Data Processing Agreement
The terms under which CaseThread processes personal information as operator on behalf of a practice (the responsible party) under POPIA.
Last updated: Draft — not yet published
Roles
For client case data, the practice is the responsible party and CaseThread (Optimiz Solutions) is the operator. We process personal information only on the practice's documented instructions.
Scope & purpose
Processing is limited to providing the CaseThread service — storing and managing the practice's case records, scheduling, notes, documents and invoicing.
Security
We maintain appropriate technical and organisational measures: encryption in transit and at rest, row-level access control, access logging, and backup/recovery.
Sub-processors
We engage the sub-processors listed on the Sub-processors page. We remain responsible for their compliance and will give notice of material changes.
Data-subject requests
We assist the practice in responding to data-subject requests via the in-app tooling and a documented schedule.
Breach notification
We notify the practice without undue delay on becoming aware of a personal-information breach affecting their data, per our breach-response plan.
Return & deletion
On termination we return or delete the practice's personal information per the retention schedule, unless retention is legally required.
More: Privacy Policy · Terms of Service · PAIA Manual · Sub-processors