FornixFornix
BACKED BYGoogle Cloud
Fornix CP Client Portal
Client Portal

Data Ethics & Protection

Your data. Held with care.

Health data is intimate. It reflects how people live, struggle, and recover. We take that seriously — legally, technically, and humanly.

01. Our Commitment

POPIA compliance is the floor, not the ceiling.

Protecting your Personal Information is a constitutional requirement under the Protection of Personal Information Act (POPIA, Act 4 of 2013). We meet that bar — and go further. In line with POPIA, Fornix:

  • Accepts joint responsibility and accountability with you to responsibly manage and protect your Personal Information when providing services to you.
  • Undertakes to receive, only from you, and process only the Personal Information that is necessary to assist you with your required services and conclude the necessarily related agreements.
  • Undertakes to respect your right to withdraw your consent for the processing of your Personal Information at any time — and will confirm this in writing.
  • Undertakes to only use your Personal Information for the purpose required to assist you or provide services to you, and will never repurpose it without consent.
  • Undertakes not to share or further process your Personal Information with anyone unless required to assist you with your services or by law.
  • Undertakes to be open and transparent, and to notify you as required by law regarding why and how your Personal Information needs to be collected, used, and stored.

02. Health Data

Higher standards for the most sensitive information.

Community health data carries stories that people don't share lightly. Given our focus on community health tracking and clinical impact, we apply special higher-level controls to all health-related information. We protect it through:

Anonymisation

Data is de-identified at source wherever possible. Individual responses are never surfaced to clients without explicit consent.

Strict Access Control

Only authorised Fornix personnel can access identifiable health data. All access is logged and audited.

Containerised & Encrypted Infrastructure

All data is processed and stored in containerised services on Google Cloud. We have signed a Google Cloud Data Protection Agreement to ensure our infrastructure meets all POPIA compliance standards. Containerisation means each client's data is isolated — never co-mingled with another organisation's data.

03. Why We Collect Your Information

Only what the work requires.

In order to provide our services, we need to collect, use, and keep your Personal Information as prescribed by relevant laws and regulations, for reasons such as:

  • To share with and provide relevant services to you as requested, and to maintain our relationship.
  • To respond to your queries and provide operational support.
  • To confirm that you are an authorised representative (as in the case of support staff).
  • For record-keeping purposes as required by law or regulatory bodies.
  • In connection with possible requirements by the Information Regulator, other Government agencies allowed by law, legal proceedings, or court rulings.

We may use software or cloud platforms (like our Google Cloud environment) to process your information. This will only be done in strict adherence to the requirements of the Act.

04. Community Data Ethics

Data about communities should serve those communities.

Most health data in South Africa reflects the people easiest to survey — English speakers with smartphones and time. The communities carrying the heaviest health burden are the least represented in the data used to make decisions about them.

Fornix is built on the principle that participation should never require literacy, a smartphone, or proximity to a clinic. Our multilingual, voice-enabled collection model means a grandmother in eThekwini and a youth in Limpopo can both contribute their health experience — in their own language, on their own terms.

We commit to using the data we collect to benefit the communities it comes from — not merely to extract from them. Health data should reflect the whole community. We are building the infrastructure to make that possible.

Have a question about your data?

Contact our information officer directly. We respond within 5 business days.

Osama@fornixcp.org