Privacy Policy

1. Introduction

ClaimSmart ("we," "us," or "our") is committed to protecting your privacy and ensuring the security of your personal and health information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI-powered Revenue Cycle Management platform for healthcare providers in South Africa and Botswana.

This policy complies with:

• South Africa's Protection of Personal Information Act (POPIA), 2013
• Botswana's Data Protection Act, 2018
• Healthcare privacy regulations applicable in Southern Africa
• Google OAuth 2.0 requirements and policies

2. Information We Collect

2.1 Personal Information

We collect the following types of personal information:

• Account Information: Name, email address, professional credentials, practice details
• Authentication Data: Google OAuth credentials (email, profile information) used solely for secure login
• Contact Information: Phone numbers, business addresses
• Professional Details: Medical aid provider numbers, BHF numbers, practice registration details

2.2 Patient Health Information

As a healthcare billing platform, we process protected health information (PHI) including:

• Patient Identifiers: SA ID numbers, Omang numbers (Botswana), passport numbers
• Medical Data: Diagnosis codes (ICD-10), procedure codes, encounter notes
• Insurance Information: Medical aid membership numbers, scheme details, coverage information
• Financial Data: Billing amounts, claim submissions, payment records

2.3 Technical Information

• IP addresses, browser type, device information
• Usage data, access logs, and system interactions
• Cookies and similar tracking technologies

3. How We Use Your Information

We use the collected information for the following purposes:

• Service Delivery: Process medical claims, validate patient eligibility, generate invoices and claim forms
• Authentication: Secure login via Google OAuth (we only access your email and basic profile information necessary for authentication)
• Communication: Send service updates, claim status notifications, and support responses
• Compliance: Meet regulatory requirements, prevent fraud, maintain audit trails
• Improvement: Analyze usage patterns to enhance platform functionality and user experience
• AI Processing: Train and improve our AI models for code suggestions and claim validation (using anonymized data only)

4. Google OAuth Integration

ClaimSmart uses Google OAuth 2.0 for secure authentication. Here's what you should know:

• Scope of Access: We only request access to your email address and basic profile information (name, profile picture) for authentication purposes
• No Gmail Access: We do NOT access your Gmail messages, contacts, or other Google services
• Data Storage: We store your Google account email and profile information solely to maintain your account identity
• Third-Party Sharing: Your Google account information is never shared with third parties
• Revocation: You can revoke ClaimSmart's access to your Google account at any time through your Google Account settings

Our use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

5. Data Sharing and Disclosure

We may share your information with:

• Medical Aid Schemes: For claim submission and processing (e.g., Discovery, BOMAID, PULA Medical Aid)
• Service Providers: Cloud hosting (AWS, Azure), email services, payment processors - all bound by strict confidentiality agreements
• Legal Authorities: When required by law, court order, or regulatory investigation
• Business Transfers: In the event of a merger, acquisition, or asset sale (with prior notice to affected users)

We do NOT:

• Sell your personal or health information to third parties
• Use patient data for marketing purposes
• Share data with unauthorized parties

6. Data Security

We implement industry-standard security measures to protect your information:

• Encryption: TLS/SSL encryption for data in transit, AES-256 encryption for data at rest
• Access Controls: Role-based access, multi-factor authentication, regular access audits
• Infrastructure: Secure cloud hosting with regular security patches and updates
• Monitoring: 24/7 system monitoring, intrusion detection, and incident response protocols
• Backups: Regular encrypted backups with disaster recovery procedures
• Staff Training: Regular security and privacy training for all personnel

7. Data Retention

We retain your information for the following periods:

• Patient Records: 7 years from last encounter (as required by healthcare regulations)
• Financial Records: 7 years for tax and audit purposes
• Account Information: Until account deletion or 3 years of inactivity
• System Logs: 90 days for security monitoring

After retention periods expire, data is securely deleted or anonymized.

8. Your Privacy Rights

Under POPIA and the Botswana Data Protection Act, you have the right to:

• Access: Request a copy of your personal information
• Correction: Update or correct inaccurate information
• Deletion: Request deletion of your data (subject to legal retention requirements)
• Restriction: Limit how we process your information
• Objection: Object to certain types of processing
• Portability: Receive your data in a structured, machine-readable format
• Withdrawal: Withdraw consent at any time (where processing is based on consent)
• Complaint: Lodge a complaint with the Information Regulator (South Africa) or Data Protection Commissioner (Botswana)

To exercise these rights, contact us at: privacy@claimsmart.com

9. International Data Transfers

Your data is primarily stored and processed within Southern Africa. If we transfer data internationally, we ensure adequate protection through:

• Standard contractual clauses approved by relevant authorities
• Transfers to countries with adequate data protection laws
• Your explicit consent where required

10. Cookies and Tracking Technologies

We use cookies and similar technologies for:

• Essential Cookies: Required for authentication and security
• Functional Cookies: Remember your preferences and settings
• Analytics Cookies: Understand platform usage and improve performance

You can control cookies through your browser settings. Note that disabling essential cookies may affect platform functionality.

11. Children's Privacy

ClaimSmart is designed for healthcare providers and not intended for use by individuals under 18. We do not knowingly collect personal information from children. Patient information for minors is processed as part of our healthcare billing services under the authority of healthcare providers.

12. Changes to This Privacy Policy

We may update this Privacy Policy periodically. We will notify you of material changes via email or prominent notice on our platform. Your continued use after changes constitute acceptance of the updated policy.

13. Contact Us

For privacy-related questions, concerns, or to exercise your rights:

14. Regulatory Authorities

You have the right to lodge a complaint with: