1. Introduction
Baselayer.med ("we", "our", or "us") is committed to protecting your personal information in accordance with the Protection of Personal Information Act 4 of 2013 ("POPIA") and other applicable data protection laws.
This Privacy Policy explains how we collect, use, store, share and protect personal information when practices and their staff use our cloud-based practice management platform (the "Platform"). The Platform serves dental, general practitioner, biokineticist, psychology, anaesthetic and aesthetic practices, and includes consent and clinical document generation, appointment scheduling, dental charting, body charting, observation charts, injection mapping, patient records, a built-in billing engine, optional accounting and medical-aid integrations, practice analytics, AI-powered tools, telehealth video consultations on supported verticals (currently general practitioner, psychology, anaesthetics and aesthetics), and patient communications.
2. Information We Collect
We collect the following categories of personal information:
- Identity Information: Full name, title/gender, SA ID number, passport number, date of birth, file number
- Contact Information: Phone number, email address, physical address, WhatsApp number, emergency contact details
- Guardian Information: For child / dependant patients, guardian name, contact details, ID number and relationship
- Medical Information: Medical history, allergies, current medications, medical conditions, pregnancy/bleeding flags, medical aid details (scheme, plan, member number, dependant code, main member)
- Biometric Information: Digital signature and (where the patient has been photographed by the practice) patient photographs
- Clinical and Treatment Information: Treatment type, procedure details, consent records, clinical findings, recommendations, referral details, dental implant data, medical certificates, lab work specifications, and patient reports
- Patient Photographs & Imagery: Intra-oral photographs, before/after photographs and other clinical images uploaded by the practice and linked to a patient's file
- Dental Charting Data: Odontogram and periodontal charts, including per-tooth marks, surfaces, conditions, layers (existing / proposed / completed), pocket depths, furcations, mobility and chart-level summary notes
- Clinical Overview: Patient history notes, follow-ups, phone-call notes, general notes, visit records and (where enabled for the vertical) charting data authored or maintained by Practitioners within the Clinical Overview feature
- Voice Recordings (transient): Audio captured by the in-app dictation feature is sent to a third-party transcription service to produce text. Audio is not retained by Baselayer.med after transcription
- Telehealth Session Metadata: Where the practice uses the telehealth video consultation feature on a supported vertical, we record session metadata such as the linked appointment, the practitioner, the patient name and join token, scheduled start and end times, actual start, join and end timestamps, the duration of the session, whether the patient consented to recording (and the timestamp of that consent), and basic technical signals required to establish and audit the call
- Telehealth Recordings (opt-in): Where the practice elects to record a telehealth session and the patient has consented for that session, the audio and video of the session is captured and stored as a recording file. Recordings are stored in our managed object storage scoped to the issuing practice. Where no recording is opted in, the live audio/video stream is delivered in real time through the telehealth video provider and is not retained by Baselayer.med
- Telehealth Transcripts & AI-drafted SOAP Notes: Where the practice instructs the platform to transcribe a telehealth recording, the recording is sent to a third-party speech-to-text provider to produce a transcript, and the transcript may then be summarised by an AI provider into a draft SOAP / clinical note for the practitioner to review, edit and accept
- Appointment Data: Appointment dates, times, doctor assignments, appointment types, recurrence, patient names, contact details and appointment notes (including a flag for telehealth appointments); reminder delivery status
- Stock-Take Data: Stock categories, items, opening/added/sold/practice-use counts and (where the practice tracks bookings) the patient name linked to a stock booking
- Practice Tasks: Weekly task lists with content and authoring metadata
- Billing & Financial Information: Quotes, invoices and payment records created in the built-in Baselayer Billing engine or via a connected external accounting service; line items, dental/medical procedure codes, ICD-10 codes, tariff amounts, tax, due dates, balances and patient billing details
- Medical Aid Claim Data: Where the practice submits electronic claims via a medical-aid switching service, claim payloads include patient identity, scheme/plan/member/dependant codes, treatment codes, ICD-10 codes, amounts, destination codes and the resulting acknowledgement / rejection / status response
- Saved Payment Card Data: Card number, cardholder name, bank, card type and expiry date stored for autofill on supplier forms (CVV/CVC is never stored)
