ITHealth Privacy Policy

1. Introduction

Welcome to ITHealth (Pty) Ltd ("we," "us," "our," or "ITHealth"). We are committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website www.ithealth.ai, our mobile application, and any of our related services (collectively, the "Services").

Please read this Privacy Policy carefully. By using our Services, you agree to the collection and use of information in accordance with this policy. If you do not agree with the terms of this privacy policy, please do not access or use the Services.

This policy is designed to be compliant with major privacy regulations, including but not limited to South Africa's Protection of Personal Information Act (POPIA), the EU's General Data Protection Regulation (GDPR), and the U.S. Health Insurance Portability and Accountability Act (HIPAA), as applicable to our users.

2. Information We Collect

We may collect information about you in a variety of ways. The information we may collect via the Services includes:

A. Personal and Health Information

This is information that can be used to identify you and relates to your health. We collect this information when you voluntarily provide it to us, such as when you:

• Create an account
• Fill out patient intake forms or health questionnaires
• Communicate with healthcare providers through the Services
• Manually enter data (e.g., symptoms, medications, appointments)
• Upload medical records or lab results

This information may include:

• Personal Identifiers: Your full name, email address, phone number, date of birth, ID number, and home address
• Protected Health Information (PHI) / Special Personal Information: Medical history, symptoms, diagnoses, treatment plans, medications, healthcare provider notes, insurance information, and lab results
• Demographic Data: Age, gender, and other information you may provide

B. Data Collected Automatically

When you access or use our Services, we may automatically collect information about your device and usage, including:

• Device Information: Your mobile device's ID, model, operating system, and IP address
• Usage Data: Information about how you use the Services, such as the features you use, the pages you visit, and the times you access the platform
• Geolocation Data: We may request access to location-based information from your mobile device. You may disable this in your device settings
• Cookies and Tracking: We use cookies, web beacons, and similar tracking technologies

C. Information from Other Sources

We may also obtain information about you from other sources, such as:

• Healthcare Providers: Your doctor or clinic may provide us with your health information to facilitate your care
• Third-Party Devices: With your consent, we may collect data from connected health devices (e.g., fitness trackers, blood pressure monitors)
• Business Associates: Third-party services that support our platform (e.g., payment processors, analytics tools)

3. How We Use Your Information

We use the information we collect for various purposes, including:

• To Provide and Manage Services: To create your account, provide our Services, and facilitate consultations and treatment
• To Communicate With You: To send you service-related notices, security alerts, and appointment reminders
• For Treatment, Payment, and Operations:
  • Treatment: To allow healthcare providers to diagnose and treat you
  • Payment: To process payments and verify insurance
  • Health Care Operations: For quality assurance, training, and improving our Services
• To Improve Our Services: To analyze usage data to improve our platform's functionality
• For Legal and Security Purposes: To comply with legal obligations (including POPIA), respond to legal requests, and protect our rights
• For Marketing (With Your Consent): With your explicit, opt-in consent, we may use your non-sensitive personal information to send you newsletters. We will never use your health information for marketing without your explicit written authorization.

4. How We Share and Disclose Your Information

We do not sell your personal information. We may share your information in the following limited circumstances:

• With Healthcare Providers: To provide you with treatment, we share your information with the provider(s) you interact with on our platform
• With Operators / Business Associates: We may share information with third-party vendors who perform services for us (e.g., cloud hosting, payment processing). We have agreements in place that require them to protect your information in compliance with POPIA and other applicable laws
• As Required by Law: We may disclose your information if required to do so by law, such as in response to a court order or subpoena
• To Protect Rights and Safety: To prevent imminent harm, investigate policy violations, or protect the rights and property of ITHealth
• In Case of a Business Transfer: If we are involved in a merger, acquisition, or sale of assets, your information may be transferred
• With Your Explicit Consent: We may share your information with any other third party with your prior consent

5. Data Security

We implement robust administrative, physical, and technical safeguards to protect the security and confidentiality of your information. These measures include:

• Encryption: All health information is encrypted both "at rest" (when stored) and "in transit" (when sent over the internet)
• Access Controls: We limit access to your personal information to employees and contractors who have a legitimate need to access it and are bound by strict confidentiality obligations
• Auditing and Monitoring: We maintain audit logs to track access and changes to your information
• Employee Training: We provide regular privacy and security training (including POPIA and HIPAA training) to our staff

While we take all reasonable steps to protect your information, no security system is impenetrable.

6. Data Retention

We will only retain your personal information for as long as necessary to fulfill the purposes we collected it for, including for satisfying any legal, medical record, accounting, or reporting requirements. After this period, your information will be securely deleted or anonymized.

7. Your Rights and Choices

You have specific rights regarding your personal information. Depending on your location, these rights may include:

• Right to Access: You have the right to request a copy of the personal information we hold about you
• Right to Amend/Correct: You have the right to request that we correct or update any information you believe is inaccurate or incomplete
• Right to Deletion (Right to be Forgotten): You may have the right to request that we delete your personal information, subject to certain legal exceptions (e.g., medical record retention laws)
• Right to Object to Processing: You have the right to object to us processing your personal information
• Right to Request Restrictions: You have the right to request a restriction on how we use or disclose your information
• Right to Opt-Out: You can opt-out of marketing communications at any time

To exercise any of these rights, please contact us at info@ithealth.ai. We will respond to your request in accordance with applicable law.

8. International Data Transfers

Our company is based in South Africa. Your information may be transferred to, and maintained on, computers located outside of your state, province, country, or other governmental jurisdiction where the data protection laws may differ. We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this Privacy Policy and POPIA's requirements for cross-border data flows.

9. Children's Privacy

Our Services are not intended for children under the age of 18. We do not knowingly collect personal information from children without parental consent. If we become aware that we have collected such information, we will take steps to delete it.

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last Updated" date.

11. Contact Us

If you have any questions, concerns, or complaints about this Privacy Policy or our data practices, please contact our Privacy Officer (or Information Officer, as per POPIA):