HealthReach
HealthReach

Privacy Policy

Last updated: 20 May 2026

1. Who we are

HEALTHREACH ("we", "us") operates the healthreachhub.lovable.app platform connecting patients, pharmacies, and drivers across South Africa. We comply with the Protection of Personal Information Act (POPIA, Act 4 of 2013).

2. Information we collect

  • Account data: name, email, phone, role.
  • Health data: prescriptions you upload, medication orders, reminders.
  • Location data: delivery addresses and (with consent) live location during delivery.
  • Payment data: card tokens via our payment provider — we never store full card numbers.

3. How we use your information

  • To fulfil your medication orders and route them to nearby pharmacies.
  • To verify prescriptions and prevent fraud.
  • To send order, delivery, and payment notifications.
  • To improve the platform and provide customer support.

4. Sharing your data

We share only what is necessary with the pharmacy fulfilling your order, the driver delivering it, and our payment processor. We never sell your data.

5. Data security

All data is encrypted in transit (TLS) and at rest. Access is restricted by Row Level Security and role-based controls. Prescription files are stored in private buckets accessible only to you and your chosen pharmacy.

6. Your rights under POPIA

You may access, correct, or delete your personal information at any time from your account settings, or by emailing privacy@healthreach.co.za. You may also lodge a complaint with the Information Regulator of South Africa.

7. Data retention

Health and order records are retained for 6 years as required by South African healthcare regulations. Account data is deleted within 30 days of account closure, except where law requires longer retention.

8. Contact

Information Officer — privacy@healthreach.co.za · Cape Town, South Africa.