MediDesk policies

Terms of Service

The terms that govern access to and use of MediDesk by subscribing private healthcare practices.

Operator: DeskLabsEffective date: 23 June 2026Version: 1.4

1. Agreement

These Terms of Service ("Terms") govern access to and use of MediDesk, a cloud-based practice management platform operated by DeskLabs ("we", "us", or "DeskLabs"). By creating an account, making a payment, or using MediDesk, the subscribing private healthcare practice ("Customer") agrees to these Terms. If you accept on behalf of a practice or entity, you confirm you have authority to bind that entity. These Terms incorporate by reference: the Data Processing Agreement (DPA), the Acceptable Use Policy (AUP), and the Information Security Policy, each available at getmedidesk.co.za.

2. The Service

MediDesk is administrative and practice management software. It is not a medical device, clinical decision support tool, electronic health record, EMR, EMR substitute, or emergency service. It does not provide medical, clinical, legal, billing, regulatory, or financial advice, and has no clinical functionality in any capacity.

Treating practitioners remain solely and exclusively responsible for all clinical decisions, diagnoses, prescriptions, sick notes, treatment plans, patient care, billing codes, medical aid submissions and authorisations, informed consent, and all professional obligations. MediDesk outputs are administrative aids only and must not be relied upon as clinical guidance.

MediDesk has no clinical functionality in any capacity. It does not capture, analyse, interpret, or present information for clinical decision-making. Any health or clinical information a practice enters into MediDesk — including clinical notes, diagnoses, or procedure codes — is stored purely as administrative data at that practice's direction and does not constitute a medical record, clinical assessment, or healthcare record for any clinical, diagnostic, or regulatory purpose. MediDesk must not be treated as a clinical system under any circumstances.

MediDesk must not be used in emergencies or where a system failure or error could risk patient safety. Practices must maintain independent emergency procedures at all times.

Features and modules are provided subject to the Customer's plan. DeskLabs may change, add, or remove features at any time with reasonable notice to the Customer.

Patient payment links: Patient-facing payment links that practices configure and send through MediDesk are external pages operated by third-party payment providers chosen by the practice. DeskLabs does not process, store, guarantee, or take responsibility for patient payments, payment provider terms, or the outcome of any payment transaction.

AI Voice Receptionist: MediDesk offers an optional AI Voice Receptionist feature that automates inbound call handling, including appointment booking and FAQ responses. The AI Voice Receptionist is an administrative call-handling tool only. It does not provide medical advice, make clinical decisions, triage emergencies, or replace human practitioners. AI-generated transcripts and summaries are approximate and must not be relied upon as accurate medical or legal records. The Customer is solely responsible for configuring, monitoring, and supervising the AI Voice Receptionist and for informing patients that calls may be handled by an AI system.

3. Accounts

The Customer controls who accesses its MediDesk account. The Customer is responsible for:

  • all activity under its account, including actions by its users and any administrator;
  • keeping credentials secure and confidential;
  • removing access for departed, suspended, or unauthorised staff promptly;
  • ensuring all users comply with these Terms and the Acceptable Use Policy;
  • any consequences arising from credential compromise that the Customer did not report promptly.

DeskLabs may suspend any account it reasonably believes is compromised or being misused, without prior notice where urgency requires.

4. Customer Responsibilities

The Customer is solely responsible for:

  • complying with all applicable laws, including POPIA, the National Health Act, HPCSA guidelines, and professional body rules;
  • having a lawful basis under POPIA for each category of patient personal information entered into MediDesk;
  • providing patients with required POPIA notices, obtaining required consents, and managing patient rights requests;
  • the accuracy, completeness, and lawfulness of all data entered into MediDesk, including clinical records, billing codes, and patient contact details;
  • all clinical, billing, coding, and professional decisions and their outcomes;
  • ensuring patient communication content is accurate, lawfully authorised, and sent to correct recipients;
  • configuring and monitoring automated communications, consent forms, and patient-facing public links;
  • the content of any consent forms, check-in forms, or patient-facing links the Customer configures in MediDesk;
  • obtaining required authority to contact patients via SMS, and managing opt-outs;
  • configuring, monitoring, and supervising the AI Voice Receptionist feature, including recording consent settings, greeting messages, and available appointment types;
  • informing patients that inbound calls may be handled by an AI system where the AI Voice Receptionist is enabled;
  • exporting and retaining records required by law or professional obligation before or after termination.

