Terms of Service
1. Acceptance of Terms
By accessing and using the Clinical Documentation System ("the Service"), you agree to be bound by these Terms of Service. This Service is designed exclusively for registered healthcare professionals in South Africa who are authorised to provide therapeutic services.
2. Description of Service
The Clinical Documentation System is an AI-powered documentation assistant that helps therapists and healthcare professionals create clinical notes, process attendance records, and generate reports. The Service includes:
- Voice-to-text transcription for clinical documentation
- Attendance sheet processing using optical character recognition
- Automated Excel report generation
- AI-assisted note creation and formatting
- Email delivery of generated reports
3. User Eligibility
To use this Service, you must:
- Be a registered healthcare professional with the Health Professions Council of South Africa (HPCSA) or relevant professional body
- Have valid professional indemnity insurance
- Be at least 18 years of age
- Have the legal authority to enter into binding agreements
4. User Responsibilities
As a user of this Service, you are responsible for:
- Maintaining the confidentiality of your account credentials
- Ensuring all patient information entered is accurate
- Complying with all applicable healthcare regulations and ethical guidelines
- Obtaining appropriate consent from patients before processing their information
- Reviewing and verifying all AI-generated content before use
Important: The AI-generated content is intended as a drafting aid only. All clinical documentation must be reviewed, verified, and approved by the treating healthcare professional before use.
5. Token System
The Service operates on a token-based system where:
- Tokens are purchased in South African Rand (ZAR) at a rate of R1 = 1 token
- Different actions consume varying amounts of tokens based on complexity
- Tokens are non-transferable between accounts
- Token balances do not expire
6. Intellectual Property
All content, features, and functionality of the Service are owned by the Service provider and are protected by South African and international copyright, trademark, and other intellectual property laws. Users retain ownership of their clinical content created using the Service.
7. Limitation of Liability
The Service is provided "as is" without warranties of any kind. We are not liable for:
- Clinical decisions made based on AI-generated content
- Errors in transcription or document processing
- Service interruptions or technical failures
- Indirect, incidental, or consequential damages
8. Governing Law
These Terms shall be governed by and construed in accordance with the laws of the Republic of South Africa. Any disputes shall be subject to the exclusive jurisdiction of the South African courts.
Privacy Policy
1. Information We Collect
Account Information
- Full name and professional title
- Email address
- Practice/facility name
- HPCSA registration number (for verification)
Patient Information (Processed Only)
We process but do not permanently store patient clinical data. The only patient-related information retained is:
- Patient names (stored securely for spelling correction purposes)
Privacy by Design: Clinical notes, voice recordings, and generated reports are processed in real-time and not retained on our servers after delivery to the healthcare professional.
Usage Information
- Token transaction history
- Feature usage statistics (anonymised)
- Login timestamps and IP addresses (for security)
2. How We Use Your Information
We use collected information to:
- Provide and improve our documentation services
- Process token purchases and maintain account balances
- Send important service notifications
- Comply with legal obligations
- Prevent fraud and ensure security
3. Data Security
We implement industry-standard security measures including:
- 256-bit SSL/TLS encryption for all data transmission
- Encrypted database storage
- Regular security audits and penetration testing
- Role-based access controls
- Secure password hashing
4. Third-Party Services
We use the following third-party services:
- OpenAI: For AI processing (data processed per OpenAI's enterprise terms)
- Paystack: For payment processing (PCI-DSS compliant)
- Email Services: For report delivery
5. Your Rights
Under POPIA, you have the right to:
- Access your personal information
- Request correction of inaccurate data
- Request deletion of your data
- Object to certain processing activities
- Lodge a complaint with the Information Regulator
POPIA Compliance Statement
The Clinical Documentation System is fully compliant with the Protection of Personal Information Act (POPIA), Act 4 of 2013. This statement outlines our commitment to protecting personal information in accordance with South African law.
1. Responsible Party
The Clinical Documentation System acts as a responsible party under POPIA for user account data, and as an operator for any patient information processed on behalf of healthcare professionals.
2. Lawful Processing
We process personal information only when:
- The data subject (or their guardian) has consented
- Processing is necessary for the performance of a contract
- Processing is required by law
- Processing protects the legitimate interests of the data subject
3. Health Information
We recognise that health information is classified as "special personal information" under Section 26 of POPIA. Our processing of such information is:
- Performed on behalf of registered healthcare professionals
- Necessary for medical treatment or healthcare management
- Subject to professional confidentiality obligations
- Minimised to only what is necessary for the service
4. Eight Conditions for Lawful Processing
We adhere to all eight conditions prescribed by POPIA:
- Accountability: We take responsibility for all personal information processing
- Processing Limitation: We collect only necessary information with proper consent
- Purpose Specification: Information is collected for specific, defined purposes
- Further Processing Limitation: We do not use data for incompatible purposes
- Information Quality: We maintain accurate and up-to-date records
- Openness: We are transparent about our data processing activities
- Security Safeguards: We implement appropriate technical and organisational measures
- Data Subject Participation: We respect and facilitate user rights
5. Data Breach Notification
In the event of a data breach that may harm data subjects, we will:
- Notify the Information Regulator as soon as reasonably possible
- Notify affected data subjects without undue delay
- Provide details of the breach and recommended protective actions
- Document all breaches and remediation steps
6. Cross-Border Transfers
Some data processing may involve international transfers (e.g., AI processing). We ensure such transfers comply with POPIA Section 72 requirements by:
- Using processors with equivalent privacy protections
- Implementing appropriate contractual safeguards
- Minimising the data transferred
7. Information Officer
For POPIA-related queries or to exercise your rights, please contact our designated Information Officer using the contact details provided below.
