Privacy Policy

Aloe Clinic is the responsible party for personal information processed through this booking app, unless another responsible party is clearly identified for a specific service. This policy is intended to be read with our Terms of Use and PAIA Manual.

Please use the clinic's current published contact details for privacy requests until a dedicated information officer address is published in this app.

• Patient booking details, including name, contact details, appointment type, chosen practitioner, appointment date and time, booking status, and booking reference.
• Information entered by clinic staff when creating or managing a booking, including patient contact details, notes needed for appointment administration, POPIA consent records, and booking activity history.
• Staff account details, including name, email address, approved role, Google sign-in profile information, session data, and access audit records.
• Calendar integration data, including practitioner calendar identifiers, Google Calendar event IDs, sync status, and encrypted Google OAuth tokens used to check availability and mirror bookings.
• Basic technical information needed for security, diagnostics, and session management, such as browser or device metadata, IP address, request timestamps, and authentication session records.

Appointment information may reveal health-related information. Aloe Clinic treats this as sensitive information and uses it only for booking, care coordination, clinic administration, legal compliance, safety, and recordkeeping.

The public booking form is not an emergency service and should not be used to submit urgent symptoms or unnecessary medical details.

• To display available appointment times and confirm bookings.
• To contact patients about appointments, changes, cancellations, or follow-up administration.
• To maintain clinic records, audit logs, and operational reports.
• To allow approved staff to sign in, manage appointments, and connect practitioner calendars.
• To check practitioner availability through Google Calendar and create or update calendar events.
• To protect the app, prevent unauthorised access, investigate errors, and enforce clinic policies.
• To comply with POPIA, PAIA, healthcare recordkeeping duties, court orders, regulator requests, and other laws that apply to the clinic.

The booking form asks for POPIA consent because the clinic needs personal information to manage your appointment. If you do not provide the required booking details or consent, the clinic may be unable to confirm or administer the appointment through this app.

Where the law allows, you may withdraw consent or object to processing. This will not affect processing that already took place lawfully, and it may not require deletion of records the clinic must keep by law.

Aloe Clinic may share personal information only where appropriate for:

• Relevant practitioners, reception staff, administrators, and authorised clinic personnel.
• Google services used for staff sign-in, practitioner availability checks, and appointment calendar events.
• Database, hosting, security, support, and software providers that help operate the app.
• Professional advisers, regulators, law enforcement, courts, or public bodies where required or permitted by law.
• Another responsible party if the clinic restructures, transfers this app, or changes the provider responsible for the service.

Aloe Clinic does not sell patient personal information. We do not share patient information with insurers or medical schemes unless the patient authorises it, the clinic needs to do so for care or administration, or the law requires it.

The app may use cloud infrastructure, database providers, deployment providers, and Google services. Depending on how the production app is hosted, personal information may be stored or processed outside South Africa. Aloe Clinic should use service providers and safeguards that are appropriate for POPIA and the sensitivity of clinic records.

Aloe Clinic keeps personal information only for as long as needed for booking administration, clinic operations, audit and security purposes, legal claims, healthcare recordkeeping, and other legal obligations. Some healthcare and business records may need to be kept even after an appointment has ended or a deletion request is made.

The app uses role-based access control for staff pages, approved Google email checks for account creation, encrypted Google OAuth tokens, audit logs for sensitive actions, and server-side booking validation. No internet service can be guaranteed to be completely secure, so the clinic should keep production secrets, infrastructure access, and staff accounts under regular review.

Subject to applicable law, you may ask Aloe Clinic to confirm whether it holds your personal information, give you access to it, correct or update it, delete it where deletion is lawful, object to certain processing, or explain how it has been used. The clinic may need to verify your identity before acting on a request.

You may also complain to South Africa's Information Regulator if you believe your personal information has not been handled lawfully.

Aloe Clinic uses essential cookies and similar browser storage to make this app work securely. These may include staff authentication session cookies, security-related tokens, and a local browser setting that remembers whether you have acknowledged the cookie notice.

Google may also use cookies when approved staff sign in with Google or connect a practitioner calendar. Those Google services are governed by Google's own privacy and cookie controls.

This app does not currently use advertising or marketing cookies. If analytics, advertising, or optional tracking tools are added later, this policy and the cookie notice should be updated before those tools are enabled.

You can block or delete cookies in your browser settings, but some features, especially staff sign-in and protected clinic administration, may stop working correctly.