Safedisk automates certified data destruction for South African businesses. Every retired PC, laptop and server is cryptographically erased, verified, and documented — with a legally-defensible Certificate of Destruction issued the moment the job is done.
No technician visits. No USB fiddling. No guesswork. Your IT admin clicks Wipe — the machine does the rest.
Sign up, add your company and register each PC, laptop or server in the Safedisk portal. The Safedisk agent installs in minutes and reports the machine's hardware fingerprint, drive inventory and encryption status.
When a machine is ready for retirement, your IT admin opens the portal, selects the device and clicks Authorise Wipe. A confirmation dialog requires typing the machine's serial number — preventing any accidental erasure.
The machine erases itself and reports completion. A NIST SP 800-88r2 Certificate of Destruction is generated immediately — listing every drive, the sanitisation method used, and the operator who authorised it.
Solid-state drives hide data from the operating system using a firmware layer that traditional overwrite tools never reach. Safedisk navigates this automatically.
Your OS writes to logical block addresses. The SSD's firmware silently remaps those writes to different physical NAND pages for wear-levelling. Overwriting block 0x1A00 does not erase the data — it just writes to a new location. The old page sits untouched until the controller decides to garbage-collect it.
SSDs reserve a hidden portion of NAND — typically 7–28% — as spare area for background operations. This region has no logical block address. It is invisible to the OS and to every file-delete, format, or overwrite operation. Data remnants can persist here indefinitely.
BIOS and UEFI firmware commonly put drive security into a "frozen" state during the power-on sequence — before the OS loads. In this state, the drive silently rejects ATA Secure Erase commands without error. Most erasure tools miss this entirely and report success when nothing happened.
| Vendor | Primary method | What Safedisk does |
|---|---|---|
| Samsung | ATA Secure Erase, TCG Opal | Identifies Opal state. Issues TCG crypto-erase if active; falls back to ATA SECURITY ERASE UNIT with frozen-state handling. |
| Micron / Crucial | ATA Secure Erase, NVMe Sanitize, Crypto Erase | For NVMe, issues nvme sanitize --sanact=4 (crypto-erase) then polls sanitize-log to confirm. SATA uses standard ATA path. |
| Intel Optane | ipmctl / ndctl crypto-erase | Detects Persistent Memory device type. Invokes ndctl --crypto-erase rather than standard ATA — avoids firmware rejections on Optane hardware. |
| ADATA | ATA Secure Erase, TCG Opal 2.0 | Queries Opal 2.0 lock status. PSID Revert used if drive is locked; otherwise TCG key rotation for instant erasure. |
| Kingston | ATA Secure Erase | Standard ATA path with post-erase pattern write/read verification to confirm firmware executed the command — not just logged it. |
| Any HDD | Overwrite (not applicable) | BitLocker / LUKS / VeraCrypt key-escrow path. Key destroyed at wipe time. NIST 800-88r2 Purge via Cryptographic Erase. |
| Apple T2 / M1 / M2 / M3 | Secure Enclave key destruction | Interfaces with Apple Bridge OS to trigger destroyFVKey. The Secure Enclave purges the media encryption key from dedicated internal SRAM — soldered NAND instantly becomes cryptographically scrambled. No NAND overwrite needed or possible. |
| USB / SD / CF | Fill-to-capacity + 3-pass overwrite | Fills device to 100% capacity to force controller OP-area cycling, then overwrites all LBAs with 0x00, 0xFF, and random data. Pattern read-back confirms every accessible block was reached. |
| VMware / Hyper-V VMs | SCSI UNMAP + WRITE SAME via PVSCSI | Communicates through the para-virtualised storage driver (PVSCSI) to issue SCSI commands to the physical datastore. Handles thin-provisioned VMDK/VHD/VHDX. Reclaims and scrubs blocks at the physical SAN/datastore level. |
South African law does not name NIST SP 800-88r2 — but it is the international benchmark for how to fulfil POPIA's legal obligations for data destruction.
Personal information cannot be kept longer than necessary. Once the purpose expires, data must be destroyed.
Responsible parties must implement "appropriate, reasonable technical and organisational measures" to prevent loss or unauthorised access to personal information.
A recovered hard drive sold on the secondary market is a notifiable security compromise — mandatory report to the Information Regulator and all affected individuals.
The April 2025 amendments give data subjects stronger rights to request deletion of all their personal information across your systems.
NIST SP 800-88r2 compliant PDF. Lists every drive, serial number, sanitisation method, operator and timestamp. Accepted by auditors, insurers and the Information Regulator.
A complete, live inventory of every machine in your fleet — make, model, serial, assigned user, location and wipe status. Export to CSV or PDF for audits.
Each agent is cryptographically bound to its hardware. Wrong machine? Wrong fingerprint. The wipe is rejected before a single byte is touched.
Windows (BitLocker), Linux (LUKS), macOS (FileVault) and VeraCrypt as a universal fallback. HDDs, SSDs and NVMe drives. From 2005 Pentiums to 2025 workstations.
On UEFI machines (2012+), the agent programs the firmware directly. One click in the portal and the machine reboots, wipes itself and powers off. No USB. No BIOS entry. No technician.
Role-based access: Company Admin, IT Operator and Read-Only (for auditors). Full activity log per user. Integrates with your existing IT workflow.
Every action — registration, approval, wipe authorisation, certificate issuance — is logged with user account, IP address and timestamp. Cannot be edited or deleted.
For maximum assurance, boot the machine directly from our server. Linux loads into RAM. Every drive — including the OS drive — is overwritten with DoD 5220.22-M (7 passes) or NVMe Secure Erase.
Macs with T2, M1, M2 or M3 chips store encryption keys inside the Secure Enclave — a dedicated hardware security module soldered to the SoC. Safedisk destroys the Secure Enclave keys, making soldered NAND chips instantly and permanently unreadable. No overwrite required.
USB drives, SD cards and CF cards use flash controllers with limited FTLs. Safedisk fills the device to 100% capacity — forcing the controller to cycle through all spare blocks — then overwrites with a 3-pass pattern (0x00, 0xFF, random). Every worn-out replacement block is reached.
VMDK, VHD and VHDX files on VMware and Hyper-V platforms. Safedisk communicates through the para-virtualised storage driver, passing SCSI UNMAP and WRITE SAME commands to the physical datastore. Thin-provisioned space is reclaimed and scrubbed at the block level on the underlying array.
Target specific files, folders or user profiles without wiping the whole drive. Safedisk forces a physical overwrite of the exact LBA clusters the file occupies, including slack space — preventing recovery tools from reading residual data after a standard deletion.
All plans include unlimited users, unlimited certificates, and South African data hosting.
Join South African businesses that have replaced spreadsheets and guesswork with certified, automated data destruction.