How we handle your information.

Medicus is a telehealth platform operated by Playa Del Cristo (Pty) Ltd t/a Medicus (Reg: 2026/209959/07). Consultations are provided by Dr Eltanin James, an HPCSA-registered General Practitioner. Dr James is the responsible party for the processing of your personal information under POPIA.

Operating entity: Playa Del Cristo (Pty) Ltd t/a Medicus (Reg: 2026/209959/07)
Information Officer: Nicholas Moorcroft
Practitioner: Dr Eltanin James
HPCSA Registration: MP1006886
Practice Number: 1325523
Contact: hello@medicusforme.co.za

When you book and attend a consultation, we collect:

• Identity information: Full name, email address, phone number (with country dialling code), date of birth, sex, and residential address (suburb, town or city, and province)
• Identifier: South African ID number or passport number. This is required for the lawful issue of prescriptions and, where applicable, medical-aid claim invoices.
• Health information: Reason for visit (as provided by you), plus clinical information you share during the consultation
• Consent records: Timestamp, version of consent form, IP address, browser information, and a confirmation that you were physically in South Africa at the time of consultation
• Payment reference: PayFast transaction ID (we do not store card details)
• Technical data: IP address, user agent, collected automatically during booking
• Feedback: Optional star rating and comments about your consultation experience (if you choose to provide it)
• Behavioural analytics: Pages viewed and booking funnel events tagged with an anonymous browser identifier. We do not collect your IP address or any of the identity or health information above as part of analytics. See section 4 for the processor used, and section 11 to opt out.

Your date of birth and South African ID or passport number are considered special-category personal information under POPIA. They are subject to additional protection (see section 7) and are collected only because they are required for the lawful issue of prescriptions and medical-aid claim invoices.

We process your personal information to:

• Provide healthcare services to you, including the consultation itself, prescriptions, sick notes, and referrals
• Send accounts and other communications in respect of services rendered
• Send you booking confirmations and appointment reminders
• Process your payment
• Maintain audit and clinical record-keeping required by HPCSA, POPIA, and South African law
• Maintain an audit trail of informed consent
• Comply with other legal and regulatory requirements applicable to the practice
• Improve the quality of our telehealth service based on patient feedback

Providing your personal information is mandatory for the consultation to proceed. Without it, we cannot deliver the service.

Your personal information is shared with the following service providers, solely for the purposes described above:

• Vercel (application hosting and serverless compute), with our serverless functions configured to run in the Cape Town region (AWS af-south-1). Vercel receives and processes every request our application handles. Request payloads and brief function logs are processed transiently; no persistent storage of patient information happens on Vercel infrastructure.
• Supabase (database hosting), EU (Frankfurt, Germany)
• Daily.co(video calls), peer-to-peer encrypted calls. An in-call text chat is available as a fallback if audio or video are not working; chat messages are not stored on Daily’s servers and disappear when the call ends.
• PayFast (payments), South Africa
• Resend (email delivery), for confirmations and reminders
• Google Calendar(the doctor’s schedule), used only to block out the appointment time on the doctor’s calendar after payment. We share the appointment time and an opaque booking reference. We do not share your name, email, phone number, or reason for visit with Google Calendar.
• Google Drive(clinical records storage), within the practice’s Google Workspace, configured to the EU data region. The doctor’s clinical notes, sick notes, referral letters, and medical-aid claim invoices are stored in Dr James’s Drive. Access is restricted to Dr James and is protected by two-factor authentication.
• EMGuidance (electronic prescriptions), used by the doctor to issue prescriptions signed with an Advanced Electronic Signature and to transmit them to your chosen pharmacy.
• PostHog(product analytics), EU Cloud. Used to measure pages viewed and the booking funnel so we can improve the service. We do not call PostHog’s identify API; your IP address is dropped, and only an allowlist of non-personal event properties is sent. We do not use PostHog for marketing, advertising, or session replay.

Referrals. Where Dr James refers you to another healthcare practitioner or facility, she may share with that practitioner the personal and health information reasonably necessary for the continuity of your care. This includes the content of the referral letter itself, which carries the information that practitioner needs to assess and treat you. Disclosure for this purpose is permitted under Section 11(b) and Section 32 of POPIA.

