Privacy Policy
Last updated 15 July 2026 · Applies to the Tari app and this website
Tari is a documentation companion for clinicians working in and around the operating theatre. Because the app handles health information, privacy is a design constraint, not an afterthought. This policy explains what we collect, where it goes and the choices you have, in line with the Protection of Personal Information Act, 2013 (POPIA).
1. Information we collect
- Your account and profile — name, email address, cellphone number, professional role and speciality, the hospitals you work at, and (optionally) your HPCSA registration number if you choose to verify it.
- What you capture in the app — anaesthetic records, operative notes, theatre lists, scanned documents (patient info sheets, vitals charts, remittances), billing codes and claims.
- Technical basics — push-notification tokens and minimal, content-free logs needed to run and secure the service.
2. Where your data lives
- On your device first. Your notes, theatre lists and drafts are stored locally on your device and keep working offline.
- Shared theatre lists are end-to-end encrypted. When you share a list, it is encrypted on your device with keys held only by the people you share with. Patient-identifiable details are readable by clinician members only; the server stores ciphertext it cannot read.
- Cloud sync and backups use Google Firebase (Firestore, Storage, Authentication) with encryption in transit and at rest. Documents you upload (for example a scanned info sheet) are stored privately against your account.
3. AI processing
Patient-identifiable documents are read by Tari's privately hosted AI — infrastructure operated for Tari, not a shared public AI service. Content sent for reading is not used to train anyone's models.
- Before a vitals chart or statement leaves your phone, an on-device privacy screen checks each page, and personal identifiers are scrubbed where the AI does not need them.
- All AI requests go through Tari's own authenticated backend. Logs are content-free — they never contain prompts, AI replies or anything derived from patient documents.
- AI output is a suggestion. Nothing is filed to a record until you have reviewed and confirmed it.
4. How we use information
- To provide the product: capturing, syncing and sharing your documentation on your instruction.
- To connect you with colleagues you choose to share with (contact matching is consent-based and initiated by you).
- To verify HPCSA registration when you ask us to, against the public HPCSA register.
- To send notifications you have enabled (for example, a theatre-list update from your team).
We do not sell personal information, and we do not use patient documents for advertising or model training.
5. Sharing
Sharing in Tari is always something you do: sharing a theatre list with named colleagues, sharing a PDF through your phone's share sheet, or posting an update to a team. Role-based access applies — non-clinician members of a shared list never receive the keys to patient-identifiable fields.
6. Security
- Encryption in transit (TLS) and at rest for all cloud data.
- True end-to-end encryption for shared theatre lists (X25519 key exchange, AES-GCM payloads; private keys stay in your device's secure keystore).
- An optional Face ID / fingerprint app lock, controlled in Settings → Security.
- Authenticated, rate-limited access to all backend functions.
7. Your rights (POPIA)
- Access and correction — your profile and captured data are visible and editable in the app.
- Deletion — you can delete your account and its data from inside the app (Settings), or ask us to do it.
- Objection and complaints — you may object to processing or lodge a complaint with the Information Regulator (South Africa) at inforegulator.org.za.
As the clinician, you remain responsible for your own professional record-keeping obligations to your patients and your practice.
8. Retention
Account data is kept while your account is active. Locally stored records remain on your device under your control. Deleted lists and cases pass through a short recovery bin (about 7 days) before being purged. When you delete your account, associated cloud data is removed.
9. Children
Tari is a professional tool for registered healthcare workers and is not directed at children.
10. Changes and contact
If this policy changes materially we will say so in the app. Questions and requests: hello@gettari.co.za.