Skip to content
Gesondheid

Privacy Policy

Last updated: April 2026

Gesondheid (“we”, “our”, or “us”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, and safeguard your information when you use our Patient Relationship Management application and related services. We comply with South Africa’s Protection of Personal Information Act (POPIA) and guidelines from the Health Professions Council of South Africa (HPCSA).

Information We Collect

Section titled “Information We Collect”

We collect information you provide directly to us:

  • Practitioner Account Information: When you create an account, we collect your name, email address, practice details, HPCSA registration number, and password.
  • Patient Data: With your explicit consent and in compliance with POPIA, we create and manage patient records including demographics (name, ID number, contact details), medical history, consultation notes, diagnoses, and medical aid information.
  • Consultation Records: We store detailed records of patient visits, symptoms, diagnoses using ICD-10 codes, treatment plans, prescriptions, and follow-up notes. All data is encrypted and access-logged.

We also collect automatically:

  • Usage Data: IP address, browser type, pages visited, and time stamps to improve service and security.
  • Device Information: For mobile access, we collect device type and OS version.

How We Use Your Information

Section titled “How We Use Your Information”
  • Service Delivery: To manage your practice, store patient records, generate invoices, and facilitate consultations.
  • Communication: Sending account updates, billing notifications, and practice reminders via email/SMS.
  • Compliance & Security: Audit trails for HPCSA/POPIA compliance, fraud detection, and data backups via Litestream.
  • Improvement: Anonymized analytics to enhance features (e.g., common consultation patterns).

We do not sell your data. Patient information is only shared with your explicit consent or as required by law (e.g., court order, public health reporting).

Data Protection

Section titled “Data Protection”
  • All data is stored in South Africa on secure servers.
  • Encryption: AES-256 at rest, TLS 1.3 in transit.
  • Access: Role-based (practitioner vs. admin), with 2FA required.
  • Retention: Patient records kept as long as needed for treatment/legal purposes; deleted upon request after 5-year minimum for audits.

Your Rights Under POPIA

Section titled “Your Rights Under POPIA”
  • Access, correct, or delete your personal information.
  • Object to processing or withdraw consent.
  • Lodge complaints with the Information Regulator.

Contact us to exercise these rights.

Cookies & Tracking

Section titled “Cookies & Tracking”

We use essential cookies for authentication and session management. No third-party trackers without consent.

Changes to This Policy

Section titled “Changes to This Policy”

We may update this policy. Changes will be posted here and notified via email for significant updates.

Contact

Section titled “Contact”

For privacy questions: privacy@gesondheid.co.za