations the Act places on those rights, you may ask us to:
To exercise any of these rights, write to [email protected]. We will respond within the time the Act requires. We may need to verify your identity before acting on a request, and we may be unable to act on a request where an exemption or another legal obligation applies - in which case we will tell you why.
If you believe we have processed your personal information unlawfully, you may also lodge a complaint with the Information and Data Protection Commission of the Republic of Botswana. We would always prefer the chance to put matters right first, so please consider writing to us before making a formal complaint.
Our triage platform automates the prioritisation of security events for human review. It does not make decisions that produce legal effects, or similarly significant effects, about identified natural persons outside the scope agreed in a services agreement. Where automation does play that kind of role inside a client engagement, the design, oversight and review rights are agreed in writing in the engagement documents.
Our services are provided to organisations, not to individual consumers, and this website is not aimed at children. We do not knowingly collect personal information from any person under the age of 18. If you believe we hold information about a minor, please contact us and we will delete it.
We may update this policy as our service, our operating environment or the law changes. When we do, we change the version number and effective date at the top of the page. For material changes, we will give clients reasonable advance notice through the channels named in their services agreement.
For any question about this policy or any request relating to your personal information:
Augmenta Cyber Security Ltd
Privacy Office
Gaborone, Botswana
[email protected]
For routine commercial enquiries, please continue to use [email protected].
The Terms of Service govern your use of this website and any service we provide.