Medicus may share your personal information with authorised third parties where there is a duty or right to disclose in terms of applicable legislation, where it is necessary to protect the rights of the practice, or where it is in the interests of the data subject.

We do not sell, rent, or share your personal information with any third parties for marketing purposes.

Server-side processing (our application code that handles bookings, consents, payments, and document creation) runs on Vercel’s serverless functions in Cape Town, South Africa (AWS af-south-1). No patient information is stored persistently on Vercel; only transient request and log data is processed in this region before being committed to the storage systems described below.

Your personal information is stored on secure servers in the European Union (Frankfurt, Germany) via Supabase. The EU provides data protection standards recognised as adequate.

Video consultations use peer-to-peer encrypted connections, meaning video data flows directly between you and the doctor without being stored on any server. The in-call text chat is similarly ephemeral: messages are not stored on the video provider’s servers and disappear when the call ends.

Payments are processed by PayFast, which is based in South Africa.

The appointment time and an opaque booking reference are stored on Google Calendar so the doctor’s schedule is up-to-date. The practice’s Google Workspace data region is set to Europe, so this data is held within the EU. No personal information (name, contact details, reason for visit) is shared with Google Calendar.

Clinical records (notes, sick notes, referral letters) are stored in Dr James’s Google Drive, within the practice’s Google Workspace, which is also configured to the European data region.

Behavioural analytics events are sent to PostHog’s EU Cloud instance.

By using Medicus, you explicitly consent to the transfer of your personal information outside of South Africa as permitted under Section 72 of POPIA.

Your consultation records are retained for a minimum of 25 years from the date of your last consultation, in line with the practice's record retention policy. Records may be retained for longer, or indefinitely, where required by law, where litigation or a complaint is pending or anticipated, or where continued retention is otherwise clinically or legally justified.

After the applicable retention period, records will be securely destroyed.

Payment records are retained in accordance with PayFast's retention policy and South African tax requirements.

This policy aims to prevent the unauthorised access to or use of your personal information. Our security controls and processes are reviewed on a regular basis to ensure that private information remains secure.

• All connections are encrypted with TLS (HTTPS)
• Database access is protected with Row Level Security policies
• Your date of birth and South African ID or passport number are additionally encrypted at the column level using AES-256-GCM, on top of the database’s encryption at rest. The encryption key is held separately from the database credentials, so a leak of either alone does not expose this information.
• Access to clinical records (Google Drive) is restricted to Dr James and protected by two-factor authentication
• Video calls are peer-to-peer encrypted and not recorded
• Secret keys are stored securely and never exposed to browsers
• We collect only the minimum data necessary

In the event that Medicus detects a security breach that compromises your personal information, we will notify you and the Information Regulator as required under POPIA. Notifications will describe what information was affected and the steps being taken to mitigate the impact.

You have the right to:

• Access your personal information held by us
• Correct any inaccurate personal information
• Delete your personal information (subject to legal retention requirements)
• Object to the processing of your personal information
• Lodge a complaint with the Information Regulator

To exercise any of these rights, please contact us at hello@medicusforme.co.za. We will respond within 30 days as required by POPIA.

If you are not satisfied with how we handle your personal information, you may lodge a complaint with the Information Regulator:

The Information Regulator (South Africa)
JD House, 27 Stiemens Street, Braamfontein, Johannesburg, 2001
P.O Box 31533, Braamfontein, Johannesburg, 2017
Email: complaints.IR@justice.gov.za
Tel: 010 023 5207

We may update this privacy policy from time to time. Any changes will be posted on this page with an updated “Last updated” date. We encourage you to review this policy periodically.

Medicus uses PostHog (EU Cloud) to measure pages viewed and the booking funnel so we can improve the service. The data we send is limited to non-personal events tagged with an anonymous browser identifier; your IP address, name, email, phone number, reason for visit, and booking ID are never sent. PostHog is not used for marketing, advertising, or session replay.

If you would prefer not to be included in analytics, you can turn it off for this browser below. Your preference is stored locally in your browser only.