Privacy Policy

1. Introduction

TheraLog ("we", "us", "our") is committed to protecting the privacy and security of the healthcare professionals ("Practitioners") who use our platform, as well as the sensitive health information of their patients.

This Privacy Policy explains how we collect, process, and protect data in accordance with the Protection of Personal Information Act (POPIA) of South Africa.

In the context of POPIA:

• The Practitioner is the Responsible Party (determining the purpose and means of processing patient data).
• TheraLog acts as the Operator (processing data on the Practitioner's behalf).

2. Client-Side Encryption and Zero-Knowledge Design

TheraLog is designed using a client-side encryption model. When a Practitioner creates or edits a clinical session note, the note is encrypted locally within the Practitioner's browser before it is stored or transmitted.

Encryption is performed using AES-256-GCM. The encryption key is derived locally from the Practitioner's 4-digit Secure Session PIN using PBKDF2 together with a cryptographic salt. The PIN itself is never transmitted to or stored on TheraLog's servers.

Only encrypted ciphertext (together with associated cryptographic metadata such as initialization vectors and authentication tags) is synchronized to our backend infrastructure.

TheraLog does not store Secure Session PINs and does not provide PIN recovery functionality. If a Practitioner forgets their PIN and loses access to their local key material, encrypted clinical notes cannot be recovered.

3. Information We Collect

A. Practitioner Data

• Name
• Email address
• Practice name
• HPCSA/BHF practice number
• Professional specialty

B. Authentication Data

• Secure JWT tokens for session management

We do not store Secure Session PINs.

C. Patient Data (Processed on Your Behalf)

• Demographics (names, ID numbers, contact details, addresses)
• Medical aid details
• Encrypted clinical session notes
• Safety plans and treatment plans
• Intake form responses submitted by patients
• Uploaded patient documents (PDFs and images, Paperless plan)
• Session audio recordings (Paperless plan only — see Section 5 for how these are handled)

Clinical notes are stored server-side only as encrypted ciphertext.

Patient documents are stored in encrypted cloud storage provided by Cloudflare, Inc. (see Section 5).

D. Payment Information

TheraLog does not collect or store credit card information. Subscription payments are processed securely through PayFast (Pty) Ltd, a PCI-DSS compliant South African payment gateway.

4. Offline Storage & Synchronization

TheraLog is an offline-first application. When disconnected from the internet, data is stored locally within the device's browser storage environment. When connectivity is restored, encrypted data is synchronized with TheraLog's cloud infrastructure.

5. AI Processing and Third-Party Sub-Processors

TheraLog uses the following third-party services to deliver features of the platform. Where these services process personal or patient-related data, they act as sub-processors under our instruction.

A. Google Gemini (AI Features)

TheraLog uses Google Gemini, an AI service operated by Google LLC (United States), to power AI-assisted note writing and — on the Paperless plan — session audio transcription.

• Note drafting: When a Practitioner requests an AI-generated note draft, the text content of the note (bullet points or partial notes) is transmitted to Google Gemini for processing and returned as a structured draft.
• Session recording transcription (Paperless plan only): When a Practitioner uses the session recording feature, the audio file is transmitted to Google Gemini for transcription into a structured clinical note. Audio files are automatically deleted from TheraLog's servers within 24 hours of the note being saved.

Practitioners should be aware that this constitutes a cross-border transfer of data to a processor located outside South Africa. Google's data processing is governed by their Data Processing Addendum and applicable data protection law. TheraLog does not permit Google to use this data for model training.

We recommend that Practitioners obtain appropriate consent from patients before using AI-assisted note writing or session recording features.

B. Cloudflare R2 (Document Storage)

Patient documents uploaded on the Paperless plan, as well as practice logos and letterheads, are stored using Cloudflare R2, a cloud storage service operated by Cloudflare, Inc. (United States). Documents are stored with server-side encryption and access is restricted to the authenticated Practitioner.

C. PayFast (Payments)

Subscription billing is processed by PayFast (Pty) Ltd, a PCI-DSS compliant South African payment gateway. TheraLog does not collect or store card details.

D. Email Delivery

Transactional emails (appointment confirmations, reminders, intake form links, and account notifications) are delivered via third-party email service providers. These providers process recipient email addresses and message content solely for delivery purposes.

7. Data Retention and Deletion

As a healthcare professional, you are subject to statutory record-keeping requirements (e.g., HPCSA guidelines requiring records be kept for a minimum of 6 years).

TheraLog will retain encrypted data for as long as your account is active. Upon termination, all associated data (including encrypted backups) will be permanently deleted from our active servers within 30 days.

8. Your Rights Under POPIA

• Request access to personal information we hold about you.
• Request correction or deletion of inaccurate data.
• Object to the processing of your personal information.
• Lodge a complaint with the Information Regulator of South Africa.

9. Contact

If you have questions about this Privacy Policy, our encryption standards, or POPIA compliance, please contact: