Privacy Policy

Tin Works (Pty) Ltd T/A Lorraine AI is responsible for processing personal information collected through Lorraine, Lorraine Chat, and related services.

General privacy questions may be sent to hello@uselorraine.co.za. Security and privacy requests may be sent to Y Badal at legal@uselorraine.co.za.

We collect information you provide directly, information generated through use of the service, and information received from service providers.

• Account information, including name, email address, authentication details, and communication preferences.
• Professional profile information, including country, profession, registration authority, registration number, practice setting, intended use cases, and onboarding responses.
• Chat content, including prompts, responses, saved conversations, generated clinical cards, calculator interactions, citations, feedback, and support messages.
• Usage and product data, including message counts, conversation history metadata, subscription status, CPD activity tracking, feature use, device/browser information, IP address, logs, and error diagnostics.
• Payment and subscription metadata from payment processors, such as plan, billing interval, transaction references, payment status, and renewal information. We do not intentionally store full card details.
• Analytics data where enabled, such as screen views, product events, subscription events, CPD events, and crash or exception reports.

Lorraine Chat is designed for de-identified clinical context. You must not enter directly identifying patient information, including names, identification numbers, contact details, addresses, file numbers, medical record numbers, photographs, or other information that directly identifies a patient.

Clinical information may still be special personal information under POPIA if it relates to an identifiable person. If you submit such information despite our restriction, you are responsible for ensuring that you have a lawful basis and authority to do so, and we process it only as necessary to provide, secure, support, audit, and improve the service as described in this policy.

We use personal information to operate Lorraine and Lorraine Chat, authenticate users, provide AI responses, save and retrieve conversations, manage subscriptions, track usage limits, support CPD-related records, respond to support requests, maintain security, prevent abuse, troubleshoot issues, improve product quality, and comply with legal obligations.

We may also use aggregated or de-identified information for analytics, research, safety evaluation, product planning, and service improvement.

Chat content may be processed by Lorraine AI systems and model infrastructure to generate responses, run safety checks, perform retrieval, execute tools, and provide related product features.

We may use de-identified and/or aggregated interactions to evaluate, test, fine-tune, and improve Lorraine models, prompts, retrieval, and safety systems. We do not intentionally use directly identifying patient information for model training.

Where third-party infrastructure or operators are used to host or support model processing, they process information for service delivery under applicable contractual and security controls.

We do not sell personal information. We may share personal information with trusted operators and service providers that help us provide and secure the service.

• Hosting, database, storage, API, and model infrastructure providers.
• Authentication, email, customer support, security, logging, and monitoring providers.
• Payment processors and billing providers, including Paystack where applicable.
• Analytics providers, such as PostHog, where analytics is enabled.
• Content management and website infrastructure providers, including Sanity.

We may also disclose information where required by law, to protect rights and safety, to investigate misuse, or as part of a lawful business transfer.

Some providers, infrastructure, support systems, or personnel may be located outside South Africa. Where personal information is transferred cross-border, we take reasonable steps designed to ensure that it remains protected through appropriate contractual, technical, and organisational safeguards.

Chat history is retained until you delete it or your account is deleted, subject to backup, security, audit, legal, billing, tax, dispute, and abuse-prevention retention requirements.

Account, professional, subscription, CPD, payment metadata, logs, and support records are retained for as long as needed for the purposes described in this policy, unless a longer period is required or permitted by law. Deletion from active systems may not immediately remove information from backups or legally retained records.

We use reasonable technical and organisational safeguards designed to protect personal information against loss, misuse, unauthorised access, disclosure, alteration, and destruction. These safeguards may include access controls, encryption in transit, monitoring, logging, and operational security procedures.

If we become aware of a security compromise affecting personal information, we will assess the incident and notify affected users and/or the Information Regulator where required by POPIA.

We may use cookies, local storage, session storage, and similar technologies for authentication, security, preferences, analytics, and product operation. Analytics is used to understand product use and improve reliability, safety, and user experience. Where analytics is optional or disabled, related data collection may be reduced.

Subject to POPIA and other applicable law, you may request access to your personal information, correction of inaccurate information, deletion or destruction of information we are no longer authorised to retain, objection to certain processing, and information about our processing activities.

To exercise these rights, contact legal@uselorraine.co.za. If you believe your personal information has been processed in a way that violates POPIA, you may lodge a complaint with the Information Regulator of South Africa.

Lorraine Chat is not intended for children or for direct use by patients. Users must be at least 18 years old.

Questions about this Privacy Policy may be sent to hello@uselorraine.co.za. Security or privacy requests may be sent to Y Badal at legal@uselorraine.co.za.