Privacy Policy
Effective Date: 2nd June 2025
Last Updated: 2nd June 2025
At Vitals Up (Pty) Ltd, we are committed to protecting the privacy and personal information of both healthcare professionals and their patients. This Privacy Policy outlines how we collect, store and use your data in accordance with the Protection of Personal Information Act (POPIA) and applicable international data protection laws, including the General Data Protection Regulation (GDPR).
1. Who We Are
Vitals Up is a technology platform that enables healthcare professionals to send co-branded, informative newsletters to their patients. Our platform is built to support modern patient engagement while maintaining the highest standards of privacy and compliance.
2. What Information We Collect
From Doctors / Healthcare Professionals:
- Full name and contact details
- Practice name
- Headshot (optional)
- Newsletter preferences (e.g., frequency, name, color theme)
- Email address used for sending newsletters
- Preferred booking system and integrations (if applicable)
From Patients (via doctor upload only):
- Email addresses only
- No other personal, medical, or identifying data is stored about patients.
3. How We Use Your Data
We use your data to:
- Personalize and send your newsletter to patients
- Offer optional features like booking links and recall reminders
- Improve user experience and platform performance
- Ensure compliance with data protection laws
4. Where Your Data Is Stored
All data is securely stored on Supabase servers hosted in the European Union (Germany).
These servers are fully GDPR-compliant, and we implement encryption in transit and at rest to protect personal data.
No data is ever sold, rented, or shared with third parties for marketing purposes.
In accordance with Section 72 of POPIA, we confirm that all personal data hosted outside South Africa is protected by adequate data protection legislation, and we have implemented necessary safeguards.
5. Data Minimization & Security
- We only collect and store the minimum required data to deliver our services.
- Patient email lists are uploaded by doctors via a secure, encrypted portal.
- We use HTTPS, encrypted databases, and secure storage practices across our infrastructure.
- Access to patient data is limited to essential backend operations only.
6. Newsletter and Unsubscribe Options
Each patient newsletter includes a clear unsubscribe link in compliance with POPIA and GDPR. Patients can opt out at any time and their email address will be automatically removed from future communications.
7. Data Retention and Deletion
- Patient email addresses are stored only while a practice is actively using our platform.
- Upon account cancellation, all patient data is deleted from our systems in accordance with our Data Retention Policy.
- Doctors may request a data export before cancellation.
8. Your Rights
Under POPIA and GDPR, you have the right to:
- Access the data we hold about you
- Request correction or deletion of personal information
- Object to processing in certain circumstances
- Lodge a complaint with the Information Regulator (South Africa) or applicable EU authority
To exercise your rights or contact our data protection officer, email: privacy@vitalsup.co.za
9. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in technology, law, or our business. When we do, we'll revise the "Last Updated" date and notify users as required.
10. Contact Us
If you have any questions about this policy or how we handle data, please contact: