Privacy Policy Version 2025 -12

Privacy Policy

Last Updated: December 2025

1. Introduction

Intelical (Pty) Ltd, trading as ICDPal (“ICDPal”, “we”, “us”, or “our”), is committed to protecting your privacy and personal information. This Privacy Policy explains how we collect, use, store, and protect personal information when you use our software-as-a-service platform (“the Service”).

This Policy is drafted in accordance with the Protection of Personal Information Act, 68 of 2013 (POPIA) and, where applicable, the General Data Protection Regulation (GDPR).

2. Information We Collect

2.1 Account Information

We may collect: Name and surname, Email address, Practice or organisation name, Country and time zone, Login credentials (securely hashed).

2.2 Usage and Technical Information

We may collect: IP address (or country-level location), Device and browser type, Usage logs and feature interactions, Error and performance logs.

2.3 Clinical or Textual Input Data

The Service primarily operates on non-identifiable clinical or administrative descriptions. The entry of patient identifiers (such as a patient name or internal reference number) is optional, not required for the core functionality of the Service, and is provided solely as a user convenience feature.

Users are responsible for ensuring that:

  • Any personal or patient information entered is lawfully obtained;
  • Its use complies with applicable privacy and healthcare laws; and
  • Data is appropriately anonymised or minimised where required.

Where patient identifiers are entered, ICDPal applies reasonable technical and organisational security measures to protect such data in accordance with this Privacy Policy.

2.4 Billing Information

Payment processing is handled by third-party payment providers. ICDPal does not store full payment card details.

3. POPIA Roles, Data Minimisation, and Health Information Handling

3.1 POPIA Role Clarification

For purposes of the Protection of Personal Information Act, 68 of 2013 (POPIA): ICDPal acts as an operator in respect of personal and patient information processed through the Service. The user (including the healthcare practice or organisation) acts as the responsible party, determining the purpose and manner of such processing.

3.2 Data Minimisation Best Practice

The Service is designed to function without patient-identifying information. Users are encouraged to: Enter only the minimum information necessary; Avoid direct patient identifiers unless required for internal workflows; and Prefer anonymised or pseudonymised data where possible.

3.3 Health Information and Safe-Harbour Alignment

Where health-related or patient information is processed, ICDPal applies reasonable safeguards aligned with widely accepted healthcare data-protection principles. Nothing in this Privacy Policy constitutes an agreement that ICDPal is a “covered entity” or “business associate” under HIPAA. References to healthcare-style safeguards reflect best-practice standards only.

4. Purpose of Processing

We process personal information to: Provide and operate the Service; Authenticate users and manage accounts; Generate AI-assisted coding suggestions; Manage subscriptions and billing; Provide customer support; Maintain security, system integrity, and compliance.

5. Lawful Basis for Processing

Processing of personal information is carried out in accordance with the Protection of Personal Information Act, 68 of 2013 (POPIA) and, where applicable, the General Data Protection Regulation (GDPR), based on one or more of the following lawful grounds:

  • Performance of a contract;
  • Legitimate interests pursued by ICDPal or its users;
  • Compliance with legal obligations; and
  • User consent, where required by law.

ICDPal applies reasonable and best-effort measures to ensure that personal information is processed lawfully, fairly, and transparently in accordance with applicable data protection laws.

6. AI and Automated Processing

AI-generated outputs are produced from user-provided inputs. No fully automated decisions with legal or clinical effect are made. Human review is required before use.

7. Data Sharing and Third Parties

We may share data with: Hosting and cloud infrastructure providers; AI Providers; Payment processors; Analytics and monitoring providers; Regulatory or legal authorities where required by law, To enable the functioning of this service

8. International Data Transfers

Where data is processed outside South Africa, appropriate safeguards are implemented to ensure compliance with POPIA and, where applicable, GDPR.

9. Data Retention

Personal information is retained only for as long as necessary to provide the Service, meet legal obligations, or resolve disputes.

10. Data Security

We implement reasonable technical and organisational measures, including encryption in transit and at rest, access controls, and monitoring. No system can be guaranteed fully secure.

11. Your Rights

Subject to applicable law, you have the right to access your personal information, request correction or deletion, object to processing, or lodge a complaint with the Information Regulator of South Africa.

12. Cookies and Tracking

We use essential cookies to support authentication, security, and performance. We do not use intrusive tracking without consent.

13. Children’s Information

The Service is not intended for use by individuals under the age of 18.

14. Changes to This Policy

This Privacy Policy may be updated from time to time. Continued use of the Service constitutes acceptance of the revised Policy.

15. Contact Information

For privacy-related questions or concerns, contact:

ICDPal
Cape Town, Western Cape, South Africa
Email: privacy@intelical.com