Privacy Policy

1. Introduction

Mpilonde is a cloud-based medical operations and practice management platform operated by Mpilonde ("Mpilonde", "we", "us", or "our"), accessible at mpilonde.co.za.

Mpilonde is operated from South Africa and is subject to the Protection of Personal Information Act, 4 of 2013 ("POPIA"). We are committed to responsible handling of personal information in accordance with applicable data protection law.

This Privacy Policy applies to all individuals and organisations who access or use the Mpilonde platform, including account administrators, practitioners, staff members, and any person whose information is entered into the system by a subscribing organisation.

2. Definitions

For the purposes of this Privacy Policy, the following definitions apply:

• Platform — the Mpilonde cloud-based medical operations system and all associated services.
• Customer — an organisation or individual that has subscribed to use the Platform.
• Data Controller — the party that determines the purposes and means of processing personal information. In the context of the Platform, the Customer is the Data Controller in respect of patient and staff data entered into the system.
• Data Processor — the party that processes personal information on behalf of a Data Controller. Mpilonde acts as a Data Processor in respect of data entered by Customers.
• Personal Information — any information relating to an identified or identifiable natural person.
• Processing — any operation performed on personal information, including collection, storage, use, disclosure, and deletion.
• Sub-Processor — a third party engaged by Mpilonde to assist in processing personal information on behalf of Customers.

3. Information We Collect

3.1 Account and Organisation Information

When a Customer registers for Mpilonde, we collect:

• Organisation name and type
• Contact name, email address, and telephone number
• Billing email address and payment reference information
• Plan selection and billing cycle preferences

3.2 User Account Information

For each user added to the Platform, we collect:

• Name and email address
• Role and access permissions as configured by the Customer
• Login activity and session data

3.3 Patient and Clinical Data

Customers may enter patient records, clinical notes, documents, and related health information into the Platform. This information is entered by the Customer and is controlled by the Customer as Data Controller. Mpilonde processes this data solely to provide the Platform services and does not use it for any independent purpose.

3.4 Technical and Usage Data

We automatically collect certain technical information when you use the Platform, including:

• IP address and browser type
• Device and operating system information
• Pages visited and features used
• Error logs and system performance data

This information is used to operate, maintain, and improve the Platform.

3.5 Payment Information

Subscription payments are processed by PayFast. Mpilonde does not collect, store, or have access to full payment card details. We retain only transaction references and billing confirmation records for account management purposes.

4. How We Use Information

We use the information we collect for the following purposes:

• To provision, operate, and maintain the Platform and all associated services
• To authenticate users and manage account access
• To process subscription payments and manage billing
• To send transactional communications, including account confirmations, billing notices, and service notifications
• To respond to support requests and provide customer service
• To detect and prevent fraud, unauthorised access, and security incidents
• To comply with applicable legal obligations
• To improve the performance, reliability, and features of the Platform

Mpilonde does not sell personal information to third parties. We do not use patient or clinical data entered by Customers for any purpose other than service delivery.

5. Legal Basis for Processing

We process personal information on the following bases:

5.1 Contractual Necessity

Processing is necessary to perform our agreement with the Customer, including account provisioning, billing, and Platform delivery.

5.2 Legitimate Interest

We process certain technical and operational data to maintain the security, stability, and performance of the Platform. This processing is necessary for our legitimate business interests and does not override the rights of data subjects.

5.3 Legal Obligation

We may be required to process personal information to comply with applicable laws, court orders, or regulatory requirements.

5.4 Consent (where applicable)

Where consent is the applicable basis, we will obtain it prior to processing and will respect any withdrawal of consent. Customers are responsible for obtaining appropriate consent from their patients and staff where required by applicable law.

6. Data Hosting and Security

6.1 Hosting Infrastructure

The Platform is hosted on Microsoft Azure infrastructure. Our primary data centre region is Azure South Africa North (Johannesburg, South Africa). Data is stored using Azure managed database and cloud storage services.

6.2 Backup and Redundancy

Mpilonde maintains backups of Platform data in accordance with standard cloud infrastructure practices. Backup copies are retained for operational continuity purposes and may persist temporarily beyond the deletion of active account data. Backup copies are not subject to the same immediate deletion guarantees as active data.

6.3 Security Measures

We implement technical and organisational security measures including:

• Encrypted data transmission using industry-standard TLS protocols
• Encrypted data at rest using AES-256
• Role-based access controls limiting access to authorised users only
• Tenant data isolation preventing cross-organisation data access
• Secure authentication and password hashing practices
• Activity logging for security and audit purposes
• OTP-based identity verification for secure patient file transfers

No system is entirely free from risk. While we implement appropriate security measures, we cannot guarantee absolute security of information transmitted over the internet or stored in cloud systems.

6A. Patient File Transfers

Mpilonde includes a secure patient file transfer feature that allows practitioners to share selected patient documents with external healthcare professionals for the purposes of referrals or shared care.

When you initiate a file transfer:

• You select the specific content to be shared.
• You define the recipient's access level: view only or view and download.
• The recipient must verify their identity using a one-time passcode (OTP) sent to their email address before accessing any shared documents.
• Transfer links are time-limited and expire automatically.
• All transfer activity is logged for audit purposes.

The practitioner initiating the transfer remains responsible for ensuring that the sharing of patient information is lawful, clinically appropriate, and compliant with applicable data protection and healthcare legislation. Mpilonde does not verify the clinical appropriateness of any transfer.

Mpilonde does not sell, rent, or use patient data for advertising or marketing purposes. No advertising tracking is applied to patient records or transfer activity.

7. Data Sharing and Sub-Processors

Mpilonde may share personal information with the following categories of recipients:

7.1 Infrastructure and Cloud Services

Microsoft Azure — cloud hosting, database storage, and blob storage services. Data processed by Microsoft is subject to Microsoft's data protection commitments and the applicable Microsoft Products and Services Data Protection Addendum.

7.2 Payment Processing

PayFast — subscription payments are processed by PayFast (Pty) Ltd. When you make a payment, you are subject to PayFast's privacy policy and terms of service. Mpilonde shares only the information necessary to process the transaction. Mpilonde does not receive or store full payment card details. Charges may appear on your statement under the merchant name Felonk - Mpilonde - iRunSA.

7.3 Legal and Regulatory Disclosure

We may disclose personal information where required by law, court order, or lawful request by a competent authority, and where disclosure is necessary to protect the rights, property, or safety of Mpilonde, our Customers, or others.

7.4 Business Transfers

In the event of a merger, acquisition, restructuring, or sale of assets, personal information held by Mpilonde may be transferred to the successor entity. We will notify affected Customers of any such transfer in accordance with applicable law.

Mpilonde does not sell, rent, or trade personal information to third parties for marketing purposes.

8. International Data Transfers

Our primary hosting infrastructure is located in South Africa. However, some sub-processors and supporting services may involve processing in other regions. Where cross-border transfers of personal information occur, we take steps to ensure that appropriate safeguards are in place, consistent with applicable data protection law.

By using the Platform, you acknowledge that your data may be transferred to and processed in countries other than your country of residence where data protection laws may differ.

9. Data Retention

9.1 Active Accounts

While a Customer maintains an active subscription, all data entered into the Platform is retained and accessible to authorised users of that account.

9.2 Trial Expiry and Non-Payment

If a trial period expires without activation of a paid subscription, or if a paid subscription lapses due to non-payment, the following applies:

• Access to the account is restricted immediately upon expiry or lapse.
• Account data is retained securely and is not deleted automatically.
• Accounts that remain overdue for more than 90 calendar days are eligible for administrator review. The Customer will be contacted before any data action is taken.
• The Customer may reactivate their subscription at any time to restore full access.
• The Customer may request an export of their data by contacting support@mpilonde.co.za.

9.3 Account Information

Basic account registration and billing records may be retained after account deletion for the period required by applicable law or for legitimate business purposes, including dispute resolution and audit requirements.

10. Data Deletion

Customers who wish to request deletion of their account data may do so by contacting support@mpilonde.co.za. Deletion requests will be processed within a reasonable timeframe.

Customers are encouraged to request a data export if they require a copy of their data following account restriction. Mpilonde is not responsible for data that is irrecoverably deleted following administrator review after the retention period.

11. Customer Responsibilities

Mpilonde acts as a Data Processor on behalf of each subscribing Customer. The Customer, as Data Controller, is solely responsible for:

• Ensuring that their collection and use of personal information through the Platform complies with applicable data protection and healthcare laws in their jurisdiction.
• Obtaining all necessary consents and authorisations from patients, staff, and other individuals whose personal information is entered into the Platform.
• Responding to data subject requests made by their patients and staff in connection with data processed through the Platform.
• Maintaining appropriate internal data handling policies and procedures.
• Requesting data exports within the applicable retention window where required.

Mpilonde does not provide legal or regulatory compliance advice. Customers should consult qualified legal counsel to ensure their use of the Platform is compliant with all applicable laws.

12. Data Subject Rights

Individuals whose personal information is processed through the Platform may have rights under applicable data protection law, including rights of access, correction, deletion, and objection to processing.

As Mpilonde acts as a Data Processor, requests from individual data subjects relating to personal information controlled by a Customer should in the first instance be directed to the relevant Customer organisation. Mpilonde will cooperate with Customers in responding to such requests as required by applicable law.

For requests relating to information held by Mpilonde in its capacity as a Data Controller (such as account registration data), please contact us at support@mpilonde.co.za.

13. Security Measures

We implement reasonable technical and organisational measures to protect personal information against unauthorised access, accidental loss, alteration, or disclosure. These measures include, but are not limited to, encryption of data in transit, access controls, and system monitoring.

While we take security seriously, no online system can be guaranteed to be completely secure. We encourage Customers to maintain strong passwords, control user access levels, and report any suspected security incidents promptly to security@mpilonde.co.za.

14. Cookies and Tracking

The Platform uses cookies and similar technologies to support authenticated sessions, maintain user preferences, and ensure the security and functionality of the service.

14.1 Necessary Cookies (always active)

The following cookies are essential for the operation of the service and cannot be disabled:

• .AspNetCore.Identity.Application — authentication session cookie. Required for login and access control.
• __RequestVerificationToken — CSRF protection. Required for all form submissions.
• mpilonde_vid — persistent anonymous visitor identifier (GUID). Used for internal product analytics to count unique visitors and measure feature adoption. No personal information is stored in this cookie. Your IP address is never stored; a one-way hash (SHA-256 with a server-side salt) is computed and retained for security purposes only.
• mpilonde_sid — session identifier. Used to group page views within a single browsing session for product analytics. Expires when the browser is closed.

14.2 Internal Product Analytics

Mpilonde collects internal product analytics to understand how the Platform is used and to improve its features. This analytics is conducted using our own infrastructure hosted in South Africa and is not shared with third parties.

What we collect for internal analytics:

• Page path visited (e.g., /Dashboard/Subscription) — never patient record paths
• Timestamp of the visit
• Device type (Mobile / Tablet / Desktop) derived from the browser User-Agent
• A hashed representation of your IP address (SHA-256, server-side salt) — the raw IP is never stored
• Anonymous visitor ID and session ID (from the cookies described above)
• Whether you are authenticated, your user ID, and your organisation (tenant) ID — so we can measure feature usage per practice
• Named business events such as signup_started, signup_completed, payment_success — with no patient content

Patient data, patient identifiers, document names, diagnosis codes, prescription content, and invoice numbers are never collected in analytics.

14.3 Google Analytics 4 (GA4) — optional

We use Google Analytics 4 to understand how visitors discover and use our public-facing website (landing page, pricing, and sign-up flow). GA4 is only loaded if you have accepted analytics cookies via our cookie consent banner. By default, only necessary cookies are active.

When GA4 is active, anonymous usage data is sent to Google LLC, which may process it in various countries including the United States. Mpilonde does not send any personal information, patient data, or authenticated user content to GA4. IP anonymisation is enabled.

You can review Google's privacy policy at policies.google.com/privacy.

14.4 Cookie Consent

When you first visit the Mpilonde website, a cookie consent banner is displayed. You may choose to:

• Accept all — enables both necessary and optional analytics cookies (GA4).
• Necessary only — disables GA4 and other optional cookies. Only service-essential cookies remain active.
• Customize — select individual cookie categories.

Your preference is stored in a cookie named mpilonde_consent. You can change your preference at any time by clearing this cookie or visiting the consent panel.

Browser-level cookie controls may also be used to manage or delete cookies at any time, although this may affect your ability to use authenticated features of the Platform.

15. Third-Party Services

The Platform integrates with the following third-party services, each subject to its own privacy policy:

• Microsoft Azure — cloud infrastructure and storage. privacy.microsoft.com
• PayFast — payment processing. payfast.co.za/privacy-policy

Mpilonde is not responsible for the privacy practices of third-party services. We encourage you to review their respective privacy policies.

16. Children's Information

Mpilonde is a professional platform intended for use by healthcare organisations and their authorised staff. The Platform is not directed at children under the age of 18.

Where a Customer uses the Platform to manage clinical records involving minor patients, the Customer is responsible for ensuring that all applicable parental or guardian consent requirements are met under applicable law. Mpilonde processes such data solely as a Data Processor at the direction of the Customer.

17. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or Platform features. When we make material changes, we will notify subscribing Customers by email to the registered account email address, and update the "Last Updated" date at the top of this page.

Continued use of the Platform after the effective date of any changes constitutes acceptance of the updated Privacy Policy. If you do not agree to the revised policy, you should discontinue use of the Platform.

18. Contact Information

For questions, concerns, or requests relating to this Privacy Policy or the handling of personal information, please contact us:

Last Updated: 1 March 2026