Privacy Policy – Knights Health

Effective date: 7 April 2026  |  Replaces policy dated 14 October 2024

Knights Health (Pty) Ltd ("Knights Health", "we", "us", "our") operates the Knights Health mobile application and related services (collectively, the "Platform"). This Privacy Policy explains what personal information we collect, why we collect it, how long we keep it, and how you can have it deleted.

Your deletion rights in brief:
You have two ways to delete your data:
1. In-app (KnightGuard health data only): Go to your profile and tap Delete KnightGuard Data. This permanently removes all sensor and health records linked to your account.
2. Full account deletion: Email privacy@knightshealth.africa with the subject line "Account Deletion Request". We will action your request within 30 days.

1. Information We Collect

1a. Personal Information You Provide

1b. Health and Sensor Data (KnightGuard)

This data is stored in AWS DynamoDB, keyed by your user ID and timestamp, and is only accessible by you and authorised healthcare professionals.

1c. Payment Information

Payments are processed by Paystack. We do not store your card number, CVV, or full banking details on our servers. We retain a payment reference, amount, and date for your subscription record.

1d. Location Data

With your permission, we collect your device's GPS coordinates to enable location-based features such as finding nearby healthcare providers and emergency services. You can revoke location permission at any time in your device settings.

1e. Biometric Authentication Data

If you enable fingerprint or face unlock, authentication is handled entirely by your device's operating system (Android or iOS). We never receive or store your raw biometric data.

1f. Voice and Speech Data

The Platform includes an optional voice search and text-to-speech feature. Voice input is processed on-device and, where applicable, through your device's default speech recognition service. We do not retain audio recordings on our servers.

1g. Technical and Device Data

1h. Files and Documents

Documents, images, and files you upload (e.g. prescription photos, claim attachments) are stored in AWS S3 under your user account. Access is restricted to you and the healthcare or HR staff to whom you submit the document.

2. How We Use Your Information

3. Sharing Your Information

We do not sell your personal information. We share your data only in the following circumstances:

4. Data Retention

Data CategoryRetention PeriodBasis
Account profile (name, email, phone) For the life of your account, plus 30 days after a confirmed deletion request Contract fulfilment
KnightGuard sensor and health data Until you delete it via the in-app button, or until your account is deleted Your consent
HR form submissions (leave, loans, etc.) 7 years from the date of submission, unless your employer instructs otherwise Legal / labour law compliance
Payment and subscription records 7 years from the transaction date Financial/tax regulation
Medical records and prescriptions 7 years from creation, or as required by applicable health regulations Healthcare regulation
Uploaded files and documents (AWS S3) For the life of your account, or until you or an authorised administrator deletes the file Service provision
Crash and error logs (Sentry) 90 days Legitimate interest (platform stability)
Session tokens and access codes Until logout, expiry, or device unlinking Security

5. Your Rights and How to Delete Your Data

You have the right to access, correct, restrict, or delete your personal information. Specifically:

6. Third-Party Service Providers

ProviderPurposeData Shared
AWS (Amazon Web Services) Cloud storage (S3) and health data database (DynamoDB) Files, KnightGuard sensor records, user ID
Paystack Payment processing Payment amount, email (for receipt), transaction reference
Sentry Crash and error reporting Device type, OS version, app version, anonymised stack traces
Google (Maps & Generative AI) Location mapping and AI-assisted features Location coordinates (Maps); search queries (Generative AI)
VideoSDK Video consultations Audio/video stream during active session only; not recorded by default
Apache Kafka Real-time event streaming between platform services Internal system events; no personal data is published directly

Each provider is bound by a data processing agreement and may only use your data for the stated purpose.

7. Data Security

8. Children's Privacy

The Platform is not directed at children under the age of 13. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, contact us at privacy@knightshealth.africa and we will delete it promptly.

9. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will update the effective date at the top of this page. For material changes, we will notify you via in-app notification or email at least 14 days before the change takes effect. Continued use of the Platform after the effective date constitutes acceptance of the revised policy.

10. Contact Us

For any privacy-related questions, requests, or complaints:

This document was last updated on 7 April 2026.