Privacy Policy

Effective date: 1 January 2026  |  Last updated: May 2026
POPIA Compliant. This policy is written in accordance with the Protection of Personal Information Act 4 of 2013 (POPIA), South Africa.
1. Who We Are (Responsible Party)

ASCLEPIUS — Advanced Smart Clinical Ledger for Efficient Practice, Intelligent Unified System — is the responsible party under POPIA for personal information processed through this platform. ASCLEPIUS is a clinical management system serving healthcare professionals across South Africa and 45 other countries.

Contact: For all privacy enquiries, please contact the Information Officer via the platform's built-in support channels.

2. What Personal Information We Collect

We collect only what is necessary to provide clinical management services:

  • Healthcare practitioners: Full name, professional registration number (HPCSA/equivalent), email address, practice details, specialty, login credentials (hashed).
  • Patients: Name, date of birth, ID number, contact details, medical aid information, clinical history, diagnoses, prescriptions, lab results, referrals, and other health records entered by the treating practitioner.
  • Usage data: Page visits, feature usage, and session data for platform security and performance — collected via Google Analytics (anonymised).
3. Why We Process This Information

Personal information is processed for the following lawful purposes:

  • Providing clinical documentation, billing, prescriptions, ward management, and all platform features to registered practitioners.
  • Enabling AI-assisted clinical decision support (Claude / Gemini) — AI outputs are never stored and never used to train models.
  • Compliance with HPCSA Booklet 20 (AI Ethics Guidelines) and applicable medical regulations.
  • Platform security, fraud prevention, and audit trails.
  • Communication related to the practitioner's account.

Patient data is processed on behalf of the treating practitioner (the primary responsible party for their patient's records). ASCLEPIUS acts as an operator.

4. Artificial Intelligence & Data

ASCLEPIUS uses AI models (Anthropic Claude, Google Gemini) as clinical decision support tools. Important safeguards:

  • AI is used to assist practitioners — it never replaces clinical judgment.
  • Patient data submitted to AI models is processed in real time and not retained, stored, or used for model training by the AI providers.
  • All AI usage is disclosed on every page in accordance with HPCSA Booklet 20.
  • Practitioners retain full accountability for all clinical decisions.
5. Who We Share Information With

We do not sell personal information. Information is shared only with:

  • AI service providers (Anthropic, Google) — only as needed to process real-time requests, under data processing agreements.
  • Communication services (Twilio for SMS, SendGrid for email) — only to deliver messages initiated by the practitioner.
  • Analytics (Google Analytics) — anonymised usage data only, no patient records.
  • Law enforcement / regulators — only if required by law.
6. How Long We Keep Information
  • Patient clinical records: Retained for the minimum period required by HPCSA guidelines (generally 6 years for adults, longer for minors) or as instructed by the practitioner.
  • Practitioner account data: Retained for the duration of the active account plus 3 years.
  • Logs and analytics: Maximum 24 months, then deleted.
7. Security Measures
  • All passwords are hashed using industry-standard algorithms — never stored in plain text.
  • Data in transit is encrypted via TLS/HTTPS.
  • Access is role-based — practitioners can only access their own patient records.
  • Session tokens expire automatically.
  • Full audit trail of all clinical actions.
8. Your Rights Under POPIA

You have the right to:

  • Access — request a copy of your personal information held by us.
  • Correction — request correction of inaccurate information.
  • Deletion — request deletion where no legal retention obligation applies.
  • Object — object to processing on grounds relating to your situation.
  • Complain — lodge a complaint with the Information Regulator of South Africa (www.justice.gov.za/inforeg).

To exercise any of these rights, contact the Information Officer through the platform's support channels.

9. International Data Transfers

ASCLEPIUS operates across 46 countries. When patient data is processed by AI services, it may transit international infrastructure. All such transfers are protected by data processing agreements that enforce protections equivalent to or exceeding POPIA requirements.

10. Changes to This Policy

We may update this policy from time to time. The effective date at the top of this page will reflect the most recent revision. Continued use of the platform after changes constitutes acceptance of the updated policy.

Back to Home Terms & Conditions Medical Disclaimer

HPCSA AI Compliance Notice: All AI features in ASCLEPIUS serve as clinical decision support tools only, in accordance with HPCSA Booklet 20 (September 2025) - Ethical Guidelines on the Use of Artificial Intelligence. AI does not replace clinical judgment. The treating health practitioner retains full accountability for all patient care decisions. AI outputs must be independently verified before clinical application.

View Full HPCSA AI Policy & Compliance Details