- Subscription & Payment Data: When a practice subscribes to Baselayer.med, our subscription provider collects bank account / card mandate data and processes recurring debit orders or card payments. We retain subscription status, plan, billing dates, mandate references and invoice records
- Communication Data: Email and WhatsApp messages sent by the platform on behalf of the practice (patient instructions, appointment reminders, document delivery)
- Account & Authentication Data: User name, email, role, practice membership, hashed password (held by the authentication provider), session tokens and password-reset metadata
- Practice Configuration: Practice name, logo, vertical (dental / GP / biokinetics / psychology / anaesthetics / aesthetics), form customisations, instruction templates, role assignments, directories (specialists, medications, labs)
- Technical & Audit Information: Device type, browser, IP address, timestamps, activity logs (which document was created, viewed, sent, or modified, and by whom) and AI-agent invocation logs
- Marketing Information (opt-in only): Email address and source for newsletter subscribers, and demo-booking conversations conducted via WhatsApp
3. Purpose of Collection
We collect personal information for the following purposes:
- To obtain, record and store informed consent for medical and dental treatments
- To enable healthcare providers to maintain patient records, charts and visit history
- To generate clinical documents (consent forms, prescription scripts, referrals, lab forms, implant reports, medical certificates, patient reports and post-operative instructions)
- To create and store dental charting records (odontogram and periodontal charts) and link them to patient files
- To capture and store patient photographs and imagery linked to a patient's file
- To provide voice dictation by transcribing audio captured in the app into text the practitioner can review
- To run an AI medication safety check that flags potential allergies, interactions, contraindications and pregnancy / bleeding risks against the patient's recorded profile
- To create, store, send and track quotes, invoices and payments using the built-in Baselayer Billing engine, and (optionally) to mirror those records into a connected external accounting service
- To submit electronic medical-aid claims and receive responses through a medical-aid switching service when the practice elects to do so
- To manage appointments, send appointment reminders by WhatsApp, and (optionally) sync practitioner calendars with a supported third-party calendar service
- To facilitate telehealth video consultations between a practitioner and a patient on supported verticals, including issuing the patient's join link, establishing the live audio and video connection through a third-party real-time video infrastructure provider, and logging session metadata for audit and billing purposes
- Where the practice elects to record a telehealth session and patient consent is obtained, to store the recording in our managed object storage and (on the practitioner's instruction) to transcribe it and generate an AI-drafted SOAP / clinical note for the practitioner's review
- To track practice stock levels and link stock bookings to patient visits where the practice has enabled that feature
- To send patient communications (documents, post-operative instructions, reminders) by email and WhatsApp
- To produce practice analytics — including aggregated dashboards on patient demographics, billing performance, treatment mix, team activity and retention — and (optionally) AI-generated narrative insights based on those aggregates
- To process subscription payments and recurring debit orders for the Platform subscription
- To provide the AI Writing Assistant and AI Chatbot features
- To maintain audit trails of data access and modifications for security and POPIA compliance
- To send marketing communications (newsletter) only to recipients who have explicitly opted in
- To comply with legal, regulatory and professional-body requirements
4. Legal Basis for Processing
We process your personal information based on:
- Consent: Patients provide explicit consent when submitting a consent form, and additional consent (e.g. for WhatsApp communications, photography or medical-aid claim submission) is captured by the treating practice where required
- Contract: Processing is necessary to deliver the practice management service contracted for by the subscribing practice and its users
- Legal Obligation: Healthcare providers are legally required to obtain and retain informed consent and to keep accurate medical records
- Legitimate Interest: Maintaining accurate medical records for patient safety, securing the Platform, preventing fraud, and providing essential analytics and audit trails to the practice
5. Data Storage and Security
Patient records, documents, charts, billing data and configuration are stored in Baselayer.med's managed cloud database and object storage, hosted on enterprise-grade infrastructure provided by our database, storage and hosting partners. Where the practice has connected an external accounting service, billing data may also be synced to that service.
Your information is protected through:
- Industry-standard encryption for all data in transit (HTTPS/TLS) and encryption at rest provided by our cloud database and storage partners
- A managed object-storage bucket holding all generated PDFs, photographs and uploaded files, scoped per practice and accessed only via short-lived signed URLs minted by authenticated server endpoints
- Database-level row isolation ensuring data belonging to one practice cannot be read or modified by another
- Authenticated API access requiring valid session tokens for every protected endpoint
- Practice membership verification ensuring users can only access data for their authorised practice
- Role-based access controls limiting data access to authorised users (admin, doctor / practitioner, hygienist / nurse / assistant, staff)
- Server-side-only access for sensitive data (e.g. payment card details and medical-aid switch credentials are never exposed to the browser)
- Browser security policies (CSP, HSTS and related headers) restricting which external resources can load
- Input validation, sanitisation of rich-text content, and rate limiting on all public and authenticated endpoints
- Comprehensive activity logging for document creation, sending and modification
- An immutable audit trail recording which user accessed or modified patient data, including IP address and timestamp
- An AI-agent invocation log recording every automated agent run, the model used, and a summary of the inputs and outputs
- Regular security assessments and dependency updates
Telehealth video and recordings.Live telehealth audio and video is delivered in real time through a third-party real-time video infrastructure provider on Baselayer.med's behalf. The live stream itself is not stored by Baselayer.med. Where the practice opts in to record a session and the patient has consented for that session, the resulting recording file is written to our managed object storage, scoped to the issuing practice, and is accessible only to authorised users via short-lived signed URLs minted by authenticated server endpoints.
Our hosting, database, storage, AI, messaging, accounting, real-time video and medical-aid switching partners may operate servers located outside South Africa. We require all such partners to apply equivalent data-protection standards and to process data only on documented instructions.
6. Data Retention
Consent forms, clinical records, charting data, patient notes, billing records and related medical records are retained for a minimum of 7 years from the date of treatment, or longer if required by law, by professional-body rules, or for ongoing medical care.
Voice recordings used for dictation are not retained: audio is streamed to the transcription service, the resulting text is returned to the practitioner, and the recording is discarded.
Audit logs and AI-agent invocation logs are retained for at least the same period as the underlying records they relate to.
Marketing newsletter subscribers can unsubscribe at any time, after which their record is deleted from the marketing audience.
After the applicable retention period, data will be securely deleted or anonymised.
7. Data Sharing and Sub-Processors
We share personal information only with the following categories of recipient, and only to the extent necessary to deliver the Platform:
- The healthcare provider / practice where the patient was seen (the data controller for clinical data)
- Cloud database, storage and hosting providers for secure document hosting, database operations and serving the application
- Authentication provider for user account management, password handling and session security
- Email delivery provider for sending documents, instructions, appointment reminders, system emails and (for opt-in subscribers only) newsletters
- Messaging provider for delivering WhatsApp messages — patient instructions, appointment reminders and demo-booking conversations
- AI service providers for the AI Writing Assistant, AI Chatbot, AI medication safety check, voice transcription, telehealth-recording transcription, AI-drafted SOAP / clinical notes from telehealth transcripts, and the analytics "AI insights" summary. Only the specific text or audio required for each task is transmitted; full patient records are not sent
- Real-time video infrastructure provider for delivering the live audio and video connection of telehealth sessions on supported verticals. The provider transmits the live stream between practitioner and patient; the live stream itself is not stored by the provider, and recordings (when opted in) are written to our managed object storage rather than to the provider
- External accounting service providers when the practice has connected one — patient names and billing details are shared as part of invoice and payment creation. The built-in Baselayer Billing option keeps this data inside our own managed cloud database and does not share it with an external accounting service
- Medical-aid switching service when the practice elects to submit electronic claims — claim payloads (including patient identity, scheme membership and treatment details) are transmitted to the switch and forwarded to the relevant scheme
- Subscription / payment provider for processing the practice's Baselayer.med subscription via debit-order or card payment
- Calendar integration provider only when a practitioner has explicitly connected a third-party calendar
- Marketing-site analytics providers (industry-standard search and web analytics tools) used only for the public marketing website (baselayer.med) — these do not receive patient or clinical data
- Legal authorities when required by law or to protect the rights, safety or property of patients, practices, or Baselayer.med
We do not sell your personal information to third parties, and we do not use patient or clinical data for advertising.
