Privacy Policy – Knights Health
Effective date: 7 April 2026 | Replaces policy dated 14 October 2024
Knights Health (Pty) Ltd ("Knights Health", "we", "us", "our") operates the Knights Health mobile application and related services (collectively, the "Platform"). This Privacy Policy explains what personal information we collect, why we collect it, how long we keep it, and how you can have it deleted.
Your deletion rights in brief:
You have two ways to delete your data:
1.
In-app (KnightGuard health data only): Go to your profile and tap
Delete KnightGuard Data. This permanently removes all sensor and health records linked to your account.
2.
Full account deletion: Email
privacy@knightshealth.africa with the subject line "Account Deletion Request". We will action your request within 30 days.
1. Information We Collect
1a. Personal Information You Provide
- Identity data: first name, last name
- Contact data: email address, mobile phone number
- Medical aid data: medical aid scheme name and membership number
- Account credentials: password (stored as a one-way hash — never in plain text)
- Profile photo: uploaded by you optionally
- Medical history: information you enter or that your healthcare provider records through the Platform
- Forms and submissions: any data you complete in the ApplicationExpress form system (e.g. leave applications, loan applications, HR records)
1b. Health and Sensor Data (KnightGuard)
- Biometric and physiological readings from linked KnightGuard wearable devices (e.g. heart rate, blood oxygen, activity data)
- Device identifiers and pairing information
- Timestamps of each sensor reading
This data is stored in AWS DynamoDB, keyed by your user ID and timestamp, and is only accessible by you and authorised healthcare professionals.
1c. Payment Information
Payments are processed by Paystack. We do not store your card number, CVV, or full banking details on our servers. We retain a payment reference, amount, and date for your subscription record.
1d. Location Data
With your permission, we collect your device's GPS coordinates to enable location-based features such as finding nearby healthcare providers and emergency services. You can revoke location permission at any time in your device settings.
1e. Biometric Authentication Data
If you enable fingerprint or face unlock, authentication is handled entirely by your device's operating system (Android or iOS). We never receive or store your raw biometric data.
1f. Voice and Speech Data
The Platform includes an optional voice search and text-to-speech feature. Voice input is processed on-device and, where applicable, through your device's default speech recognition service. We do not retain audio recordings on our servers.
1g. Technical and Device Data
- Device type, operating system, and version
- App version and crash/error reports (via Sentry)
- Session tokens and API keys used to authenticate your requests
- Device access codes for linked wearables
1h. Files and Documents
Documents, images, and files you upload (e.g. prescription photos, claim attachments) are stored in AWS S3 under your user account. Access is restricted to you and the healthcare or HR staff to whom you submit the document.
2. How We Use Your Information
- To create and manage your account
- To provide healthcare coordination services (appointments, prescriptions, claims, emergency referrals)
- To display your KnightGuard health readings to you and, with your consent, to your nominated healthcare provider
- To process HR-related workflows (leave, loans, performance forms) on behalf of your employer where Knights Health is deployed as an HR platform
- To facilitate video consultations with healthcare providers via VideoSDK
- To process payments for subscriptions and services via Paystack
- To send service notifications, appointment reminders, and important account communications
- To improve the Platform through aggregated, anonymised analytics
- To detect and resolve technical errors through crash reporting (Sentry)
- To power AI-assisted search and query features via Google Generative AI
3. Sharing Your Information
We do not sell your personal information. We share your data only in the following circumstances:
- With your healthcare providers: when you initiate a consultation, prescription request, or emergency referral
- With emergency services: if you trigger an emergency alert or your health readings indicate a critical event
- With your employer (HR module users): HR records, leave, and loan data are accessible to authorised HR administrators within your organisation
- With sub-processors: the third-party services listed in Section 5 process data strictly on our behalf and under written data processing agreements
- When required by law: if compelled by a court order, regulatory authority, or applicable legislation
4. Data Retention
| Data Category | Retention Period | Basis |
| Account profile (name, email, phone) |
For the life of your account, plus 30 days after a confirmed deletion request |
Contract fulfilment |
| KnightGuard sensor and health data |
Until you delete it via the in-app button, or until your account is deleted |
Your consent |
| HR form submissions (leave, loans, etc.) |
7 years from the date of submission, unless your employer instructs otherwise |
Legal / labour law compliance |
| Payment and subscription records |
7 years from the transaction date |
Financial/tax regulation |
| Medical records and prescriptions |
7 years from creation, or as required by applicable health regulations |
Healthcare regulation |
| Uploaded files and documents (AWS S3) |
For the life of your account, or until you or an authorised administrator deletes the file |
Service provision |
| Crash and error logs (Sentry) |
90 days |
Legitimate interest (platform stability) |
| Session tokens and access codes |
Until logout, expiry, or device unlinking |
Security |
5. Your Rights and How to Delete Your Data
You have the right to access, correct, restrict, or delete your personal information. Specifically:
- Access and correction: View and update your profile in-app under Settings > Profile.
- Delete KnightGuard health data (in-app): Navigate to your profile and tap Delete KnightGuard Data. This immediately and permanently deletes all sensor readings and linked device records from our systems. This action cannot be undone.
- Full account and data deletion: Email privacy@knightshealth.africa with the subject line "Account Deletion Request". Include the email address registered to your account. We will:
– Confirm receipt within 5 business days
– Delete your account and associated personal data within 30 days
– Notify you by email once deletion is complete
Note: data subject to legal retention obligations (e.g. financial records) will be retained for the mandatory period and then deleted.
- Revoke location permission: Disable location access in your device settings at any time.
- Opt out of AI features: AI-powered search can be bypassed by using standard keyword search.
6. Third-Party Service Providers
| Provider | Purpose | Data Shared |
| AWS (Amazon Web Services) |
Cloud storage (S3) and health data database (DynamoDB) |
Files, KnightGuard sensor records, user ID |
| Paystack |
Payment processing |
Payment amount, email (for receipt), transaction reference |
| Sentry |
Crash and error reporting |
Device type, OS version, app version, anonymised stack traces |
| Google (Maps & Generative AI) |
Location mapping and AI-assisted features |
Location coordinates (Maps); search queries (Generative AI) |
| VideoSDK |
Video consultations |
Audio/video stream during active session only; not recorded by default |
| Apache Kafka |
Real-time event streaming between platform services |
Internal system events; no personal data is published directly |
Each provider is bound by a data processing agreement and may only use your data for the stated purpose.
7. Data Security
- All data in transit is encrypted using TLS 1.2 or higher.
- Passwords are stored as one-way cryptographic hashes and are never readable by staff.
- AWS S3 buckets and DynamoDB tables are configured with private access controls and server-side encryption at rest.
- API keys and sensitive configuration values are obfuscated in the app binary and are never exposed in source code.
- Biometric authentication is handled exclusively by your device's secure enclave — we never receive raw biometric data.
- Session tokens are stored in your device's encrypted secure storage (
flutter_secure_storage) and are not accessible to other apps.
8. Children's Privacy
The Platform is not directed at children under the age of 13. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, contact us at privacy@knightshealth.africa and we will delete it promptly.
9. Changes to This Policy
We may update this Privacy Policy from time to time. When we do, we will update the effective date at the top of this page. For material changes, we will notify you via in-app notification or email at least 14 days before the change takes effect. Continued use of the Platform after the effective date constitutes acceptance of the revised policy.
10. Contact Us
For any privacy-related questions, requests, or complaints:
This document was last updated on 7 April 2026.