This compliance statement is being finalised with legal counsel. The content below outlines our current POPIA posture. A full legally reviewed version will replace this prior to public launch.
Practora is designed from the ground up to comply with the Protection of Personal Information Act, 2013 (POPIA). As a platform handling sensitive medical data, we treat data protection as a core architectural requirement, not an afterthought.
Every action in Practora is logged in an immutable audit trail: who accessed what data, when, and what changes were made. Practice administrators have full visibility into all user activity.
Patient data is processed solely for healthcare administration purposes as directed by the subscribing practice. Data is never used for marketing, advertising, profiling, or AI model training.
Data is collected and retained for the specific purpose of managing patient care within the subscribing practice. Retention follows South African medical record requirements (minimum 5 years after last consultation).
Patient data is not shared with third parties except AI service providers for clinical decision support features, where data is encrypted in transit and processed ephemerally (not stored).
Practices can update, correct, and maintain patient records at any time. The system includes validation (SA ID Luhn checks, medical aid number validation) to help ensure data accuracy.
Our Privacy Policy and this POPIA statement are publicly available. Patients may enquire about their data through their medical practice.
Practices can export all patient data and delete patient records upon request, supporting the data subject's right to access and erasure.
Information Officer: hello@practora.co.za
Last updated: March 2026