CallSync

Privacy Policy

Last updated: February 2026

1. Introduction

CallSync (Pty) Ltd ("CallSync", "we", "us", or "our") is committed to protecting the privacy and personal information of our clients, their patients, and all users of our services. This Privacy Policy explains how we collect, use, store, and protect personal information in accordance with the Protection of Personal Information Act, 2013 (POPIA) and other applicable South African legislation.

CallSync provides AI-powered phone receptionist services, clinical reporting tools, and related digital services to healthcare practitioners, dental practices, optometrists, and other professional service providers across South Africa.

2. Information We Collect

We collect and process the following categories of personal information:

2.1 Practice Information

  • Practice name, address, and contact details
  • Practitioner names and professional registration numbers
  • Operating hours and service offerings
  • Billing and payment information

2.2 Patient Information (Processed on Behalf of Practices)

  • Name, contact number, and email address
  • Appointment details and scheduling preferences
  • Call recordings and transcriptions (for quality assurance)
  • Clinical consultation data (when using the Reporting module)
  • Medical history and referral information (as provided by the practitioner)

2.3 Technical Information

  • IP addresses, browser type, and device information
  • Usage analytics and interaction logs
  • Authentication tokens and session data

3. How We Use Your Information

We use personal information for the following purposes:

  • Providing and operating our AI phone receptionist services
  • Scheduling and managing patient appointments
  • Generating clinical reports and specialist referral letters
  • Processing payments and managing subscriptions
  • Communicating service updates and important notices
  • Improving our services through anonymised analytics
  • Complying with legal and regulatory obligations

4. Legal Basis for Processing

We process personal information on the following legal grounds under POPIA:

  • Consent: Where you have given explicit consent for processing
  • Contract: Where processing is necessary to fulfil our service agreement
  • Legal obligation: Where we are required by law to process information
  • Legitimate interest: Where processing is necessary for our legitimate business interests, balanced against your rights

5. Data Sharing and Third Parties

We do not sell personal information to third parties. We may share information with:

  • Service providers: Twilio (telephony), cloud hosting providers, payment processors (PayPal)
  • AI processing: Voice AI services for call handling (Retell AI)
  • Legal requirements: When required by South African law, court order, or regulatory authority

All third-party service providers are contractually bound to protect personal information in accordance with POPIA requirements.

6. Data Retention

We retain personal information only for as long as necessary to fulfil the purposes for which it was collected, or as required by law. Specifically:

  • Active client data: For the duration of the service agreement plus 12 months
  • Call recordings: 90 days from the date of the call
  • Clinical reports: As directed by the practitioner, subject to healthcare record-keeping requirements
  • Payment records: 5 years as required by SARS
  • Audit logs: 24 months

7. Data Security

We implement appropriate technical and organisational measures to protect personal information, including:

  • Encryption of data in transit (TLS/SSL) and at rest
  • Access controls and authentication mechanisms
  • Regular security assessments and monitoring
  • Secure cloud infrastructure with data residency considerations
  • Employee confidentiality agreements and training

8. Your Rights Under POPIA

You have the right to:

  • Access your personal information held by us
  • Request correction of inaccurate information
  • Request deletion of your personal information (subject to legal retention requirements)
  • Object to the processing of your personal information
  • Withdraw consent at any time
  • Lodge a complaint with the Information Regulator

9. Information Officer

Our designated Information Officer can be contacted for any privacy-related queries:

CallSync Information Officer

Email: [email protected]

Phone: +27 60 015 0122

10. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated to affected parties via email or through our platform. Continued use of our services after such changes constitutes acceptance of the updated policy.