Last updated · April 2026

Privacy policy

SurgiLink is built for South African medical professionals. This policy describes what we collect, why, and your rights under the Protection of Personal Information Act (POPIA). SurgiLink is in pilot; full POPIA compliance (registered Information Officer, processor agreements with all sub-processors, external legal review) is being completed ahead of general availability.

Questions or concerns: privacy@surgilink.co.za

01

Who we are

SurgiLink is operated by its founders in Cape Town, South Africa. For questions about your data, email privacy@surgilink.co.za. Our Information Officer (as required by POPIA) is currently Jacques de Villiers.

02

What we collect

Surgeons

  • Name, email, phone (SA format)
  • Primary hospital affiliation
  • Cases you post: hospital, date, time, case type, notes

Specialists

  • Name, email, mobile number
  • HPCSA registration number (for manual verification)
  • Specialty, city
  • Bids you place on cases

All users

  • Sign-in timestamps
  • Notification delivery logs (when we sent email or SMS to you and whether you clicked)

We do not collect patient information. Surgeons are explicitly warned not to include identifying patient details in case notes.

03

Why we collect it

  • Matching. Specialty, city, HPCSA and verification status are used to route case notifications to the right specialists.
  • Delivery. Email addresses are used for case notifications and state changes. Phone numbers are shared with the surgeon once they accept your response so they can reach you directly on WhatsApp or voice.
  • Trust. HPCSA numbers are manually verified against the public HPCSA register before a specialist can receive case notifications.
  • Audit. We keep a log of acceptance decisions and admin verification actions for accountability.
04

Who sees your data

  • Surgeons see: their own cases; bids on their own cases; bidder name, specialty, HPCSA number, and verified status.
  • Specialists see: open cases matching their specialty in their city; their own bids; surgeon name and verified status on case pages.
  • Admins see: everything, including unverified accounts awaiting approval. Admin actions are logged.
  • Third parties: Supabase (database, hosted in Europe or South Africa), Vercel (hosting), Resend (email delivery), Sentry (error tracking). Each is covered by its own data processor agreement.
05

Retention

  • Cases are purged 12 months after the case date.
  • Bid notes are purged 6 months after the case.
  • Your account remains active until you delete it.
  • Audit rows (acceptance + admin actions) are retained for 24 months for accountability.
06

Your rights under POPIA

  • Access. Request a full export of your data from Settings > Your data.
  • Correction. Edit your profile fields at any time. For corrections to audit data, email us.
  • Deletion. Request account deletion from Settings > Your data. We will delete or anonymise your data within 30 days, except audit rows we're required to retain.
  • Objection. You can opt out of notifications at any time from your account settings.
  • Complaint.If we haven't responded to your request satisfactorily, you may complain to the Information Regulator South Africa at inforegulator.org.za.
07

Security

Data is encrypted in transit (HTTPS) and at rest (Supabase managed Postgres). We use Row Level Security so users can only see data they're authorised to see. Admin actions are logged. Twilio webhooks are signature-verified.

08

Changes

We'll notify you by email before material changes to this policy.

Export or delete your data →privacy@surgilink.co.za