Privacy Policy

Who we are

CommunityCare ("we", "us", "our") operates a care-coordination platform for general practice. We are the responsible party (POPIA) and data controller (UK GDPR / Philippine DPA) for the personal information described below, with one exception: for clinical records that a GP practice creates and manages on our platform, the GP practice is the controller and CommunityCare is the processor. The data processing agreement (DPA) between us governs that relationship.

Privacy contact: privacy@community-care.app.

• Information Officer (POPIA, South Africa) — registered with the Information Regulator of South Africa. Name published here on confirmation of registration.
• Data Protection Officer (Data Privacy Act, Philippines) — registered with the National Privacy Commission. Name published here on confirmation of registration.
• Data Protection Officer (UK GDPR) — designated where required.

All three roles may be performed by the same individual where the law permits; contact details are unified at privacy@community-care.app. Company entity details and registration numbers are published at incorporation.

What we collect

From clinicians and account holders

• Identity — name, email, role, organisation, authentication credentials (passwords are stored as bcrypt hashes by Supabase Auth; we never see or store them in plaintext).
• Activity — every action that creates, updates, or deletes patient data is recorded in an immutable audit log with timestamp, actor, IP address, and a snapshot of the change.
• Billing — subscription status, payment method tokens (handled and stored by Stripe, not us), and invoicing details.

From caregivers and family members

• Identity — name, email, role, relationship to the patient.
• Care observations — anything recorded against a patient including medication administration, vital signs, meals, mood, mobility, and free-text notes.

About patients

• Identity and demographics — name, date of birth, contact details, language, RSA ID number (where applicable), GP details, hospital preference.
• Special personal information / special category data — medical conditions, allergies, dietary requirements, mental capacity status, DNR preferences, care plans, risk assessments, consent records, medication records, incident reports.
• Photos — wound or pressure-area photos, only where added explicitly through the monitoring features.

Technical

• Device, browser, IP address, user-agent, request identifiers — captured automatically against each request for security monitoring and audit logging.
• We use Plausible Analytics, which is cookieless and does not track you across sites. We set only strictly necessary cookies for sign-in and CSRF protection.

Lawful basis for processing

We process personal information on the following lawful bases. Special category / special personal information (health data) requires an additional, specific condition:

• Contract — UK GDPR Art. 6(1)(b); POPIA s.11(2)(b); PH DPA s.12(b). To deliver the service GP practices have contracted us to provide.
• Legitimate interests — UK GDPR Art. 6(1)(f); POPIA s.11(2)(f). For audit logging, security monitoring, and product improvement on aggregate non-identifying data.
• Provision of health or social care — UK GDPR Art. 9(2)(h); POPIA s.27(1)(c); PH DPA s.13(d). For all patient health data, where processing is necessary for the provision of care by a registered health professional under a duty of confidentiality.
• Consent — UK GDPR Art. 6(1)(a) + 9(2)(a); POPIA s.11(1)(a) + s.27(1)(a); PH DPA s.12(a) + 13(a). For optional features such as marketing communications and family-circle invitations.

Where data is stored and processed

Our primary database and authentication service run on Supabase in the London (eu-west-2) AWS region. Patient data is encrypted in transit (TLS 1.2+) and at rest (AES-256), with role-based access controls and append-only audit logging on every change.

Cross-border transfer. For users in South Africa, hosting in London constitutes a transfer of personal information outside South Africa under POPIA s.72. We rely on adequacy of the EU/UK regime and on our written data processing agreement with Supabase, which incorporates the European Commission's standard contractual clauses (SCCs). For users in the Philippines, the same hosting arrangement is governed by NPC Circular 16-02; the same SCCs apply, and consent to the transfer is captured at account setup.

Sub-processors

We use the following sub-processors to deliver the service. Each is bound by a written agreement requiring confidentiality and security measures no less protective than those we apply. A current list is maintained at /legal/sub-processors.

• Supabase — Postgres, authentication, file storage. London.
• Vercel — application hosting and edge CDN. Frankfurt/London for serverless functions, global edge for static assets.
• Stripe — payment processing. Ireland (EU primary).
• Postmark — transactional email. United States (with SCCs).
• Plausible Analytics — privacy-first usage analytics, cookieless. Germany.

Your rights

Depending on which law applies to you — POPIA (South Africa), UK GDPR, or Philippine DPA — you have some or all of the following rights:

• Access — receive a copy of the personal information we hold about you or a patient in your circle. For account holders this is delivered through the in-app export function; for patients, the responsible GP can generate a complete export from the patient page (Settings → Export). We respond within 30 days.
• Correction / rectification — ask us to correct inaccurate information. Account holders can edit most of their own data; patient data is edited through the GP practice.
• Erasure — ask us to delete personal information. For patient records, requests are filed via the platform (Settings → Erasure request), reviewed by a senior staff member, and executed within 30 days where there is no overriding retention obligation. An audit record of the erasure is retained for compliance.
• Object — to processing based on legitimate interests.
• Withdraw consent — where we rely on consent. Doing so does not affect prior processing.
• Complain — to your data protection authority: Information Regulator of South Africa; UK Information Commissioner's Office; Philippine National Privacy Commission.

Email privacy@community-care.app to exercise any right. We may ask for proof of identity before disclosing personal information.

Retention

We retain personal information only as long as needed for the purpose for which it was collected, plus any period required by law or to meet contractual obligations:

• Active patient records — for the duration of the GP practice's care relationship plus 6 years (UK NHS records guidance) or 7 years (POPIA / Health Professions Council of South Africa minimums), whichever is greater.
• Audit logs — 7 years from the date of the recorded event.
• Account information — until account deletion, plus 12 months for billing reconciliation.
• Erased records — request metadata only (who requested erasure, when, and the entity erased) is retained as part of the audit log.

Security

See our Security page for the technical and organisational measures we apply. Breach notification is described there and in our internal Breach Notification Policy (available on request to GP practice partners).

Children

CommunityCare is designed for adult patient care. Where a patient is a minor, parental or guardian consent must be obtained by the responsible GP before adding their record to the platform. If you believe a minor's data has been recorded without proper consent, contact us at privacy@community-care.app and we will remove it.

Changes to this policy

We will post material changes here and notify active users by email at least 30 days before they take effect. The "Last updated" date at the top of this page reflects the most recent revision.