Template notice: This policy is drafted to match the data-handling architecture described elsewhere on this site and is intended as a working draft. Before publishing it as your binding privacy policy, it should be reviewed by a qualified attorney or your Information Officer, particularly given that ClinicOps processes health information subject to the Information Regulator's 2026 Regulations on the Processing of Health Information.

On This Page

  1. Responsible Party
  2. Information We Collect
  3. Purpose of Processing
  4. Data Residency & Cross-Border Transfer
  5. RICA & Telephony Numbers
  6. AI Use in Clinical Workflows
  7. Retention
  8. Security Measures
  9. Your Rights as a Data Subject
  10. Complaints & the Information Regulator
  11. Contact & Information Officer

1. Responsible Party

ClinicOps is a product of Architected Systems (Pty) Ltd, a company registered in the Republic of South Africa (CIPC Registration 2026/210118/07). Architected Systems (Pty) Ltd is the responsible party for personal information processed through the ClinicOps platform, as defined under the Protection of Personal Information Act 4 of 2013 ("POPIA").

2. Information We Collect

Depending on how a practice or patient interacts with ClinicOps, we may process:

ClinicOps does not collect this information directly from patients on this website. Website form submissions (audit requests, onboarding inquiries) collect only the information a practice representative chooses to submit.

3. Purpose of Processing

Information is processed strictly to operate the communication and compliance infrastructure a practice has contracted for: call routing, automated triage, appointment scheduling, medical aid intake parsing, and the audit logging required to demonstrate compliance with POPIA and sector regulation. Information submitted through this website's audit request form is used solely to evaluate and respond to that request.

4. Data Residency & Cross-Border Transfer

In line with Section 72 of POPIA, persistent storage, call logging, and transaction reconciliation occur on infrastructure resident within the Republic of South Africa. ClinicOps does not route governed data through infrastructure domiciled in a foreign jurisdiction without a documented adequacy safeguard.

5. RICA & Telephony Numbers

The participating practice retains sole responsibility for the registration and RICA verification of any number (DID) connected to the platform. ClinicOps does not assume regulatory responsibility for numbers registered outside of its direct onboarding process.

6. AI Use in Clinical Workflows

Automated triage and conversational logic operate strictly within an administrative and scheduling capacity, in line with HPCSA Booklet 20. ClinicOps does not hold, claim, or imply clinical or diagnostic standing, and does not substitute for the judgement of a registered healthcare professional. Accountability for any clinical decision remains at all times with the treating practitioner.

7. Retention

Call logs, audit trails, and intake records are retained for the period required to fulfil the purpose they were collected for and to meet applicable regulatory record-keeping obligations, after which they are deleted or de-identified. Retention periods are set out in the service agreement executed with each practice.

8. Security Measures

ClinicOps applies technical and organisational measures — including single-tenant isolation, access controls, and audit logging — appropriate to the sensitivity of the information processed, consistent with the security safeguard obligations under POPIA Section 19.

9. Your Rights as a Data Subject

Subject to POPIA, a data subject has the right to:

Requests relating to personal information processed on behalf of a practice should generally be directed to that practice in the first instance, as the party with the direct patient relationship. Requests relating to this website may be directed to the contact below.

10. Complaints & the Information Regulator

If you believe your personal information has been processed unlawfully, you have the right to lodge a complaint with the Information Regulator of South Africa in addition to, or instead of, raising the matter with us directly.

11. Contact & Information Officer

Compliance and data protection queries relating to ClinicOps can be directed to governance@clinicops.co.za. General sales and onboarding queries can be directed to sales@clinicops.co.za.