Privacy Notice

Your healthcare practice is the responsible party for patient records, clinical notes, billing information, appointment information, and documents processed in AugHale.

AugHale acts as an operator/service provider for the practice where it stores, transmits, or helps process information on behalf of the practice.

For AugHale account, subscription, support, and platform security information, AugHale is the responsible party for that limited platform information.

Patient information may include names, contact details, ID/passport details, date of birth, address, medical aid scheme, plan and membership number, appointment details, clinical notes, prescriptions, referrals, uploaded documents, consent records, and audit logs.

Practice user information may include name, email, role, organisation, professional registration details, subscription status, device/browser metadata, and support communications.

Information is processed to provide healthcare services, manage appointments, keep clinical records, communicate with patients, submit medical aid claims where applicable, support billing and subscriptions, secure the platform, comply with law, and investigate incidents or support requests.

Patient self-service portal links are purpose-limited. They are used for appointment viewing, confirmation, rescheduling, details updates, document uploads, cancellations, and waitlist preferences.

AugHale may use AI or OCR features to help draft summaries, extract document text, structure intake information, support automated consult workflows, or assist staff with operational tasks.

AI output must be reviewed by authorised practice staff before clinical reliance. The system is a workflow assistant and is not a substitute for professional medical judgement.

Where external AI services are used, only the information needed for the selected feature should be sent and the feature must be used under the practice instructions and applicable patient consent.

Supabase is used for database, authentication, storage, and related hosting services.

Brevo or similar communication providers may be used for appointment emails, reminders, transactional messages, and system notifications.

SMS providers may be used where SMS reminders or notifications are enabled.

Ozow may be used for subscription or billing payment flows. Patient payment handling is not part of the current self-service rescheduling improvements.

Other professional advisers, regulators, courts, medical schemes, referral providers, or claims partners may receive information where required for healthcare, claims, legal compliance, or authorised practice operations.

Some operators may store or process information outside South Africa. Where this occurs, AugHale and the practice must rely on appropriate contractual, technical, and organisational safeguards and only transfer information where POPIA permits it.

The practice remains responsible for ensuring its own operator agreements and patient notices are appropriate for its use of AugHale.

AugHale uses role-based access, row-level security patterns, rate limits, signed or tokenised links, expiry/revocation controls, audit logs, and storage controls to reduce unauthorised access risk.

Portal links are unique to an appointment and should not be forwarded to unauthorised persons. Expired, revoked, cancelled, or completed flows may no longer allow access.

Clinical records are retained for the period required by applicable healthcare, professional, claims, tax, contractual, and dispute-resolution duties.

Consent evidence, audit logs, payment/subscription records, and system security logs may be retained where needed to prove compliance, investigate incidents, or meet legal duties.

Information that is no longer required should be deleted, anonymised, or restricted where legally permitted.

Patients and users may request access, correction, deletion where legally permitted, objection to processing, restriction, or withdrawal of consent.

Some requests may be limited where records must be retained for healthcare, legal, regulatory, claims, or professional reasons.

Requests should be sent to the practice first for patient records. Platform account or AugHale support requests may be sent to support@aughale.com.

Suspected privacy or security incidents should be reported promptly to the practice and to AugHale support where the platform may be involved.

Practice Information Officer details should be supplied by each practice to its patients. If no practice-specific details are shown, contact the practice directly.

AugHale privacy contact: support@aughale.com.