DeskLabs is not responsible for the Customer's compliance with healthcare, professional, billing, medical aid, or data protection obligations.

5. DeskLabs' Obligations

DeskLabs will:

  • make MediDesk available using reasonable efforts;
  • maintain reasonable security safeguards as described in the Information Security Policy;
  • process Customer data as described in the Data Processing Agreement.

DeskLabs does not guarantee uninterrupted or error-free availability, and is not responsible for outages or failures caused by third-party providers including Supabase, Vercel, WinSMS, Twilio, Retell.ai, OpenAI, PayFast, or any other provider. DeskLabs does not guarantee that MediDesk will meet the Customer's specific requirements.

6. Fees, Billing, and Subscription

6.1 Billing

Subscriptions are billed monthly in advance. All fees are in South African Rand and exclude VAT where applicable. DeskLabs will issue a VAT invoice if required by applicable law.

6.2 Payment

Subscription payments are processed through PayFast. By subscribing, the Customer authorises PayFast to debit the nominated payment method on the billing date. DeskLabs does not store card numbers. SMS credit top-up purchases are also processed through PayFast.

6.3 Failed Payments and Suspension

If a payment fails or is not received by the due date, DeskLabs will notify the Customer. If the outstanding amount remains unpaid 2 days after that notice, DeskLabs may suspend access to MediDesk without further notice. A suspended account retains its data but cannot be actively used.

6.4 Reactivation

A suspended account may be reactivated on payment of all outstanding amounts plus any applicable reactivation fees, subject to DeskLabs' confirmation. DeskLabs may impose conditions on reactivation, including requiring updated payment details. Reactivation is not guaranteed.

6.5 Termination for Non-Payment

DeskLabs may terminate the subscription if an account remains suspended for 30 consecutive days without payment or resolution. On termination, the data export and deletion provisions of Section 14 apply.

6.6 Price Changes

DeskLabs may change subscription fees with 30 days' written notice by email. Continued use after the notice period constitutes acceptance of the new fees.

6.7 Non-Refundable Fees

All fees paid are non-refundable except as expressly required by applicable South African law. No refunds are issued for partial months, unused features, service interruptions caused by third parties, or account suspension for AUP violations.

6.8 SMS Credits

MediDesk subscriptions include a monthly SMS credit allocation. Practices may purchase additional SMS credit bundles at any time through the SMS Credits page in MediDesk. SMS top-up purchases are processed through PayFast and are non-refundable once the credits have been issued. Purchased credits do not roll over to the next calendar month and expire at month-end. DeskLabs reserves the right to adjust monthly included allocations with 30 days' written notice.

6.9 AI Voice Receptionist Usage

Where the AI Voice Receptionist feature is enabled, usage is measured in billable minutes. Each plan includes a monthly allocation of included minutes. Usage beyond the included allocation may incur additional charges as published in the MediDesk pricing schedule. DeskLabs reserves the right to adjust included minute allocations with 30 days' written notice.

7. Cancellation

The Customer may cancel at any time by contacting medidesk@desklabs.co.za. Cancellation takes effect at the end of the current billing month. No refund is issued for the current billing period. The Customer remains responsible for exporting required records before the end of the 30-day post-cancellation data-retention window.

8. Support Communications and Bug Reports

When submitting support requests or bug reports, the Customer must minimise the inclusion of patient personal information and health records. Screenshots attached to support tickets may contain patient information. DeskLabs will handle support data confidentially, use it only to resolve the reported issue, and will delete or destroy bug report materials containing patient information as soon as the issue is resolved. Practices must not attach unredacted patient records to support tickets unless strictly necessary to demonstrate the reported issue, and must advise DeskLabs immediately if sensitive health information has been inadvertently shared.

9. Patient-Facing Public Forms and Walk-In Queue Check-In

MediDesk enables practices to deploy consent forms, walk-in queue check-in pages, appointment detail links, and other patient-facing public links. The Customer is solely responsible for:

  • the content, accuracy, and lawfulness of all patient-facing forms it configures;
  • ensuring patients are provided with required POPIA notices before submitting personal information through public forms;
  • ensuring the check-in and consent links are accessible only to intended patients;
  • the accuracy of pre-populated data on check-in forms.

DeskLabs is not responsible for errors in patient-facing form content, walk-in queue misuse, or POPIA non-compliance arising from the Customer's form configuration.

10. SMS Communications

MediDesk enables practices to send SMS messages to patients and contacts. The Customer is solely responsible for:

  • obtaining required consents and authority to contact each recipient;
  • the accuracy of recipient contact details entered into MediDesk;
  • message content, including appointment reminders, billing information, and clinical communications;
  • compliance with POPIA's direct marketing provisions.

DeskLabs does not guarantee SMS delivery. Failed or undelivered messages are not grounds for a claim against DeskLabs.

MediDesk may log the content and metadata of SMS messages sent through the platform for traceability, support, and audit purposes. This is disclosed in the Privacy Policy and DPA.

11. AI Voice Receptionist

MediDesk offers an optional AI Voice Receptionist feature that enables practices to automate inbound phone call handling. The Customer is solely responsible for:

  • enabling, configuring, and supervising the AI Voice Receptionist;
  • the content and accuracy of greeting messages, recording consent messages, and FAQ responses configured in the AI Receptionist settings;
  • informing patients that calls may be handled by an AI system;
  • configuring recording consent settings and ensuring compliance with applicable recording consent laws;
  • reviewing AI-generated transcripts and summaries for accuracy before relying on them;
  • ensuring the AI Receptionist is not used for emergency calls, clinical triage, or medical advice.

DeskLabs does not guarantee the accuracy of AI-generated transcripts, call summaries, or appointment bookings. The AI Voice Receptionist may misunderstand callers, make booking errors, or produce inaccurate transcriptions. The Customer must monitor and review AI Receptionist activity regularly.

DeskLabs is not liable for missed calls, incorrect bookings, inaccurate transcriptions, or any loss arising from the AI Voice Receptionist's operation or unavailability.

12. Intellectual Property

DeskLabs owns all rights in MediDesk including software, design, code, trademarks, and documentation. The Customer receives a limited, non-exclusive, non-transferable licence to use MediDesk during the subscription term only. The Customer owns its own data. The Customer grants DeskLabs a licence to process Customer data to provide, maintain, support, and secure the service. The Customer must not copy, reverse engineer, decompile, resell, or sublicense MediDesk or any component of it.

13. Disclaimers

MediDesk is provided "as is" and "as available." To the maximum extent permitted by South African law, DeskLabs excludes all warranties, express or implied, including warranties of merchantability, fitness for a particular purpose, accuracy, completeness, and non-infringement. DeskLabs does not warrant:

  • that MediDesk will be uninterrupted, error-free, secure, or available at all times;
  • that data will not be lost, corrupted, or rendered inaccessible due to third-party provider failures;
  • that medical aid authorisations will be granted, claims paid, or billing codes accepted;
  • that SMS or email messages will be delivered to recipients;
  • that MediDesk will satisfy any regulatory, professional, or POPIA compliance requirement of the Customer;
  • that walk-in queue check-in, appointment detail links, or patient-facing forms will be free of errors or accessible on all devices;
  • that patient payment links will function correctly or that patient payments will be completed;
  • that third-party provider integrations will remain available or unchanged;
  • that AI Voice Receptionist transcripts, summaries, or bookings will be accurate or complete;
  • that the AI Voice Receptionist will be available, respond correctly, or handle all caller scenarios.