HPCSA Guidelines Compliance
This Service is designed to support healthcare professionals in maintaining compliance with the Health Professions Council of South Africa (HPCSA) Ethical Guidelines, particularly Booklet 10: General Ethical Guidelines for Good Practice in Telehealth.
1. Scope of Service
The Clinical Documentation System is a documentation tool, not a telehealth platform. It assists with:
- Creating clinical notes from voice recordings
- Processing attendance records
- Generating administrative reports
Note: This Service does not facilitate direct patient consultations. All patient interactions must occur through appropriate clinical channels in compliance with HPCSA requirements.
2. Professional Responsibility
In accordance with HPCSA guidelines:
- Healthcare professionals remain fully responsible for all clinical decisions
- AI-generated content must be reviewed and approved before use
- The Service supplements, but does not replace, professional judgment
- Users must maintain appropriate professional indemnity coverage
3. Confidentiality
We support HPCSA confidentiality requirements by:
- Implementing secure data transmission protocols
- Minimising retention of patient information
- Restricting access to authorised users only
- Providing audit trails for compliance purposes
4. Record Keeping
While we facilitate documentation, healthcare professionals must:
- Maintain their own patient records as required by law
- Retain records for the prescribed periods
- Ensure records are stored securely
- Make records available for regulatory inspection when required
5. Ethical AI Use
We commit to ethical AI practices aligned with healthcare standards:
- Transparent about AI involvement in document creation
- No automated clinical decision-making
- Human oversight required for all outputs
- Regular review of AI accuracy and performance
Refund Policy
1. Token Purchase Refunds
Tokens are digital credits used to access Service features. Our refund policy for token purchases is as follows:
Eligible for Refund
- Technical errors resulting in duplicate charges
- Tokens not credited due to payment processing failures
- Service outages exceeding 24 consecutive hours (pro-rata refund)
Not Eligible for Refund
- Tokens that have been used
- Dissatisfaction with AI-generated output quality
- Change of mind after purchase
- Partial use of token bundles
2. Refund Process
To request a refund:
- Contact our support team within 14 days of the transaction
- Provide your transaction reference number
- Describe the reason for your refund request
- Allow up to 10 business days for review
3. Refund Method
Approved refunds will be processed via the original payment method. Processing times depend on your financial institution but typically take 5-10 business days.
4. Consumer Protection Act
This policy operates in conjunction with your rights under the Consumer Protection Act 68 of 2008. Nothing in this policy limits your statutory rights.
Cancellation Policy
1. Account Cancellation
You may cancel your account at any time by:
- Contacting our support team via email
- Providing written notice of cancellation
2. Effect of Cancellation
Upon account cancellation:
- Your access to the Service will be terminated
- Unused tokens will be forfeited and are non-refundable
- Your account data will be retained for 30 days, then deleted
- Patient names in your database will be permanently deleted
3. Data Export
Before cancelling, you may request an export of:
- Your account information
- Token transaction history
- Patient names list (if stored)
4. Reactivation
If you wish to reactivate your account within 30 days of cancellation, contact our support team. After 30 days, you will need to create a new account.
5. Service Termination by Provider
We reserve the right to suspend or terminate accounts for:
- Violation of these Terms of Service
- Fraudulent or illegal activities
- Misuse of the Service
- Non-payment of fees
In such cases, we will provide reasonable notice where possible and comply with applicable laws.
Data Retention Policy
1. Retention Periods
| Data Type |
Retention Period |
Basis |
| Account Information |
Duration of account + 30 days |
Service provision |
| Token Transaction Records |
5 years |
Financial regulations |
| Patient Names |
Until deletion requested or account closed |
Service functionality |
| Clinical Content (voice, notes) |
Not retained after processing |
Privacy by design |
| Security Logs |
12 months |
Security requirements |
2. Healthcare Professional Obligations
Please note that healthcare professionals have their own legal obligations for patient record retention, which may include:
- Adults: Minimum 5 years from last consultation
- Minors: Until the patient reaches age 21
- Specific conditions may require longer retention
You are responsible for maintaining your own clinical records in accordance with HPCSA guidelines and applicable legislation.