8. Your Rights
Under POPIA, you have the right to:
- Access: Request a copy of your personal information
- Correction: Request correction of inaccurate information
- Deletion: Request deletion of your information (subject to legal retention requirements applicable to medical records)
- Objection: Object to processing of your information
- Withdraw Consent: Where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing
- Complaint: Lodge a complaint with the Information Regulator of South Africa
To exercise these rights, contact the healthcare practice where you submitted your consent form (the data controller for your clinical data), or contact us using the details in section 19.
9. AI Features
The Platform includes several AI-powered features provided by third-party AI service providers. In every case, the AI does not make clinical decisions and the practitioner remains responsible for any output that is acted upon.
Responsible Party and Operator Relationships: The healthcare practice remains the responsible party for all patient information processed through the Platform, as defined under POPIA. Baselayer.med and any third-party AI or software provider involved in processing that information acts as an operator or service provider, where applicable, and processes data only on documented instructions from the responsible party. Patient information may not be used by any AI or software provider for purposes unrelated to the service being provided — including marketing, model training, or onward sharing — unless separately disclosed to the practice and legally permitted. POPIA places duties on the responsible party (the practice) to maintain appropriate safeguards and to manage operator relationships securely, including ensuring that data-processing agreements or equivalent contractual protections are in place with all operators handling patient data.
AI Writing Assistant
- Only the specific text content of the field being polished (e.g. clinical findings, recommendations, or treatment notes) is sent to the AI provider for processing. Full patient records, names, ID numbers, or other personal identifiers are not transmitted.
- AI-generated suggestions are presented to the practitioner for review and must be explicitly accepted before replacing the original text.
- The AI provider processes data via their API, which is configured not to use submitted data for model training.
- The AI does not add medical information that was not present in the original text. All clinical content remains the responsibility of the practitioner.
AI Chatbot
- The AI Chatbot provides general assistance with using the Platform. It does not provide medical advice.
- Conversation content is transmitted to and processed by the AI provider. Users should not enter patient personal information, clinical details, or other sensitive data into the chatbot.
- The AI provider processes chatbot data in accordance with their API data-usage policies and does not use API-submitted data for training.
AI Medication Safety Check
- When a practitioner is prescribing, the medication name and a non-identifying summary of the patient's allergies, current medications, conditions, pregnancy status and bleeding history are sent to the AI provider to surface potential allergy, interaction, contraindication, pregnancy and bleeding-risk concerns.
- The patient's name, ID, contact details or other direct identifiers are not transmitted.
- The output is advisory only. The prescribing practitioner is solely responsible for the prescription.
Voice Dictation / Transcription
- When a practitioner uses the in-app dictation tool, the recorded audio is streamed to a third-party speech-to-text service and the resulting transcript is returned to the practitioner for review.
- Audio is not stored by Baselayer.med after transcription. The practitioner must review and accept the transcribed text before it is saved into a clinical record.
- Practitioners should avoid dictating direct identifiers (e.g. ID numbers, full names of third parties) where this is not clinically necessary.
Telehealth Transcripts & AI-drafted SOAP Notes
- Where a telehealth session has been recorded (with patient consent for that session) and the practitioner instructs the platform to transcribe it, the recording is sent to a third-party speech-to-text provider to produce a text transcript.
- The transcript may then be summarised by an AI provider into a draft SOAP / clinical note, structured into the standard subjective, objective, assessment and plan sections. Only the transcript text is sent to the AI provider for this step — the underlying audio/video is not.
