iKambi Health

Privacy

Privacy Policy

Last updated: 23 May 2026

1. Purpose

This Privacy Policy explains how iKambi Health collects, uses, stores, and protects personal information when people visit our website, communicate with us, or use the iKambi Health practice management platform.

iKambi Health is designed for South African private healthcare practices. Because the platform can contain patient health information, we treat privacy, confidentiality, and access control as core product requirements.

2. POPIA roles

For patient records, consultation notes, medical-aid details, invoices, and practice-managed data, the healthcare practice is generally the responsible party under POPIA. iKambi Health generally acts as an operator that processes this information on the practice’s instructions.

For information we collect directly for our own business purposes, such as sales enquiries, platform administration, billing, support, security, and service analytics, iKambi Health acts as the responsible party.

3. Information we process

Depending on how iKambi Health is used, information may include:

  • practice information, including practice name, contact details, banking details, logos, and subscription records;
  • user information, including names, email addresses, roles, phone numbers, sign-in data, and audit events;
  • patient information entered by practices, including demographics, contact details, medical-aid details, appointments, notes, invoices, payments, and documents;
  • health and clinical information entered by authorised practice users;
  • billing and payment metadata for iKambi Health subscription invoices; and
  • technical information such as IP addresses, user agents, logs, device/browser information, and security events.

4. Why we process information

We process personal information to:

  • provide, secure, maintain, and improve iKambi Health;
  • create and manage practice workspaces and user accounts;
  • support appointments, patient records, consultations, invoices, reports, and medical-aid workflows;
  • send invitations, password resets, invoices, operational notices, and support messages;
  • administer iKambi Health subscriptions, payments, and platform billing;
  • detect abuse, investigate incidents, maintain audit trails, and protect users; and
  • comply with legal, accounting, tax, security, and regulatory obligations.

5. Health information and confidentiality

Health information is special personal information under POPIA. Practices must ensure they have the legal basis, patient notices, consents, professional duties, and internal controls required to process health information in iKambi Health.

iKambi Health personnel do not access patient information except where necessary to provide support, investigate security or operational issues, comply with law, or perform authorised platform administration.

6. Sharing and service providers

We may use reputable service providers to host, secure, store, send, or process platform information, including cloud hosting, database, file storage, email delivery, payment, monitoring, and support providers. We require service providers to process information only for authorised purposes and to apply appropriate safeguards.

We may disclose information where required by law, court order, regulatory request, or where reasonably necessary to protect rights, safety, security, or platform integrity.

7. Security safeguards

We use reasonable technical and organisational measures to protect personal information against loss, unauthorised access, disclosure, alteration, and misuse. These measures include practice scoping, user roles, audit logs, encrypted transport, controlled production access, backups, and secure file storage.

Practices must also maintain appropriate safeguards, including staff confidentiality, device security, password discipline, accurate roles, and timely removal of users who should no longer have access.

8. Retention

Practice data is retained while the practice uses iKambi Health and as needed for legal, audit, billing, backup, support, and continuity purposes. Practices are responsible for their statutory and professional healthcare record-retention duties.

Where deletion, export, or correction is requested, we will support the practice according to the platform’s available tools, legal obligations, and reasonable technical constraints.

9. Data subject requests

Patients should usually contact their healthcare practice first, because the practice controls the patient relationship and is generally the responsible party for patient records. Where iKambi Health receives a request about practice-controlled patient data, we may refer it to the relevant practice or assist the practice in responding.

For information iKambi Health controls directly, you may contact hello@ikambihealth.com to request access, correction, deletion, restriction, or information about processing.

10. Contact

Privacy questions, support requests, and security concerns can be sent to hello@ikambihealth.com.