Back to Legal Overview

Privacy Policy

Last updated: 2025-11-18Version: 1.0

Privacy Policy

How we collect, process, store & share your Personal Information.

At Vital Loop (Pty) Ltd trading as Vital Loop ("Vital Loop", "we", "us", "our"), we value your privacy & strive to protect your Personal Information. We will only collect & use your Personal Information, as this term is defined in POPIA & in accordance with this Privacy Policy ("Privacy Policy").

We act as the Responsible Party of our end users' ("Data Subjects") Personal Information when an account is opened with Vital Loop using our WhatsApp-based sign-up flow, web application & marketing website (together, the "App" or "Platform").

By providing us with your Personal Information, you:

  • agree to this Privacy Policy & authorise us to Process such data as set out herein; &
  • authorise Vital Loop, its affiliates, directors, employees, consultants, service providers & other third parties to Process your Personal Information for the purposes stated in this Privacy Policy.

This Privacy Policy explains how we will endeavour to protect and use your Personal Information.

Vital Loop's Data Subjects are typically individuals using the App to track their own health data for chronic conditions (for example diabetes), or people employed in an administrative role acting on behalf of a healthcare establishment or practice who may assist such individuals. We act as a Responsible Party & Process, as the term is defined in POPIA, Personal Information & Special Personal Information (including health information) in order to provide our services to you.

This Privacy Policy pertains to our role as a Responsible Party who collects, processes, stores & shares Data Subjects' Personal Information.

This Privacy Policy provides information on:

  • The Eight Conditions for Lawful Processing of Personal Information
  • Access to Personal Information
  • Personal Information Collected
  • Use of Personal Information
  • Sharing of Personal Information
  • Data Accuracy
  • Security of Personal Information
  • Transborder Flow of Personal Information
  • Retention of Personal Information
  • Incomplete Personal Information
  • Data Subject Rights
  • Electronic Communications
  • Use of Cookies
  • Declining Cookies
  • Data Breaches
  • Revisions to this Privacy Policy
  • Privacy Queries
  • Information Officer

THE EIGHT CONDITIONS FOR THE LAWFUL PROCESSING OF PERSONAL INFORMATION

POPIA sets out eight conditions for the lawful Processing of Personal Information ("the Eight Conditions"). Vital Loop is committed to complying with the Eight Conditions:

  1. Condition 1 – Accountability: Vital Loop will comply with the Eight Conditions while conducting business that involves the Processing of Personal Information.

  2. Condition 2 – Processing Limitation: the consent of a Data Subject is required for his/her Personal Information to be Processed, unless another lawful ground under POPIA applies. Such consent must be informed & specific: the Data Subject must know the reason for which the Personal Information will be Processed & by whom it will be Processed. Personal Information may not be collected for one purpose & then used for another incompatible purpose. If it becomes necessary to change the purpose for which the Personal Information is Processed, the Data Subject will be informed of the new purpose & consent will be obtained where required before the required Processing occurs. Vital Loop will normally collect Personal Information directly from the Data Subject unless the Personal Information is in the public domain or another lawful source applies.

  3. Condition 3 – Purpose Specification: Personal Information will only be collected for a specific, defined & lawful purpose related to the function or activity of Vital Loop.

  4. Condition 4 – Further Processing Limitation: Where Personal Information collected by Vital Loop is given to another person (for example a service provider) to Process, such further Processing will be done in accordance with the conditions under which Vital Loop initially collected such information & under a binding agreement that requires compliance with POPIA.

  5. Condition 5 – Information Quality: Vital Loop will take reasonably practicable steps, given the purpose for which Personal Information is collected or subsequently Processed, to ensure that the Personal Information is complete, not misleading, updated & accurate.

  6. Condition 6 – Openness: Vital Loop will retain the documents that contain Personal Information in accordance with our Retention & Restriction of Records practices. Data Subjects have a right to know what Personal Information we have about them & for what purpose.

  7. Condition 7 – Data Security: Vital Loop will ensure that appropriate security measures, processes & procedures are in place to protect against unlawful or unauthorised Processing of Personal Information & accidental loss of, or damage to, Personal Information.

  8. Condition 8 – Data Subject Participation: Data Subjects may request access to any Personal Information held about them by Vital Loop & ask for inaccurate data to be amended or deleted, subject to lawful limitations.

Vital Loop recognises that Data Subjects have the right to have their Personal Information Processed in accordance with the Eight Conditions and will therefore protect these rights by:

  • notifying a Data Subject that Personal Information about him or her is being collected, where required by POPIA;
  • notifying a Data Subject that his or her Personal Information has been accessed or acquired by an unauthorised person, where required;
  • allowing the Data Subject access to his or her Personal Information, subject to lawful grounds of refusal; &
  • complying with the request of a Data Subject, where necessary, to correct, destroy or delete his or her Personal Information.

ACCESS TO PERSONAL INFORMATION

A Data Subject, who has provided the Information Officer with adequate proof of identity, may request Vital Loop to confirm, free of charge, whether or not Vital Loop holds any Personal Information about the Data Subject; & to provide a record of the Personal Information about the Data Subject held by Vital Loop, including information about the identity of all third parties, or categories of third parties, who have, or have had, access to the information.

Vital Loop may provide the record referred to above within a reasonable time, in a form that is understandable to the Data Subject. The Data Subject will also be advised of his or her right to request that the information be corrected, if incorrect.

Vital Loop may refuse to disclose any information requested on the basis of grounds of refusal to access certain records as specified in section 37–45 of the Promotion of Access to Information Act No. 2 of 2000 ("PAIA"). If a request for access to Personal Information is made & part of the information falls within one of the aforementioned grounds, Vital Loop will disclose every other part of the information which does not fall within the protected ground.

PERSONAL INFORMATION COLLECTED

When you register to use the App, we open & operate an account for you, provide you with our products & services, & provide you with electronic communications relating to your account, our products & our services. To this end, we may collect the following Personal Information from you:

Identification & contact information

  • Name & surname
  • Mobile number (including your WhatsApp number)
  • Email address (where provided)
  • Basic profile information you choose to provide (for example, age range or year of birth, gender, primary chronic condition)

Health & monitoring information

  • Information about your chronic conditions (for example, diabetes type) that you choose to record
  • Clinical monitoring data such as blood glucose readings & related values
  • Timestamps & notes associated with your readings or other health events
  • Information about whether & how you choose to share data with a clinician or other third party
  • Personal information related to health, treatment history, and demographic data that can be used to develop a 'user health profile' for the purpose of adding context to health readings for chronic conditions captured by users

Technical & usage information

We may collect technical & device information during the course of your use of the App to troubleshoot issues, maintain security, & improve the App. This may include:

  • Device identifiers (for example, a browser or device ID)
  • Browser type & version
  • Device operating system & version
  • Time zone & language settings
  • General location inferred from IP address (not precise GPS location)
  • Log information about how you use the App (pages viewed, features used, date & time of access)

Communications & interaction information

We may also collect Personal Information from you in other ways, including:

  • when you communicate with us by WhatsApp, email, chat, telephone or any other means, we collect the communication & any data provided in it;
  • when you use the App we collect the information you input, including your readings & related notes;
  • information contained in a public record or deliberately made public by you;
  • where you have consented to the collection of the information from another source, including our social media platforms;
  • where collection from another source is otherwise permitted under POPIA (for example, for law enforcement or regulatory purposes).

We do not collect or store the content of your private WhatsApp messages beyond what is necessary to operate the sign-in workflow & send reminders (such as message metadata & your WhatsApp number).

USE OF PERSONAL INFORMATION

We use your Personal Information for one or more of the following purposes:

  • to register you as a user & manage and maintain your account with us;
  • to provide the Service, including recording, storing & displaying your health data (for example blood glucose readings) & related information;
  • to send you secure sign-in links & other authentication workflows via WhatsApp &/or email;
  • to send reminders to help you use the App regularly;
  • to allow you to choose whether & how to share your data with a clinician or other third party;
  • to prevent fraudulent or unauthorised use of our products & services;
  • to better manage our business & your relationship with us;
  • to improve our products & services, & to develop new products & services;
  • to notify you about benefits, changes to features or service updates;
  • to send you newsletters or service notices (you may unsubscribe at any time, although some service notices are essential to the App's operation);
  • to respond to your enquiries & to resolve disputes;
  • to comply with legal & regulatory obligations.

We may also use anonymised, aggregated data (data that does not identify you & that cannot reasonably be used to re-identify you) for research, statistical or analytical purposes, including to improve healthcare outcomes & our services. We will not publish or disclose anonymised data in any way that could reasonably be used to re-identify individuals.

SHARING OF PERSONAL INFORMATION

We may disclose your Personal Information to third parties for legitimate business purposes, in accordance with applicable law & subject to appropriate confidentiality & security safeguards. These third parties may include:

  • any person that works for us in the employ of Vital Loop, either as a permanent employee or contractor, who needs access to such information to perform their duties;
  • companies & organisations that provide services to us, including secure technical infrastructure, hosting, database & authentication services (for example, reputable providers such as Supabase), messaging services (for example WhatsApp), analytics, & web/app development and support;
  • our professional advisers, consultants & other similar service providers who assist us in operating our business;
  • legal & regulatory authorities, upon request, or for the purposes of reporting any actual or suspected breach of applicable law or regulation;
  • any relevant party, law enforcement agency or court, to the extent necessary for the establishment, exercise or defence of legal rights;
  • any relevant party for the purposes of the prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties, including safeguarding against & the prevention of threats to public security.

