Cross-firm incident lookup for South African private security.
A POPIA-compliant alternative to the informal WhatsApp suspect groups. Photograph at the moment of lawful detention, get a 2-second face match against the member-firm pool, log the incident, audit everything.
How it works
-
1. Your guard detains a suspect
Lawful detention only — the system refuses processing without an active firm + signed DSA. Your guard DMs the MugShotter bot on WhatsApp (or Telegram) with a clear photo.
-
2. We match against the member-firm pool
InsightFace
buffalo_lembedding. Cross-firm hits return prior-incident summaries (date, charges, contributing firm). Internal notes stay private to the originating firm. -
3. Log the new incident, audit-trailed
The bot walks your guard through site, charges, items, SAPS reference. Retention auto-set based on case-ref availability. Every byte ends up in a hash-chained POPIA audit log.
Features
Real face matching
InsightFace buffalo_l — RFW MR-ALL 91.25, African 90.29. Quality gates reject blurry / multi-face / cropped shots.
POPIA-by-default
Audit log on every read + write. Retention enforced nightly. Information Officer baked into the schema. Capture-point notice generated for each firm.
WhatsApp + Telegram bot
No app to install. Your guards already have WhatsApp. Telegram available for firms that prefer it.
Self-service onboarding
Sign your firm up, upload your PSIRA cert, sign the Data Sharing Agreement, invite guards via 6-character JOIN codes. No phone calls.
Anomaly detection
Per-guard rate baselines, allowlist-denial bursts, login-failure spikes, signup floods — all surfaced on a single anomalies tab.
Regulator-visit mode
One-page bundle: prior-auth status, headline numbers, POPIA controls cross-reference, "what's not done yet" transparency. s.22(4) good-faith evidence.
Pricing
In Rand (ZAR), monthly. Single-user "Personal" plans for individual operators; multi-user "Business" plans for firms.
Personal
Personal Free
R0/month
- 1 lookups / month
- 1 user
- WhatsApp + Telegram bot access
- POPIA audit log + retention
Basic
R49/month
- 10 lookups / month
- 1 user
- WhatsApp + Telegram bot access
- POPIA audit log + retention
Pro
R99/month
- 30 lookups / month
- 1 user
- WhatsApp + Telegram bot access
- POPIA audit log + retention
Premium
R149/month
- Unlimited lookups / month
- 1 user
- WhatsApp + Telegram bot access
- POPIA audit log + retention
Business
Business Pro
R499/month
- Unlimited lookups
- 5 users
- Cross-firm matching with other PSIRA firms
- POPIA Regulator-Visit bundle
- Priority support
Business Premium
R999/month
- Unlimited lookups
- 12 users
- Cross-firm matching with other PSIRA firms
- POPIA Regulator-Visit bundle
- Priority support
Trust + compliance
- Lawful basis: POPIA s.33(1)(b) — private security processing in accordance with the law (Trespass Act 6 of 1959 + common-law arrest powers).
- Cross-border: data lives at Hetzner Falkenstein (Germany) — EU-adequate per EU Commission decision, disclosed in the capture-point notice.
- Audit log: append-only, INSERT-only grant at the DB level, HMAC-SHA256 hash-chained for tamper-evidence (POPIA s.19 / Reg 4).
- Retention: default 730 days, enforced nightly. Per-incident retention extends with SAPS case reference (5y) or internal incident ref (3y).
- Information Officer: registered per firm; visible on every capture-point notice, addressable for SARs (s.23).
- Data Sharing Agreement: each member firm signs the DSA before any guard can use the bot. Members are joint Responsible Parties.
- Subject rights: Subject Access Request portal at /popia/sar — 30-day SLA, ID verification mandatory.
- No "suspect" terminology in UI: "person of interest" only, per POPIA s.26 fairness principle.
Get started
Register your firm in under 2 minutes. We'll review your PSIRA registration manually (no auto-approve) before activating cross-firm lookups.
Register your firm →