- The transcript and the AI-drafted note are presented to the practitioner for review. The practitioner must read, edit and explicitly accept the draft before it is saved into the patient record. AI-drafted notes are advisory drafts only and do not constitute medical advice or a clinical record on their own.
- The AI provider processes data via their API, which is configured not to use submitted data for model training.
Practice Analytics & AI Insights
- The analytics dashboard is computed entirely inside our own database from the practice's existing records. No patient-level data is sent to a third party for the dashboard itself.
- If the practice opts to generate AI narrative "insights", only aggregated, non-identifying summary numbers (counts, percentages, top categories) are sent to the AI provider — never patient names, contact details, identifiers or clinical free-text.
- Insights are advisory only and must not be relied upon for clinical or financial decisions.
10. Built-in Baselayer Billing
Baselayer.med includes a built-in billing engine ("Baselayer Billing") that allows practices to create, send and track quotes, invoices and payment records inside the Platform without using an external accounting service.
- Quotes, invoices, line items, procedure / tariff codes, ICD-10 codes, amounts, taxes, dates, balances and patient billing details are stored in our managed cloud database, scoped to the issuing practice.
- Invoice and statement PDFs may be emailed to the patient via our email delivery provider on behalf of the practice.
- The practice remains responsible for the accuracy of all billing information, including procedure codes, tariffs, taxes and patient details.
- Practices may switch between Baselayer Billing and a connected external accounting service at any time. Historical records remain associated with the provider that created them.
11. External Accounting Integrations
Practices may optionally connect their own account with a supported third-party accounting service instead of, or alongside, Baselayer Billing.
- When such an integration is enabled, patient names and billing details (procedure codes, amounts, dates, line items) are shared with the connected accounting service to create customers, quotes, invoices and payment records.
- The practice's OAuth connection credentials and refresh tokens are stored securely in our database and used only to call the relevant accounting API on the practice's behalf. The practice can disconnect at any time.
- Beyond what is needed to facilitate the integration, Baselayer.med does not retain copies of the records held in the external accounting service. The source of truth for those records is the practice's account with the accounting provider.
- The accounting service provider processes billing data in accordance with its own privacy policy and terms of service.
12. Electronic Medical-Aid Claims
Where the practice has elected to submit electronic medical-aid claims through Baselayer.med, claims are transmitted to a medical-aid switching service which routes them to the relevant medical aid scheme.
- Claim payloads include the patient's identity details, the scheme, plan and main-member / dependant information, ICD-10 codes, treatment / tariff codes, line amounts, the destination code for the chosen scheme and the issuing practitioner's practice and provider numbers.
- The switching service's acknowledgement, status and remittance responses are stored against the corresponding invoice for the practice's reference.
- Per-practice switch credentials are stored securely server-side and are never exposed to the browser.
- Each claim is initiated by the practice. Baselayer.med does not adjudicate, approve or guarantee any claim and is not the medical aid scheme or its agent.
13. Saved Payment Card Data (Supplier Forms)
Practices may optionally store payment card details for use with internal supplier forms:
- Card details (number, cardholder name, bank, type, expiry) are stored in our secure database with access controls ensuring data isolation between practices.
- CVV/CVC is never stored. It must be entered manually each time a supplier form is submitted.
- Card data is accessible only via server-side API routes using the service-role key. It is never exposed directly to the browser.
- Admins can add, edit, deactivate, or delete stored cards at any time from Practice Settings.
- Saved card data is used only for the practice's own supplier forms and is never used to charge a patient.
14. Subscription Payments
Subscription fees for Baselayer.med are processed by a third-party payment provider that supports debit orders and card payments.
- Bank-account or card details captured at sign-up are submitted directly to the payment provider; Baselayer.med does not store full bank-account or card numbers used for the platform subscription.
- The payment provider returns a mandate / consent reference which we store against the practice record so we can request scheduled debits.
