Privacy Policy

1. Information We Collect

1.1 Personal Information

We collect personal information that you voluntarily provide when:

• Creating an account (name, email address, phone number)
• Setting up your practice profile (practice name, address, registration numbers)
• Subscribing to our services (billing information)
• Contacting our support team

1.2 Practice and Compliance Data

When using our Service, you may upload or create:

• Compliance documents and certificates
• Employee information for team management
• Task and logbook entries
• Training records
• Leave and payroll information
• Complaints and adverse event records

1.3 Automatically Collected Information

We automatically collect certain information when you use the Service:

• Device information (browser type, operating system)
• IP address and general location data
• Usage data (pages visited, features used, time spent)
• Cookies and similar tracking technologies

2. How We Use Your Information

We use the collected information for:

• Providing the Service
  To operate and maintain the platform, manage your account, and process payments
• Communication
  To send you important updates, security alerts, and support messages
• Reminders and Notifications
  To send document expiry reminders, task notifications, and compliance alerts
• Improvement
  To analyze usage patterns and improve the Service
• Security
  To protect against unauthorized access and ensure data integrity
• Legal Compliance
  To comply with legal obligations and respond to lawful requests

3. Data Storage and Security

3.1 Data Location

Your data is stored on secure servers provided by our hosting partners. We use industry-standard security measures to protect your data.

3.2 Security Measures

We implement comprehensive security measures including:

• 256-bit SSL/TLS encryption for all data in transit
• Encryption at rest for stored data
• Regular security audits and vulnerability assessments
• Multi-factor authentication options
• Role-based access controls
• Daily automated backups
• 99.9% uptime guarantee with redundant infrastructure

3.3 Data Retention

We retain your data for as long as your account is active or as needed to provide the Service. After account termination:

• We retain your data for 30 days to allow for data export or account reactivation
• After 30 days, personal data is deleted from our active systems
• Backup copies may be retained for up to 90 days for disaster recovery purposes
• Certain data may be retained longer if required by law or for legitimate business purposes

4. Information Sharing

4.1 Third-Party Service Providers

We may share information with trusted third parties who assist us in operating the Service:

• Payment Processing: Paddle processes subscription payments securely
• Cloud Infrastructure: Our hosting providers store and process data on our behalf
• Email Services: We use email providers to send notifications and communications
• Analytics: We use analytics tools to understand how the Service is used

All third-party providers are contractually obligated to protect your data and use it only for the purposes we specify.

4.2 Legal Requirements

We may disclose your information if required by law or in response to:

• Valid legal processes (subpoenas, court orders)
• Government requests from authorized authorities
• To protect our rights, property, or safety
• To investigate potential violations of our Terms

5. Your Rights Under POPIA

Under the Protection of Personal Information Act, you have the right to:

• Access
  Request a copy of the personal information we hold about you
• Correction
  Request correction of inaccurate or incomplete information
• Deletion
  Request deletion of your personal information (subject to legal requirements)
• Objection
  Object to certain processing of your personal information
• Data Portability
  Request your data in a structured, commonly used format
• Withdraw Consent
  Withdraw consent for processing where consent was the basis

To exercise these rights, please contact us at admin@verimedrix.com. We will respond to your request within 30 days.

6. Cookies and Tracking

6.1 What Are Cookies

Cookies are small text files stored on your device when you visit our website. They help us provide a better user experience.

6.2 Types of Cookies We Use

• Essential Cookies: Required for the Service to function (authentication, security)
• Functional Cookies: Remember your preferences and settings
• Analytics Cookies: Help us understand how you use the Service

6.3 Managing Cookies

You can control cookies through your browser settings. Note that disabling essential cookies may affect the functionality of the Service.

7. Children's Privacy

The Service is not intended for individuals under 18 years of age. We do not knowingly collect personal information from children.

If you believe we have collected information from a child, please contact us immediately.

8. International Data Transfers

Your data may be transferred to and processed in countries outside South Africa where our service providers operate.

We ensure appropriate safeguards are in place to protect your data in accordance with POPIA requirements.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on this page and updating the "Last updated" date.

We encourage you to review this policy periodically.

10. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us: