top of page

ZA Script

​

PRIVACY POLICY

Last updated 01 February 2026

​

This privacy notice for KRIKDEX (Pty) Ltd (doing business as Krikdex) ('Krikdex', 'we', 'us', or 'our') describes how and why we might collect, store, use, and/or share ('process') your information when you use our services ('Services'), such as when you:

 

- Download and use our mobile application (ZA Scripts), or any other application of ours that links to this privacy notice

- Engage with us in other related ways, including any sales, marketing, or events

 

IMPORTANT

ZA Scripts is a medical prescription and sick note issuance tool designed for South African healthcare professionals. We want to reassure you that your privacy and the privacy of your patients are of the utmost importance to us. **All patient data is stored exclusively on your device and is never transmitted to or stored on our servers.** Your login credentials are secured using industry-standard encryption, and patient medical records remain under your sole control.

 

Questions or concerns? Reading this privacy notice will help you understand your privacy rights and choices. If you do not agree with our policies and practices, please do not use our Services. If you still have any questions or concerns, please contact us at krikdex@outlook.com.

 

SUMMARY OF KEY POINTS

 

This summary provides key points from our privacy notice, but you can find out more details about any of these topics by clicking the link following each key point or by using our table of contents below to find the section you are looking for.

 

What personal information do we process?

When you visit, use, or navigate our Services, we may process personal information depending on how you interact with Krikdex and the Services, the choices you make, and the products and features you use.

 

Do we process any sensitive personal information?

We facilitate the creation of medical documents containing sensitive health information. However, this data is stored exclusively on your device. We do not have access to, store, or process patient health information on our servers.

 

Do we receive any information from third parties?

We do not receive any information from third parties. Our app operates as a local tool for creating medical documents, with cloud services used only for user authentication and document verification.

 

How do we process your information?

We process your information to provide, improve, and administer our Services, communicate with you, for security and fraud prevention, and to comply with law. We may also process your information for other purposes with your consent. We process your information only when we have a valid legal reason to do so.

 

In what situations and with which parties do we share personal information?

We may share information in specific situations and with specific third parties for authentication and verification purposes only.

 

How do we keep your information safe?

We have implemented platform-level encryption, secure storage mechanisms, and cryptographic verification systems to protect your personal information. Patient data remains on your device and is never transmitted to external servers.

 

What are your rights?

Depending on where you are located geographically, the applicable privacy law may mean you have certain rights regarding your personal information.

 

How do I exercise my rights?

The easiest way to exercise your rights is by contacting us at krikdex@outlook.com. We will consider and act upon any request in accordance with applicable data protection laws.

​

 

TABLE OF CONTENTS

 

1. WHAT INFORMATION DO WE COLLECT?

2. HOW DO WE PROCESS YOUR INFORMATION?

3. WHEN AND WITH WHOM DO WE SHARE YOUR PERSONAL INFORMATION?

4. HOW LONG DO WE KEEP YOUR INFORMATION?

5. HOW DO WE KEEP YOUR INFORMATION SAFE?

6. DO WE COLLECT INFORMATION FROM MINORS?

7. WHAT ARE YOUR PRIVACY RIGHTS?

8. CONTROLS FOR DO-NOT-TRACK FEATURES

9. PROTECTION OF PERSONAL INFORMATION ACT (POPIA) COMPLIANCE

10. DO WE MAKE UPDATES TO THIS NOTICE?

11. SUBSCRIPTION AND PRICING

12. HOW CAN YOU CONTACT US ABOUT THIS NOTICE?

13. HOW CAN YOU REVIEW, UPDATE, OR DELETE THE DATA WE COLLECT FROM YOU?

14. DISCLAIMERS AND LIMITATION OF LIABILITY

15. USER CONDUCT AND INDEMNIFICATION

16. HEALTHCARE PROFESSIONAL RESPONSIBILITIES

​

 

1. WHAT INFORMATION DO WE COLLECT?

 

Personal information you disclose to us

 

In Short: We collect personal information that you provide to us for account creation and service delivery.

 

We collect personal information that you voluntarily provide to us when you register on the Services, express an interest in obtaining information about us or our products and Services, when you participate in activities on the Services, or otherwise when you contact us.

 

Personal Information Provided by You. The personal information that we collect depends on the context of your interactions with us and the Services, the choices you make, and the products and features you use. The personal information we collect may include the following:

 

- Email address

- Name (for account purposes)

- Password (encrypted)

 

Healthcare Provider Information (Stored Locally on Your Device):

- Full name

- HPCSA registration number

- Medical qualifications

- Practice name, address, phone, and email

- Digital signature image

 

Patient Information (Stored Locally on Your Device - We Do Not Access This):

- Patient names

- South African ID numbers

- Contact information

- Medical aid details

- Medical history and allergies

- Prescription and sick note records

 

Sensitive Information. We do not process sensitive personal information on our servers. All patient health information created through our app is stored exclusively on your device's local database and is never transmitted to our servers.

 

Application Data. If you use our application(s), we also may collect the following information if you choose to provide us with access or permission:

 

- Mobile Device Data. We automatically collect device information (such as your mobile device ID, model, and manufacturer), operating system, version information and system configuration information, device and application identification numbers, browser type and version, hardware model, Internet service provider and/or mobile carrier, and Internet Protocol (IP) address (or proxy server).

 

This information is primarily needed to maintain the security and operation of our application(s), for troubleshooting, and for our internal analytics and reporting purposes.

 

All personal information that you provide to us must be true, complete, and accurate, and you must notify us of any changes to such personal information.

 

Information automatically collected

 

In Short: Some information — such as your Internet Protocol (IP) address and/or browser and device characteristics — is collected automatically when you use our Services.

 

We automatically collect certain information when you visit, use, or navigate the Services. This information does not reveal your specific identity (like your name or contact information) but may include device and usage information, such as your IP address, browser and device characteristics, operating system, language preferences, referring URLs, device name, country, location, information about how and when you use our Services, and other technical information. This information is primarily needed to maintain the security and operation of our Services, and for our internal analytics and reporting purposes.

 

The information we collect includes:

- Log and Usage Data. Log and usage data is service-related, diagnostic, usage, and performance information our servers automatically collect when you access or use our Services and which we record in log files.

- Device Data. We collect device data such as information about your computer, phone, tablet, or other device you use to access the Services.

 

2. HOW DO WE PROCESS YOUR INFORMATION?

 

In Short: We process your information to provide, improve, and administer our Services, communicate with you, for security and fraud prevention, and to comply with law. We may also process your information for other purposes with your consent.

 

We process your personal information for a variety of reasons, depending on how you interact with our Services, including:

 

- To facilitate account creation and authentication and otherwise manage user accounts. We may process your information so you can create and log in to your account, as well as keep your account in working order.

- To deliver and facilitate delivery of services to the user. We may process your information to provide you with the requested service, including enabling document verification through QR codes.

- To respond to user inquiries/offer support to users. We may process your information to respond to your inquiries and solve any potential issues you might have with the requested service.

- To send administrative information to you. We may process your information to send you details about our products and services, changes to our terms and conditions, and other similar information.

- To request feedback. We may process your information when necessary to request feedback and to contact you about your use of our Services.

- To protect our Services. We may process your information as part of our efforts to keep our Services safe and secure, including fraud monitoring and prevention.

- To evaluate and improve our Services, products, marketing, and your experience. We may process your information when we believe it is necessary to identify usage trends, determine the effectiveness of our promotional campaigns, and to evaluate and improve our Services, products, marketing, and your experience.

- To enable document verification. We store cryptographic hashes and minimal metadata (document type, healthcare provider name, patient initials, issue date, and verification status) to enable QR code verification of prescriptions and sick notes. This data does not contain full patient information.

 

3. WHEN AND WITH WHOM DO WE SHARE YOUR PERSONAL INFORMATION?

 

In Short: We may share information in specific situations described in this section and/or with the following third parties.

 

We may need to share your personal information in the following situations:

 

- Business Transfers. We may share or transfer your information in connection with, or during negotiations of, any merger, sale of company assets, financing, or acquisition of all or a portion of our business to another company.

- Service Providers. We use Google Firebase for user authentication and document verification services. Firebase processes:

- Your email address and authentication credentials (encrypted)

- Document verification hashes (cryptographic, not containing full patient data)

- App analytics and crash reports

- Legal Requirements. We may disclose your information where we are legally required to do so in order to comply with applicable law, governmental requests, a judicial proceeding, court order, or legal process.

 

What We Do NOT Share:

- Patient medical records

- Full prescription details

- Patient identification information

- Any data stored locally on your device

 

4. HOW LONG DO WE KEEP YOUR INFORMATION?

 

In Short: We keep your information for as long as necessary to fulfil the purposes outlined in this privacy notice unless otherwise required by law.

 

We will only keep your personal information for as long as it is necessary for the purposes set out in this privacy notice, unless a longer retention period is required or permitted by law (such as tax, accounting, or other legal requirements).

 

- Account Information: Retained for as long as your account is active, plus 90 days after account deletion request.

- Document Verification Data: Retained for 7 years to comply with medical record retention requirements and to enable ongoing verification of issued documents.

- Analytics Data: Retained for up to 26 months.

 

When we have no ongoing legitimate business need to process your personal information, we will either delete or anonymise such information, or, if this is not possible (for example, because your personal information has been stored in backup archives), then we will securely store your personal information and isolate it from any further processing until deletion is possible.

 

Local Data: Patient data stored on your device is under your control. You may delete this data at any time through the app or by uninstalling the application.

 

5. HOW DO WE KEEP YOUR INFORMATION SAFE?

 

In Short: We aim to protect your personal information through a system of organisational and technical security measures.

 

We have implemented appropriate and reasonable technical and organisational security measures designed to protect the security of any personal information we process. These include:

 

- Platform-Level Encryption: Sensitive data is stored using iOS Keychain and Android KeyStore encryption.

- Secure Local Database: Patient information is stored in an encrypted SQLite database on your device.

- Cryptographic Verification: Document verification uses SHA-256 hashing to ensure integrity without exposing patient data.

- Authentication Security: Password requirements enforce strong passwords (minimum 8 characters with uppercase, lowercase, and numbers).

- Email Verification: Required during registration to verify account ownership.

 

However, despite our safeguards and efforts to secure your information, no electronic transmission over the Internet or information storage technology can be guaranteed to be 100% secure, so we cannot promise or guarantee that hackers, cybercriminals, or other unauthorised third parties will not be able to defeat our security and improperly collect, access, steal, or modify your information. Although we will do our best to protect your personal information, transmission of personal information to and from our Services is at your own risk. You should only access the Services within a secure environment.

 

6. DO WE COLLECT INFORMATION FROM MINORS?

 

In Short: We do not knowingly collect data from or market to children under 18 years of age.

 

We do not knowingly solicit data from or market to children under 18 years of age. By using the Services, you represent that you are at least 18 or that you are the parent or guardian of such a minor and consent to such minor dependent's use of the Services. If we learn that personal information from users less than 18 years of age has been collected, we will deactivate the account and take reasonable measures to promptly delete such data from our records. If you become aware of any data we may have collected from children under age 18, please contact us at krikdex@outlook.com.

 

Note: Our Services are designed exclusively for registered healthcare professionals and are not intended for use by minors.

 

7. WHAT ARE YOUR PRIVACY RIGHTS?

 

 In Short:  You may review, change, or terminate your account at any time.

 

 Account Information:  If you would at any time like to review or change the information in your account or terminate your account, you can:

 

- Log in to your account settings and update your user account

- Contact us using the contact information provided

 

Upon your request to terminate your account, we will deactivate or delete your account and information from our active databases. However, we may retain some information in our files to prevent fraud, troubleshoot problems, assist with any investigations, enforce our legal terms and/or comply with applicable legal requirements.

 

 Withdrawing your consent:  If we are relying on your consent to process your personal information, which may be express and/or implied consent depending on the applicable law, you have the right to withdraw your consent at any time. You can withdraw your consent at any time by contacting us by using the contact details provided in the section 'HOW CAN YOU CONTACT US ABOUT THIS NOTICE?' below.

 

However, please note that this will not affect the lawfulness of the processing before its withdrawal, nor when applicable law allows, will it affect the processing of your personal information conducted in reliance on lawful processing grounds other than consent.

 

If you have questions or comments about your privacy rights, you may email us at krikdex@outlook.com.

 

8. CONTROLS FOR DO-NOT-TRACK FEATURES

 

Most web browsers and some mobile operating systems and mobile applications include a Do-Not-Track ('DNT') feature or setting you can activate to signal your privacy preference not to have data about your online browsing activities monitored and collected. At this stage no uniform technology standard for recognising and implementing DNT signals has been finalised. As such, we do not currently respond to DNT browser signals or any other mechanism that automatically communicates your choice not to be tracked online. If a standard for online tracking is adopted that we must follow in the future, we will inform you about that practice in a revised version of this privacy notice.

 

9. PROTECTION OF PERSONAL INFORMATION ACT (POPIA) COMPLIANCE

 

In Short: We are committed to complying with South Africa's Protection of Personal Information Act.

 

ZA Scripts is designed with privacy-by-default principles in alignment with the Protection of Personal Information Act (POPIA) of South Africa. As a user of our Services, you have the following rights under POPIA:

 

- Right to Access: You have the right to request access to the personal information we hold about you.

- Right to Correction: You have the right to request correction of inaccurate personal information.

- Right to Deletion: You have the right to request deletion of your personal information, subject to legal retention requirements.

- Right to Object: You have the right to object to the processing of your personal information.

- Right to Data Portability: You have the right to request a copy of your personal information in a commonly used format.

 

Healthcare Provider Responsibilities: As a healthcare professional using ZA Scripts, you are the responsible party for patient data stored on your device. You are responsible for ensuring compliance with POPIA and the Health Professions Council of South Africa (HPCSA) guidelines regarding patient records.

 

To exercise any of these rights, please contact us at krikdex@outlook.com.

 

10. DO WE MAKE UPDATES TO THIS NOTICE?

 

In Short: Yes, we will update this notice as necessary to stay compliant with relevant laws.

 

We may update this privacy notice from time to time. The updated version will be indicated by an updated 'Revised' date and the updated version will be effective as soon as it is accessible. If we make material changes to this privacy notice, we may notify you either by prominently posting a notice of such changes or by directly sending you a notification. We encourage you to review this privacy notice frequently to be informed of how we are protecting your information.

 

11. SUBSCRIPTION AND PRICING

 

In Short: We reserve the right to introduce, modify, or discontinue subscription plans and pricing at any time.

 

Current Pricing: ZA Scripts may offer free and/or paid subscription tiers. Current pricing is displayed within the application and on our official website.

 

Price Changes: We reserve the right to change subscription prices at any time, including but not limited to:

 

- Introducing new subscription tiers

- Modifying existing subscription prices (increases or decreases)

- Changing the features included in each subscription tier

- Converting free features to paid features

- Discontinuing subscription plans

 

Notice of Price Changes: We will provide reasonable notice of any price increases through one or more of the following methods:

 

- In-app notification at least 30 days before the change takes effect

- Email notification to registered users

- Notice posted in the application

 

Existing Subscriptions: For existing subscribers:

 

- Price changes will take effect at the start of your next billing cycle following the notice period

- You may cancel your subscription before the price change takes effect

- Continued use of the Services after a price change constitutes acceptance of the new pricing

 

Refunds: Subscription fees are generally non-refundable except where required by applicable law or as explicitly stated in our refund policy.

 

Free Trial: If we offer a free trial period, we reserve the right to modify or discontinue free trials at any time. After the free trial period expires, you will be charged the applicable subscription fee unless you cancel before the trial ends.

 

By using our Services, you acknowledge and agree that subscription prices may change and that continued use after price changes constitutes acceptance of the new pricing terms.

 

12. HOW CAN YOU CONTACT US ABOUT THIS NOTICE?

 

If you have questions or comments about this notice, you may email us at krikdex@outlook.com or by post to:

 

KRIKDEX (Pty) Ltd

Church Street

Graaff Reinet, Eastern Cape 6280

South Africa

 

13. HOW CAN YOU REVIEW, UPDATE, OR DELETE THE DATA WE COLLECT FROM YOU?

 

Based on the applicable laws of your country, you may have the right to request access to the personal information we collect from you, change that information, or delete it in some circumstances.

 

Cloud Data (Account Information): To request to review, update, or delete your account information, please contact us at krikdex@outlook.com.

​

Local Data (Patient Records): Patient data stored on your device is under your direct control. You can:

 

- View and edit patient records within the app

- Delete individual patient records

- Export your data for backup purposes

- Delete all local data by uninstalling the application

​

14. DISCLAIMERS AND LIMITATION OF LIABILITY

 

In Short: You use our Services entirely at your own risk, and we cannot be held liable for clinical decisions or document errors.

 

You acknowledge that you use ZA Scripts entirely at your own risk. While every effort is made to ensure the functionality and accuracy of our app, we cannot guarantee error-free operation.

 

Clinical Responsibility: ZA Scripts is a tool to assist healthcare professionals in creating medical documents. All clinical decisions, including prescriptions and sick note issuance, remain the sole responsibility of the healthcare professional using the app. We do not provide medical advice and are not responsible for:

 

- Incorrect medication dosages or prescriptions

- Errors in patient information

- Clinical judgments made by healthcare professionals

- Consequences arising from issued prescriptions or sick notes

 

Medication Database: While we strive to maintain an accurate medication reference database, you should independently verify medication information before prescribing. The medication database is provided for reference purposes only and may not reflect the most current information.

 

Third-Party Services: Our app uses third-party services (such as Firebase) for authentication and verification. We are not responsible for any interruptions, errors, or issues caused by third-party services.

 

Limitation of Liability: To the maximum extent permitted by applicable law, KRIKDEX (Pty) Ltd shall not be liable for any indirect, incidental, special, consequential, or punitive damages, including but not limited to loss of profits, data, use, goodwill, or other intangible losses, resulting from your use of the Services.

 

15. USER CONDUCT AND INDEMNIFICATION

 

In Short: You agree to use our Services lawfully and in accordance with professional standards, and to indemnify us against claims arising from your use.

 

Acceptable Use: You agree that your use of ZA Scripts is for lawful purposes only and in accordance with:

 

- South African law

- Health Professions Council of South Africa (HPCSA) guidelines

- Applicable medical ethics and professional standards

- The terms and conditions of this privacy notice

 

Prohibited Activities: You may not:

 

- Use the Services for any unlawful purpose

- Issue fraudulent prescriptions or sick notes

- Share your account credentials with unauthorized persons

- Attempt to access patient data stored on other users' devices

- Interfere with the proper functioning of the Services

- Use the Services in any manner that could disable, overburden, or impair the Services

​

Indemnification: You agree to indemnify and hold KRIKDEX (Pty) Ltd, its subsidiaries, affiliates, agents, officers, employees, and content providers harmless from any claim, demand, or damage, including reasonable attorneys' fees, arising from:

 

- Your use of ZA Scripts

- Your violation of this privacy notice

- Your violation of any rights of a third party

- Any clinical decisions or documents you create using the Services

- Any breach of patient confidentiality

 

16. HEALTHCARE PROFESSIONAL RESPONSIBILITIES

 

In Short: As a healthcare professional, you have specific responsibilities regarding patient data and professional conduct when using ZA Scripts.

 

By using ZA Scripts, you acknowledge and agree to the following responsibilities:

 

Patient Data Protection:

- You are the responsible party for all patient data stored on your device

- You must implement appropriate security measures to protect patient information (device passwords, secure storage, etc.)

- You must comply with POPIA and HPCSA guidelines regarding patient record keeping

- You must ensure patient data is not accessible to unauthorized persons

 

Professional Conduct:

- You must be a registered healthcare professional authorized to issue prescriptions and/or sick notes in South Africa

- You must maintain accurate and complete patient records

- You must issue prescriptions and sick notes only within your scope of practice

- You must comply with all applicable laws and professional regulations

 

Record Retention:

- You are responsible for maintaining patient records in accordance with legal and professional requirements

- You should maintain appropriate backups of patient data

- Upon ceasing to use the Services, you must ensure patient records are appropriately transferred or retained as required by law

 

Security:

- You must protect your account credentials and not share them with others

- You must immediately notify us of any unauthorized access to your account

- You must use the Services on secure devices and networks

 

Failure to comply with these responsibilities may result in termination of your account and may expose you to legal liability.

​

©2026 by Krikdex

bottom of page