1. Introduction

Meditag South Africa (Pty) Ltd ("Meditag South Africa", “Meditag SA”, “Meditag”, “we”, “us”, or “our”) operates the Meditag app. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information, including sensitive health data (medical history, examinations, prescriptions, lab results, X-rays, and CT scan images), when you use our services in South Africa.

We are committed to protecting your privacy in accordance with the Protection of Personal Information Act, 2013 (POPIA) and the ethical guidelines of the Health Professions Council of South Africa (HPCSA).

2. Data We Collect

We collect:

  • Personal Information: Name, email, phone number, date of birth, and account details provided during registration.
  • Health Data: Medical history, examinations, prescriptions, lab results, X-rays, CT scans, and other medical information you choose to log.
  • Usage Data: Analytics on how you interact with the app, device information, IP address, and browser type.

3. How We Use Data

Your data is used to:

  • Provide and improve Meditag services, including secure storage and access to your medical records.
  • Enable you to share records with healthcare professionals when you choose.
  • Personalise your experience and deliver relevant health insights.
  • Comply with legal and professional obligations, including POPIA and HPCSA guidelines on patient records.

4. Data Sharing

We may share data with:

  • Service Providers: Trusted partners for hosting, analytics, and support who are bound by strict confidentiality agreements and POPIA-compliant processing agreements.
  • Healthcare Professionals: Only when you explicitly authorise sharing of your records.
  • Legal Authorities: When required by South African law or to protect our rights or the safety of users.

We do not sell your personal or health data to third parties.

5. Data Security

We implement industry-standard measures including:

  • Encryption for data in transit and at rest.
  • Strict access controls and regular security audits.
  • Secure storage of sensitive health records in compliance with POPIA and HPCSA ethical standards.

6. Account Deletion and Personal Information Erasure

You may request deletion of your Meditag account and associated personal information at any time directly through the app (Settings → Account → Delete Account). We will process your request without undue delay and in accordance with POPIA Section 24 (right to correction, destruction, or deletion of personal information).

What Happens When You Request Deletion

  • Immediate steps: Upon confirmation, we will permanently delete your account profile, login credentials, contact details, and any directly identifiable personal information not required for legal retention.
  • Health records: We will de-identify (anonymise) your medical records by removing names, ID numbers, contact details, device identifiers, and any linking metadata so they can no longer be attributed to you.

What is Retained (De-identified Only)

Certain de-identified health records may be kept for the periods required or authorised by law or professional guidelines, including:

  • A minimum of 6 years after the record becomes dormant (last entry or treatment) for adult users.
  • Until the user’s 21st birthday for records of minors.
  • For the user’s lifetime for mentally incapacitated users.
  • 20 years after treatment ends for occupational illness/injury records (Occupational Health and Safety Act).
  • Longer periods where required for legal defence, audit, research, or statistical purposes (with appropriate safeguards under POPIA Section 14).

These retained records are stored securely in a de-identified form that prevents reconstruction of your identity and are used only for legitimate legal or compliance purposes.

Timeline

  • We will confirm receipt of your deletion request immediately.
  • Identifiable personal information (non-medical) will be deleted or de-identified within 30 days.
  • Full processing (including any manual review of health records) may take up to 30 days in total. You will receive email confirmation once complete.
  • De-identified medical records will be irreversibly deleted at the end of the applicable retention period.

Important: Deleting your account does not automatically cancel any active subscriptions (manage these via the Billing area on the patient portal).

7. Your Rights

You have the right to:

  • Access, correct, or request deletion of your personal data (see Account Deletion section above).
  • Object to or restrict certain processing of your data.
  • Withdraw consent where processing is based on consent.
  • Opt out of marketing communications.

We will respond to rights requests without undue delay and in accordance with POPIA.

8. Contact Us

For privacy concerns, account deletion requests, or any other questions, contact our Information Officer at legal@meditag.co.za or support@meditag.co.za.

Questions About Privacy?

Contact our team for more information about how we protect your data in South Africa.

Contact Us