- We retain subscription status, plan, billing dates, mandate references, invoice records and any failed-payment reasons for accounting and dispute-handling purposes.
- Practices may receive subscription reminder emails and invoice PDFs.
15. Patient Communications & WhatsApp
The Platform sends patient communications by email and WhatsApp on the practice's behalf, using a third-party messaging service:
- WhatsApp messages are sent using pre-approved templates and are initiated by the practice.
- The patient's phone number is shared with the messaging provider solely for the purpose of message delivery and reminder workflows.
- Message content is limited to post-operative instructions, appointment reminders, and document delivery as authorised by the practice.
- Where automated appointment reminders are enabled, a scheduled task sends a single reminder per active appointment in a defined window before the appointment time.
- Patients should direct any clinical questions to the treating practice, not to the WhatsApp number used for delivery.
16. Marketing & Newsletter
Marketing communications are sent only to recipients who have explicitly opted in via the public marketing website. Patients of subscribing practices are not added to marketing audiences as a result of using the Platform clinically.
- Newsletter subscribers' email addresses are stored with our email delivery provider's audience service.
- Subscribers may unsubscribe at any time using the link in any newsletter or by contacting us.
- The public marketing site uses industry-standard search and web analytics tooling only to measure marketing performance. These tools do not receive any patient or clinical data.
17. Psychology Vertical — Limits of Confidentiality, Telehealth & Crisis Resources
Where the Platform is configured for a psychology practice, the Psychology Consent Form captures additional data points alongside the standard demographic and clinical fields, including the patient's acknowledgement of the limits of confidentiality (such as harm-to-self/others, mandatory reporting under the Children's Act, and disclosure required by court order), and the patient's baseline opt-in or opt-out of telehealth sessions and any session-recording policy.
- The acknowledgement and opt-in fields are stored alongside the rest of the consent form record in our managed cloud database, scoped to the issuing practice.
- Telehealth sessions on the psychology vertical are now provided as a built-in Platform feature. The live audio and video of a session is delivered through a third-party real-time video infrastructure provider on Baselayer.med's behalf. The live stream is not stored.
- Recording remains opt-in per session. The Psychology Consent Form opt-in is a baseline acknowledgement; the practitioner must additionally confirm the patient's consent to recording at the start of any session that is to be recorded. Where a session is recorded, the audio/video file is stored in our managed object storage scoped to the issuing practice, and is accessible only to authorised users via short-lived signed URLs.
- Where the practitioner instructs the platform to transcribe a recording, the recording is sent to a third-party speech-to-text provider to produce a transcript, which may then be summarised by an AI provider into a draft SOAP / clinical note for the practitioner to review, edit and accept (see section 9).
- The treating practice remains the data controller for any telehealth recording, transcript and resulting clinical note, and is responsible for retention, withdrawal-of-consent handling, access management and any subsequent deletion request.
- Decisions about mandatory reporting or disclosure under the limits of confidentiality are made by the treating Practitioner outside the Platform. Baselayer.med does not detect, advise on, or trigger any such disclosure, and does not contact emergency services, designated persons, facilities or any third party on the Practice's behalf.
- Crisis-resource references (for example, SA Police Service 10111, ambulance 10177, SADAG and similar services) reproduced in patient instruction templates are public information for patient-facing reference only. They are not integrations: no patient data is transmitted to those services through the Platform.
18. Cookies & Local Storage
The Platform uses essential cookies and browser local storage for authentication, session management, kiosk-device identification (a per-device ID), and remembering the user's last selected practice. Marketing pages may use additional analytics cookies; these are not used inside the authenticated practice management application. We do not use advertising or cross-site tracking cookies.
19. Information Officer
For any privacy-related queries or to exercise your data rights, please contact:
20. Changes to This Policy
We may update this Privacy Policy from time to time, particularly when new features, sub-processors or integrations are added. Material changes will be posted on this page with an updated revision date and, where appropriate, communicated to practice administrators within the Platform.
21. Contact Us
If you have any questions about this Privacy Policy or our data practices, please contact us at: