Data & Platform Security

Data security

Vital Loop places great importance on the security of all the information we are entrusted with. We regularly review & implement up-to-date administrative, physical, technical & organisational security measures appropriate to the sensitivity of the information we process, in line with our obligations under the Protection of Personal Information Act, 4 of 2013 (POPIA).

We use reputable third-party service providers, including Supabase as our primary database provider, to host & protect personal information. These providers implement industry-standard security controls such as encryption in transit & at rest, access control, monitoring & backup mechanisms designed to protect data against loss, misuse, unauthorised access, disclosure, alteration & destruction.

Vital Loop is in the process of obtaining relevant industry & healthcare data security accreditations & certifications. As these are finalised, we will update this document to reflect the specific certifications & standards that apply to our systems.

The Vital Loop platform enables users to track chronic conditions (such as diabetes) & record information including blood glucose readings. Users remain in control of their data & decide if, when & how their data is shared with a healthcare professional via the platform. Where we use data for research, insights or service improvement, we do so only in an anonymised & aggregated form that does not reasonably allow the identification of any individual.

Our POPIA Information Officer

Name: Leo Hyera
Role: Director & POPIA Information Officer
Contact email: support@vitalloop.co.za

You may contact the Information Officer if you have any questions about how we protect your information or about the security measures described in this document.

Platform security

The Vital Loop platform, comprising our web application & marketing website, together with our WhatsApp-based sign-up & reminder flows, is developed using secure technologies with privacy-by-design & security-by-default principles at the forefront of its architecture.

Users sign up via WhatsApp & are sent a secure magic link to access the web application. Access to the platform is protected using strong access control protocols, & accounts can only be accessed by authenticated users who have successfully completed the sign-up process. We treat magic links as sensitive authentication credentials & apply technical controls (such as time limits & one-time use where applicable) to reduce the risk of unauthorised access.

We encourage all users to implement generally accepted information security practices when using the Vital Loop platform & their devices, for example:

• Keeping devices locked & using a strong device passcode or biometric security
• Not sharing magic links or WhatsApp messages that contain account access information
• Using the latest version of supported browsers & keeping operating systems up to date
• Immediately notifying us at support@vitalloop.co.za if they suspect unauthorised access to their account

These measures help secure the Vital Loop platform, as well as protect each user's account, their own personal information, & any patient or health-related information processed within the platform.