top of page

Gobycon Med: Privacy & Security Framework

Last Update: 13/9/2025

1. Introduction & Purpose

This framework outlines the privacy and security practices for Gobycon Med EHR, designed to protect the integrity, confidentiality, and availability of user data in compliance with global standards, including POPIA and GDPR. Our core principle is Anonymized Custodianship: we are custodians of health data, not of personal identities.

2. The Principle of Anonymized Custodianship

Gobycon Med operates on a foundational principle: we deliberately do not collect or store personal identifiers within our Electronic Health Record (EHR) system. This ensures that health data cannot be linked to an individual's identity by our systems, significantly reducing privacy risks.

Data We Do NOT Collect in the EHR:

  • Full Name

  • National Identity Number

  • Physical Address

  • Phone Number

  • Date of Birth

  • Email Address (within the EHR vault)

3. Data We Handle & How

We handle three distinct categories of data under different legal bases:

  • A. Health Data (Legal Basis: Explicit Consent)

    • What: The medical records you upload.

    • How: Stored in your secure, anonymous vault on Zoho WorkDrive, accessible only by your randomized Membership ID. This system contains no personal identifiers.

  • B. Minimal Billing Information (Legal Basis: Contractual Necessity)

    • What: Contact Email Address, and the information provided to our payment processor Yoco (Name, payment details). Your billing address is processed by Yoco but is not stored by Gobycon Med.

    • How: Stored in a separate, isolated billing system. Your name and billing email are never written to, linked with, or stored in the same database as your Health Data or Membership ID.

  • C. Membership ID & Service Link (Operational Necessity)

    • What: Your randomized Membership ID.

    • How: This information is stored in a separate, secure database used solely to authenticate your access to the health vault and to manage your account status. It is pseudonymized and not linked to your Billing Information in a directly queryable way.

4. Our Technology Partners & Compliance

  • Zoho WorkDrive: We utilize Zoho WorkDrive for secure, encrypted data storage at rest. We have signed a Data Processing Addendum (DPA) with Zoho, ensuring their compliance with POPIA and their obligation to process data only on our instructions.

  • Microsoft 365 Business: We use Microsoft 365 Business with encrypted email for all external communications. All temporary access links are dispatched securely via this platform.

  • Payment Processing: We use a PCI-DSS Level 1 certified payment gateway. All payment information is processed directly by the Payment Processor and never touches our servers. We only receive a tokenized reference to your subscription and your billing email address for communication purposes.

5. Data Sharing Protocol

  • User-Initiated, Admin-Executed Sharing: Sharing is initiated when you, the user, request that Gobycon Med provide access to a specific folder for a designated recipient.

  • Link Creation & Dispatch: Upon your request, Gobycon Med administers the creation of a time-expiring, password-protected access link that provides access only to the contents of the specified folder. This link is then dispatched securely by Gobycon Med on your behalf via Microsoft 365 encrypted email to your designated recipient.

  • Limited Scope: The generated link provides access only to the designated folder. The recipient cannot navigate to the root of your vault or see any other files, folders, or your Membership ID.

  • No Auditing of Content: We facilitate the secure transmission of your data but do not monitor or audit the clinical content being shared.

6. Data Security Measures

  • Encryption: Data is encrypted in transit (using TLS 1.2+ protocols) and at rest (using AES-256 encryption) within the Zoho environment.

  • Access Controls: Implementation of the Principle of Least Privilege for staff access. Two-factor authentication (2FA) is mandatory for all administrative accounts.

  • System Isolation: Strict architectural separation between the Health Data vault (Zoho), the billing system, and the operational database that maps Membership IDs.

  • Mandatory Training: All employees undergo annual data protection and security awareness training.

7. Data Breach Response

Despite our anonymized model, we treat the security of health data with utmost seriousness. Our breach response protocol includes immediate investigation, containment, and notification to the Information Regulator as required by POPIA/GDPR. Due to our no-identity model, the risk of harm from a health data breach is significantly reduced.

8. Data Retention & Erasure

  • Health Data: Retained based on your selected membership plan (20 years, 40 years, Lifetime + 6 years). Data is permanently and irrevocably deleted upon plan expiration or after the post-mortem period.

  • Billing Information: Retained for the duration required by South African financial and tax law (typically 5 years) after the termination of your subscription.

  • User Rights: You can exercise your rights over your Health Data by using your Membership ID. Requests related to Billing Information can be made by contacting us from your registered email address. Requests related to payment data may need to be coordinated with our payment processor.

9. User Responsibilities

  • You are responsible for safeguarding your Membership ID.

  • You are responsible for ensuring the accuracy of the recipient's email address when requesting a share link.

  • You warrant that you have the legal right to upload all health data you provide to the service.

10. Policy Review

This framework is reviewed annually or after any significant security incident or change in applicable law.

 

For questions about this framework, please contact:
Gobycon Med EHR Support
Email: info@gobyconmed.com

bottom of page