Where you choose to share your data with a clinician or other third party (for example a treating doctor), such sharing is initiated & controlled by you. We will only share your Personal Information with those parties in accordance with your instructions & applicable law.

We may share de-identified information, as defined in POPIA, with healthcare providers, healthcare establishments, universities &/or researchers, who may review this de-identified information for research purposes &/or for professional or research publication. This de-identified information is health information that has been anonymised, does not contain personally identifiable information & cannot reasonably be linked to a specific individual. Any such recipients are bound by appropriate confidentiality obligations & may not share or re-identify the data, and may only use it for the purposes for which it was provided.

We will otherwise treat your Personal Information as private & confidential and will not share it with other parties except:

  • where you have given permission;
  • where we believe it is reasonably necessary to comply with any law, regulation, legal process or governmental request, to enforce our terms of use or other agreements, or to protect the rights, property or safety of us, our customers or others; or
  • where we may transfer rights and obligations pursuant to our agreement with you (for example in connection with a merger or acquisition), in which case we will impose equivalent privacy obligations on the recipient.

If we engage a third party to Process any of your Personal Information, the third party will be subject to binding contractual obligations to only Process such Personal Information in accordance with our prior written instructions & to use measures to protect the confidentiality & security of such Personal Information.

We will not disclose information that can reasonably be used to identify an individual in connection with our use of anonymised or aggregated data, except where required by law or with your explicit consent.

DATA ACCURACY

The Personal Information provided to Vital Loop should be accurate, complete & up-to-date. Should Personal Information change, the onus is on the provider of such data to notify Vital Loop of the change and provide us with the accurate data.

SECURITY OF PERSONAL INFORMATION

Vital Loop's Privacy Policy is to meet local requirements for security measures on integrity & confidentiality of Personal Information, as specified in section 19 of POPIA.

We place great importance on ensuring the security of your Personal Information. We regularly review & implement up-to-date technical & organisational security measures when Processing your Personal Information. Employees & contractors are trained to handle Personal Information securely & with respect, failing which they may be subject to disciplinary action.

Our Platform is developed using secure technologies with Security by Design & Privacy by Default principles at the forefront of its architecture. The Platform can only be accessed using appropriate access control mechanisms, including our WhatsApp-based sign-in workflow & secure magic links.

We utilise secure, reputable cloud-based hosting & database solutions (for example Supabase) to store & process your Personal Information. These providers implement recognised security standards to protect Personal Information in their environments. We take reasonable measures to:

  • identify reasonably foreseeable internal & external risks to Personal Information in our possession or under our control;
  • establish & maintain appropriate safeguards against the risks identified;
  • regularly verify that the safeguards are effectively implemented; &
  • ensure that the safeguards are continually updated in response to new risks or identified deficiencies.

In addition, our Data Subjects are responsible for:

  • maintaining adequate security and control over any device, email account or WhatsApp number used to access the App, including using strong authentication methods where available & not sharing access with others;
  • keeping contact details up to date so that you can receive any notices or alerts we may send to you in relation to security;
  • notifying us promptly in the event of unauthorised access to your device, email or WhatsApp account used with the App, so that we can assist in protecting your account where possible.

By accepting this Privacy Policy & submitting your Personal Information through the App, you agree to the transfer, storing & Processing of it by our third party hosting & service providers.

We encourage our users to use reputable anti-malware software & to remain alert to phishing or spoofing attempts, particularly via SMS, WhatsApp or email. Where you receive a communication purporting to be from us & are unsure of its authenticity, you should contact us at support@vitalloop.co.za.

TRANSBORDER FLOW OF PERSONAL INFORMATION

We may transfer your Personal Information to recipients &/or hosting providers outside of the Republic of South Africa.

Personal Information may be transferred to a third party outside of the Republic of South Africa provided that the third party is subject to a law, binding corporate rules or a binding agreement that provides an adequate level of protection for the Personal Information in line with this Privacy Policy & POPIA, and the transfer is necessary in order to provide the services required by you.

You may withdraw your consent to us Processing your information across borders; however, this may mean that we are no longer able to offer the Service to you.

RETENTION OF PERSONAL INFORMATION

Vital Loop will retain your Personal Information:

  • for as long as necessary to achieve the purpose for which the information was collected;
  • where retention of the record is required or authorised by law;
  • where retention is required for lawful purposes related to our functions or activities;
  • where retention of the record is required by a contract between the parties;
  • where the Data Subject has consented to the retention of the record; &
  • for historical, statistical or research purposes if we have established appropriate safeguards against the records being used for any other purposes.

We may, notwithstanding the above, retain your information in a de-identified manner for as long as we reasonably require for research & statistical purposes, provided such data cannot reasonably be used to identify you.

INCOMPLETE PERSONAL INFORMATION

Where indicated (for example in registration forms), it is obligatory for you to provide accurate Personal Information to enable us to open & operate your account so that you may use the App. Should you decline/refuse or neglect to provide such Personal Information, or provide inaccurate or incomplete Personal Information, we may not be able to process your registration or provide you with our products or services.

DATA SUBJECT RIGHTS

We support the right of Data Subjects to have access to their data. The Personal Information that Vital Loop collects, Processes, stores & shares is necessary for us to provide and improve the services we offer, or to comply with our regulatory and compliance obligations.

You have certain rights under data protection law, including the right to object to the Processing of your Personal Information or to request that we:

  • provide you with a copy of your Personal Information (including in a format that can be shared with a new provider, where reasonably possible);
  • correct or update your Personal Information;
  • delete your Personal Information (subject to lawful retention requirements); or
  • restrict or object to certain Processing of your Personal Information.

These rights are limited in some situations, such as where we are legally required to Process or store your data, and may limit your ability to use our products & services. If you would like to exercise any of the above rights, please send an email to support@vitalloop.co.za with your request or contact our POPIA Officer as set out below.

ELECTRONIC COMMUNICATIONS

In order for Vital Loop to provide you with the agreed services, you accept & agree that:

  • any communications, agreements, notices &/or any other documents ("Communications") relating to your account or your use of our products & services may be provided to you electronically by posting them on our website or web application, sending them via WhatsApp to the number you have provided, emailing them to the email address you have provided to us, or through any other form of electronic communication;
  • you consent to receiving Communications electronically via these channels;
  • you will at all times have available to you the necessary hardware & software to receive, access & retain Communications sent to you electronically, including a device with an internet connection, access to WhatsApp (where applicable) &/or a valid and accessible email address;
  • you assume full responsibility for providing us with valid & accessible contact details (including your WhatsApp number & email address, if provided) to which any Communications may be sent, and for ensuring that such contact information is kept up to date. Any Communication sent to the contact details you have provided to us will be deemed to have been received by you.

You may at any time withdraw your consent to receiving Communications electronically by contacting support@vitalloop.co.za. You acknowledge that withdrawing consent for certain channels (for example WhatsApp) may prevent you from using parts of the Service that rely on those channels, such as sign-in workflows or reminders.

USE OF COOKIES

We also collect Personal Information through the use of cookies & similar technologies. Cookies help us give you the best experience of using our site & web application. Cookies are small data files that we or companies we work with may place on your computer or other devices when you visit our marketing website or use the web application. They allow us to remember your actions or preferences over time.

When you visit our website or App we may place cookies onto your device, or read cookies already on your device, subject to obtaining your consent where required by applicable law. We use cookies to record information about your device, your browser and, in some cases, your preferences and browsing habits.

DECLINING COOKIES

Overall, cookies help us provide you with a better website and App, by enabling us to monitor which pages you find useful and which you do not. A cookie in no way gives us access to your computer or any information about you, other than the data you choose to share with us.

Certain aspects and features of our services are only available through the use of cookies. By registering an account with Vital Loop, or continuing to use our website or web application, you agree to our use of cookies as set out in this Privacy Policy. You may decline our cookies if your browser or browser add-on permits, but doing so may interfere with your use of our services. For information on how to delete or reject cookies, you can consult the "help" function within your browser, or visit publicly available resources about cookies.

DATA BREACHES

We protect all information with what we consider to be appropriate & robust security measures. In the event of any privacy or security breach of the App or our third party hosting provider that is likely to result in any risk to your Personal Information or to your rights & freedoms, we will notify you and the relevant regulatory authority as soon as we become aware of such, where required by law.

We expect our users to notify us immediately where they have reasonable grounds to believe that their account or data has been accessed or acquired by any unauthorised person. To notify us in this regard, please email support@vitalloop.co.za.

REVISIONS TO THIS PRIVACY POLICY

We may amend this Privacy Policy from time to time. You should visit our website or App regularly to check when this Privacy Policy was last updated and to review the current Privacy Policy. We will do our best to notify you of any substantive amendments to the Privacy Policy and any such notice will be posted in the App, on our website, or sent by WhatsApp and/or email to the contact details associated with your account.

PRIVACY QUERIES

Should you have any query in relation to this Privacy Policy or how we handle your Personal Information, please contact us by sending an email to support@vitalloop.co.za.

INFORMATION OFFICER

Vital Loop's current Information Officer (POPIA Officer) is:

Name: Leo Hyera
Position: Director & POPIA Officer
Email Address: support@vitalloop.co.za