← BACK TO HOME

Compliance & Security you can defend in an audit.

LiftSafe was designed from day one around the actual regulatory framework that governs lifting equipment in South Africa — not generic “inspection software”.

Primary Legislation & Standards

OHS Act 85 of 1993 + Driven Machinery Regulations (DMR 18)
Governs most general industry lifting machinery and tackle. LME registration with ECSA, inspector competencies (LMI/LTI), certificate of fitness requirements.
Mine Health and Safety Act (MHSA) + DMR
Underground and surface mines. Additional requirements for lifting at mines. Our 6-section structure and NDT/Wire rope modules directly support mine compliance.

Key SANS / ISO Standards Implemented

Every form and certificate is mapped field-by-field from the governing standard. The 6-section index in the mobile app mirrors the regulatory scopes (LMI vs LTI vs LI vs NDT).

  • SANS 19:2018 — Mobile cranes
  • SANS 10375:2018 — Overhead & monorail
  • SANS 500:2023 — Chain blocks & lever hoists (in-service)
  • SANS 10388:2019 — Lift trucks (forklifts, telehandlers, pallet)
  • SANS 18893 — MEWPs / EWPs
  • SANS 1545-5 (and 1545-1/2/4) — Goods & passenger lifts
  • SANS 1126 / 1614 — Vehicle jacks & support stands
  • EN 1493 — Vehicle lifts (2-post / 4-post)
  • SANS 2972 / 687 / 1824 — Lifting tackle & attachments
  • SANS 50363 + EN 363 series — Fall arrest / personal fall protection
  • SANS 4309 / 10369 — Wire rope inspection & MFL
  • SANS 9934 / 3452 / 17640 / 9712 — NDT methods & personnel
  • ASME B30.7 / B30.24 — Winches & container cranes
  • Many more (full list in mobile inspections index)

POPIA & Data Residency (Critical for South Africa)

All customer data (clients, assets, inspections, certificates, signatures, photos) is stored on Supabase self-hosted on Xneelo VPS in Johannesburg (jnb1). No cross-border transfer of personal or operational data for normal operations.

AI “brain” queries (standards_facts + document_chunks) contain zero PII — only public SANS text and embeddings. All AI calls go through the liftsafe-brain Edge Function (never direct from client).

RESPONSIBLE PARTY = YOUR LME COMPANY. LIFTSAFE IS THE OPERATOR.

Technical & Security Controls

  • • Row Level Security (RLS) on every table — lme_company_id isolation enforced at the database. Company A can never see Company B’s data.
  • • All mutations go through SECURITY DEFINER RPCs (submit_inspection, next_certificate_number, log_audit, etc.). No raw writes from client.
  • • Certificates are immutable once created. Amendment records required for corrections.
  • • Full audit_log for privileged actions (inspection submit, certificate issuance, profile changes, inspector management).
  • • No API keys in mobile or web client bundles.
  • • Signatures captured on-device → PNG → embedded. Photos compressed ≤800px.
  • • Every certificate carries the exact normative references and legal declaration required under OHS/MHSA.
This is not generic “compliance software”. The entire data model, form library, PDF templates and certificate rules were built to satisfy the exact requirements an LME will be audited against by the Department of Labour, ECSA, LEEASA, and mine inspectors.
START A COMPLIANT LME ACCOUNT