14. Limitation of Liability

DeskLabs' total aggregate liability to the Customer for any and all claims arising under or in connection with these Terms — whether in contract, delict, statute, or otherwise — shall not exceed the total fees paid by the Customer in the 3 months immediately before the event giving rise to the claim.

DeskLabs is not liable under any circumstances for:

  • loss of profits, revenue, business, contracts, or goodwill;
  • loss or corruption of data, including patient records;
  • indirect, consequential, special, punitive, or exemplary loss of any kind;
  • clinical harm, adverse patient outcomes, or missed diagnoses;
  • failed medical aid authorisations, rejected billing claims, or unpaid patient accounts;
  • regulatory investigations, fines, or sanctions imposed on the Customer by the HPCSA, Information Regulator, or any authority;
  • patient complaints, patient data subject rights claims, or claims by patients against the Customer;
  • failed or delayed SMS delivery;
  • failures, outages, or data breaches at third-party providers (Supabase, Vercel, WinSMS, Twilio, Retell.ai, OpenAI, PayFast, or others);
  • loss arising from the Customer's use or configuration of patient-facing forms, walk-in queue check-in pages, appointment detail links, or payment links;
  • loss arising from AI Voice Receptionist errors, inaccuracies, missed calls, or incorrect bookings;
  • any loss arising from the Customer's reliance on MediDesk in an emergency or safety-critical situation.

Nothing in these Terms excludes or limits liability for death or personal injury caused by DeskLabs' gross negligence or fraud, or any liability that cannot lawfully be excluded under South African law.

15. Indemnity

The Customer indemnifies DeskLabs, its officers, employees, and contractors against all third-party claims, losses, damages, costs (including legal costs), and liabilities arising from:

  • the Customer's or its users' breach of these Terms or the Acceptable Use Policy;
  • unlawful processing of patient personal information by or on behalf of the Customer;
  • the Customer's clinical, billing, or professional decisions or omissions;
  • the content or lawfulness of communications sent through MediDesk by or for the Customer;
  • claims by patients, guardians, medical aids, or regulatory bodies arising from the Customer's conduct;
  • the Customer's configuration or deployment of patient-facing forms or payment links;
  • the Customer's configuration, use, or supervision of the AI Voice Receptionist;
  • fraud, wilful misconduct, or criminal acts by the Customer or its users.

16. Data Protection

Customer data is processed under the Data Processing Agreement, which forms part of these Terms. The Customer is the responsible party (as defined in POPIA) for patient personal information it manages through MediDesk. DeskLabs processes that data as operator. The Customer's POPIA obligations to patients — including notices, consent, data subject rights, and regulatory compliance — remain the Customer's sole responsibility.

17. Term and Termination

These Terms continue until cancelled or terminated in accordance with this section. DeskLabs may terminate immediately if the Customer materially breaches these Terms and fails to remedy within 14 days of written notice, or if the Customer becomes insolvent, is placed in liquidation or business rescue, or ceases to practise. On termination or expiry, Customer data is retained for 30 days for export, then deleted from active systems subject to backup retention cycles, audit log retention, billing record retention, and any legal hold requirements.

Healthcare recordkeeping obligations: DeskLabs' deletion of platform records does not fulfil the Customer's obligations to retain patient records under the National Health Act, HPCSA rules, or other applicable law. The Customer is solely responsible for exporting and retaining any records it is required to keep.

18. General

  • Governing law: Republic of South Africa.
  • Disputes are subject to the non-exclusive jurisdiction of the Western Cape Division of the High Court, Cape Town.
  • Entire agreement: These Terms, the DPA, the AUP, the Information Security Policy, and any order form constitute the full agreement between the parties and supersede all prior representations.
  • Severability: If any provision is unenforceable it will be modified minimally or severed. The remainder continues in force.
  • No waiver: Failure to enforce a right is not a waiver of that right.
  • Notices: Written notices to DeskLabs must be sent to legal@desklabs.co.za.

Contact: legal@desklabs.co.za | medidesk@desklabs.co.za | desklabs.co.za