MediQuiz logoMediQuiz
← Back to MediQuiz

Privacy Policy

Last updated: 3 March 2026

1. Introduction

Aegis Capital Holdings (Pty) Ltd ("we", "us", or "our") operates MediQuiz ("the Service"), a structured knowledge progression engine for educational quiz content and assessments. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you use our Service. By using MediQuiz, you consent to the practices described in this policy.

2. Information We Collect

We collect information in the following ways:

Account and registration data

  • Email address
  • First name and surname
  • Password (stored in encrypted form)
  • Date and time of Terms of Service acceptance

Usage and performance data

  • Quiz attempts, answers, and scores
  • Assessment history and performance analytics
  • Session activity and presence information

Payment and subscription data

  • Subscription status and billing information (processed by Paystack)
  • Payment history and current period details

3. How We Use Your Information

We use your information to:

  • Provide, operate, and maintain the Service
  • Authenticate your identity and manage your account
  • Process quiz attempts, grading, and performance analytics
  • Process payments and manage subscriptions
  • Send service-related communications (e.g. email verification, password reset)
  • Improve the Service, fix bugs, and analyse usage patterns
  • Comply with legal obligations and enforce our Terms of Service

4. Third-Party Services and Data Sharing

We use trusted third-party services to operate the Service. These providers process your data on our behalf under contractual obligations to protect it:

  • Supabase — Authentication, database storage, and real-time features. Data is stored in secure cloud infrastructure.
  • Stripe — Payment processing and subscription management. Payment card details are handled directly by Stripe and are not stored by us.
  • Vercel — Hosting and performance monitoring (e.g. Speed Insights). May collect anonymised performance metrics.

We do not sell your personal information. We may disclose your information if required by law, court order, or to protect our rights, safety, or property.

5. Data Retention

We retain your account and usage data for as long as your account is active and as needed to provide the Service. Quiz attempts and performance data are retained to support your learning history and analytics. If you request account deletion, we will delete or anonymise your personal data within a reasonable period, except where we are required to retain it for legal or regulatory purposes.

6. Data Security

We implement appropriate technical and organisational measures to protect your personal information, including encryption in transit and at rest, secure authentication, and access controls. No method of transmission over the internet is completely secure; we strive to protect your data but cannot guarantee absolute security.

In the event of a security breach where your personal information may have been compromised, we will notify you and the Information Regulator (South Africa) as required by the Protection of Personal Information Act (POPIA), and will take steps to mitigate harm and prevent recurrence.

7. Your Rights

Depending on applicable law, you may have the right to:

  • Access the personal information we hold about you
  • Request correction of inaccurate or incomplete data
  • Request deletion of your personal information
  • Object to or restrict certain processing
  • Withdraw consent where processing is based on consent

To exercise these rights, please contact us via our Contact page. You may also update your account details and preferences in your Profile.

You have the right to lodge a complaint with the Information Regulator (South Africa) if you believe your personal information has been processed in a manner that contravenes POPIA. Contact: inforegulator.org.za, POPIAComplaints@inforegulator.org.za.

8. Cookies and Similar Technologies

We use essential cookies and similar technologies to enable authentication, session management, and core Service functionality. We may use analytics and performance tools (e.g. Vercel Speed Insights) that collect anonymised usage data. You can control non-essential cookies through your browser settings; disabling essential cookies may affect your ability to use the Service.

9. Children's Privacy

The Service is intended for users who are at least 18 years of age. We do not knowingly collect personal information from children under 18. If you believe we have collected such information, please contact us and we will take steps to delete it.

10. International Transfers

Your data may be processed and stored in countries other than your own. Our service providers (e.g. Supabase, Stripe, Vercel) may operate in various jurisdictions. We ensure appropriate safeguards are in place where required by applicable law.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page and updating the "Last updated" date. Your continued use of the Service after such changes constitutes acceptance of the revised policy. We encourage you to review this policy periodically.

12. POPIA Compliance (Protection of Personal Information Act)

We comply with the Protection of Personal Information Act 4 of 2013 (POPIA) and process your personal information in accordance with its eight conditions for lawful processing:

  • Accountability — We remain accountable for compliance and ensure our operators (Supabase, Stripe, Vercel) are bound by written contracts to protect your data.
  • Processing Limitation — We process only what is adequate, relevant, and not excessive for the purposes stated above, with your consent (obtained at registration via acceptance of our Terms of Service).
  • Purpose Specification — We collect personal information for specific, explicit, and lawful purposes as set out in this policy.
  • Further Processing Limitation — We do not use your data for purposes incompatible with those for which it was collected.
  • Information Quality — We take reasonable steps to keep your information accurate and complete; you may update it in your Profile.
  • Openness — We document our practices in this policy and inform you of your rights, including the right to complain to the Information Regulator.
  • Security Safeguards — We implement appropriate technical and organisational measures and will notify you and the Information Regulator of any breach as required by POPIA.
  • Data Subject Participation — You may request access to, correction of, or deletion of your personal information by contacting us.

13. Governing Law

This Privacy Policy shall be governed by and construed in accordance with the laws of the Republic of South Africa. Any disputes relating to privacy shall be subject to the exclusive jurisdiction of the courts of South Africa.

14. Contact

For questions about this Privacy Policy or to exercise your privacy rights, please contact us via our Contact page.

© 2026 Aegis Capital Holdings (Pty) Ltd. All rights reserved.