Security, compliance, and data-handling on record.

Regulatory registrations

• Zimbabwe Republic Police (ZRP) registered as a private security services provider.
• Ministry of Home Affairs — Private Security Licence (current).
• Security Association of Zimbabwe (SAZ) — active member.

Data handling

Guard Track — our operations platform — is self-hosted on infrastructure in Zimbabwe. Client data does not leave the jurisdiction. Access is role-based, audit-logged, and subject to annual internal review.

• CCTV footage retained per client contract, typically 30–90 days.
• Incident records retained for 7 years (or client-specified, whichever is longer).
• Officer biometric data (face embeddings) kept for active-employment duration only.
• Backups encrypted at rest, geographically separated inside Zimbabwe.

Compliance alignment

We align our internal policies to the Cyber and Data Protection Act 2021 (Zimbabwe) and, where applicable to international clients, to GDPR principles of lawful basis and minimisation.

Responsible disclosure

If you believe you've found a security issue in our platform or public site, please email security@cliffsecurity.co.zw. We acknowledge within one working day and work a structured disclosure timeline from there. See /legal/vulnerability-disclosure for the full policy.

ISO 27001 target state

We are currently in internal audit toward ISO 27001 certification. Target state for external audit: Q4 2026. We will publish the certificate on achievement.

Contact our trust team

For security questionnaires, SOC 2-style attestation requests, or contract-review enquiries: email trust@cliffsecurity.co.zw. We respond within three working days.