FAQ
Questions, answered.
What SiteActive does, how it deploys, how the pilot works, and how your data is handled.
What is SiteActive?
SiteActive is a SHERQ operating system — Safety, Health, Environment, Risk and Quality in one live, traceable record — built natively for South African construction, industrial and contractor operations. It is a two-sided platform: corporates manage their own statutory obligations and the contractors they appoint, while contractors prove and maintain their own compliance independently. The principle behind it is simple: on the day it matters, you can show exactly what you can prove, because the architecture is built so compliance can’t quietly lapse unnoticed.
Who is it for?
Two co-equal groups: corporates that appoint and oversee contractors, and the contractors themselves. If you operate under a South African regulatory compliance obligation — the OHS Act, Construction Regulations, COIDA, or environmental and quality standards — it is built for you.
Do we need hardware to use it?
No. SiteActive is software-first and hardware is never a prerequisite. The full platform runs on software alone. The connected environmental, access and emergency hardware layer is an optional add-on for sites that want live sensor data, and is being rolled out separately.
How quickly can we go live?
Software-only deployment in 72 hours — no lengthy implementation project and no foreign framework to retrofit.
What does it actually do?
In one place: live compliance scoring; automatic enforcement through the GTI (Global Threat Index) and Circuit Breaker, which stops non-compliant work before it starts; a three-tier document structure (company vault → site SHE File → project file); contractor requirements mapped to legislation by trade; risk and incident management; a training matrix; a health & safety committee module; live B-BBEE scoring; lone-worker monitoring; ESG and carbon reporting; dedicated insurer and auditor views; and tamper-evident records that are independently verifiable.
Is it really built for South African law?
Yes — natively. South African legislative standards are encoded as the platform’s architecture, not localised onto a foreign product. The regulatory baseline a contractor must meet is generated automatically from their trade and industry.
What are the GTI and Circuit Breaker?
The GTI (Global Threat Index) is a live, continuously-updated risk signal for a site. The Circuit Breaker uses it to enforce — automatically halting non-compliant work before it starts, rather than reporting on it after the fact. Enforcement, not paperwork.
Where is our data stored, and is it secure?
Your data is hosted on enterprise cloud infrastructure in the European Union (Ireland). POPIA does not require in-country storage — it permits cross-border processing where there is a lawful basis, which applies here under the EU’s recognised data-protection adequacy. Records are tamper-evident and independently verifiable, access is role-controlled, and the SiteActive
POPIA Privacy Notice and
PAIA Manual are published in full.
How is our data protected in transit?
Every connection runs over HTTPS with TLS, and the site enforces modern browser-security headers including HSTS. Infrastructure runs on established managed enterprise providers, not self-hosted servers.
Who can see our data?
Access is role-scoped and least-privilege — corporate, contractor, insurer and auditor roles each see only what their role permits, not open by default. Insurers and auditors get dedicated, read-only visibility.
How do we know records haven’t been tampered with?
Key compliance events are captured as tamper-evident, independently verifiable, forensic-grade records — their integrity can be verified long after they were created, without anyone taking SiteActive’s word for it.
How do you run information security internally?
SiteActive’s internal practices are structured around ISO 27001 principles — least-privilege role-scoped access, HTTPS-only with enforced security headers, and managed enterprise infrastructure. The platform can also run with AI switched off: AI handles the routine layer while the appointed responsible person keeps the authority and accountability.
Do we own our data, and can we get it out?
Yes. Your data is yours at all times — SiteActive only processes it on your behalf. You can export it in open, machine-readable formats on demand and on exit at no charge, and on termination SiteActive returns or, on your instruction, securely delete it. Everything you build during the pilot carries straight onto a standard plan with no separate migration.
What happens to our data in a breach or corruption?
Your data runs on managed enterprise infrastructure with provider-grade redundancy and regular automated backups, and is encrypted in transit and at rest. The aim is simple: a breach, a failure or accidental corruption should never cost you your records. Tamper-evident records also let you prove, independently, what a given record held at a given time.
Can we review your security and legal documentation before committing?
Yes. A full procurement validity pack — covering SiteActive’s security posture and roadmap, data-protection position, sub-processors, legal terms and pending-patent detail — is available to corporate evaluators on request. Because it contains sensitive detail, it is released to a named requester by email rather than published openly.
Request the pack →
How does the pilot programme work?
It is a paid pre-launch programme. Applications close 31 July 2026 and the programme commences 4 August 2026. The pilot runs for two months at 50% of the standard plan rate, payable as a single upfront payment before commencement, and placement is confirmed in writing before onboarding.
Apply here →
What if the platform doesn’t deliver?
The pilot is backed by a money-back guarantee, tied to the two outcomes that matter most if they ever failed — the integrity of your evidence trail and platform availability — with measurable success criteria agreed with you in writing before go-live. If a defect is fixable SiteActive fixes it first; if the agreed critical outcomes are missed, your pilot fee is refunded. Full conditions are confirmed in writing as part of placement.
What happens after the pilot?
At the end of the two months you can move onto a standard monthly plan, and everything you have built — documents, records and history — carries straight across. There is no separate migration.
What does it cost?
Plans are tiered: Contractor from R499/month, Business from R9,990/month, and Enterprise from R34,990/month, with a 10% discount on annual billing. There is a free trial of up to 3 projects, no card required. Separately, you can onboard a contractor or sub-contractor with a free upload link — they submit their compliance to your site with no account or subscription, scoped to that one site. Full breakdown on the
pricing page →
How do we get started?
Three ways:
apply for the pilot, book a
demo, or join the launch list on the home page to be notified when SiteActive opens to everyone.