Effective date: 1 May 2026 | Last updated: 23 April 2026
1. Introduction
This Privacy Policy explains how the City of Cape Town ("the City", "we", "us") collects, uses, stores, and protects personal information through the MyCiTi Feeder Employee Boarding System ("FEBS"), including the QR Boarding Engine backend service and the companion mobile application.
We are committed to complying with the Protection of Personal Information Act 4 of 2013 ("POPIA") and all other applicable South African data-protection legislation.
2. Responsible Party
The responsible party, as defined in POPIA, is:
- City of Cape Town — Transport Directorate
- Civic Centre, 12 Hertzog Boulevard, Cape Town, 8001
- Information Officer: paia@capetown.gov.za
3. What Personal Information We Collect
| Category | Data Elements | Source |
|---|---|---|
| Identity & employment | Full name, staff number, department | HR / admin enrolment |
| Authentication | Hashed PIN | Staff member (self-set) |
| Cryptographic credentials | Ed25519 key pair (private key encrypted at rest) | System-generated |
| Rider events | Timestamp, validator device ID, sequence number, digital signature | Validator device at point of boarding |
| Device telemetry | Validator battery level, app version, queue depth | Validator device |
| Audit trail | Event type, actor, timestamp, outcome | System-generated |
4. Purpose of Processing
We process your personal information for the following purposes:
- Fare-free boarding verification — confirming that the person boarding a MyCiTi feeder bus is an authorised employee.
- Security and fraud prevention — detecting duplicate, expired, or forged QR codes through cryptographic signature verification and replay prevention.
- Operational reporting — generating ridership statistics, validator health reports, and exception reports to improve the feeder bus service.
- Audit and compliance — maintaining a tamper-evident record of system events as required by City governance policies.
5. Legal Basis for Processing
Processing is carried out under POPIA section 11, primarily:
- Legitimate interest (s 11(1)(f)) — to operate and secure the employee boarding benefit.
- Contractual / employment obligation (s 11(1)(b)) — the boarding benefit forms part of the employment relationship.
- Legal obligation (s 11(1)(c)) — record-keeping required under municipal finance and audit regulations.
6. Data Sharing
Your personal information is not sold or shared with third parties for marketing. We may share data only:
- Within City of Cape Town directorates that administer the MyCiTi service.
- With contracted service providers bound by data-processing agreements (e.g. system hosting, device maintenance).
- When required by law, regulation, or court order.
7. Data Retention
| Data Type | Retention Period |
|---|---|
| Rider events | 36 months from event date |
| Audit log entries | 60 months |
| Revoked cryptographic keys | Retained for verification history; private key material is destroyed on revocation |
| Staff records | Duration of employment plus 12 months |
After the applicable retention period, records are securely deleted or anonymised.
8. Security Measures
- All communications between your device, validator hardware, and the backend are encrypted in transit (TLS 1.2+).
- Private cryptographic keys are encrypted at rest using AES-128 (Fernet) and are never stored in plaintext.
- PINs are stored as salted hashes and are never retrievable in cleartext.
- Access to the administration interface is restricted to authorised personnel using scoped authentication tokens.
- Systems are hosted on City-managed infrastructure within South Africa.
9. Your Rights Under POPIA
You have the right to:
- Access — request confirmation of what personal information we hold about you.
- Correction — request that inaccurate or incomplete information be updated.
- Deletion — request deletion of your personal information where retention is no longer necessary (subject to legal retention requirements).
- Objection — object to processing on reasonable grounds.
- Complaint — lodge a complaint with the Information Regulator: inforegulator.org.za
To exercise any of these rights, contact the Information Officer at paia@capetown.gov.za.
10. Changes to This Policy
We may update this Privacy Policy from time to time. Material changes will be communicated via the mobile application or staff notice. The "Last updated" date at the top of this page reflects the most recent revision.
11. Contact
For questions about this Privacy Policy or FEBS data practices, contact:
- MyCiTi Operations — myciti.operations@capetown.gov.za
- Information Officer — paia@capetown.gov.za