This Privacy Policy explains how Heala collects, uses, shares, and protects personal information when you use our Platform. We aim to comply with applicable Nigerian data protection requirements, including the Nigeria Data Protection Act 2023 and relevant regulations and guidance.

Data controller and contact

Heala is the "data controller" for personal data processed through the Platform (unless we clearly state otherwise).

Contact: healacare@gmail.com. For any additional information, please contact us at the email address above.

Information we collect

We may collect the following categories of personal data:

• Identity and contact data: name, email, phone number, address, date of birth.
• Account data: login credentials, profile settings, customer support communications.
• Transaction data: payment status, transaction references, amount, currency, refunds; we receive limited payment information from payment providers such as Flutterwave.
• Health-related data (if applicable): information you choose to provide for care delivery, appointments, prescriptions, lab results, or insurance processing.
• Technical data: device identifiers, IP address, log data, cookies, browser/app usage analytics.

How we use your information

• To provide and improve the Services (including booking, delivery, and customer support).
• To process payments, refunds, and fraud prevention checks.
• To communicate with you about your account, transactions, and service updates.
• To comply with legal and regulatory obligations and to enforce our Terms.
• To send marketing communications where you have consented or where permitted by law (you can opt out at any time).

Legal bases for processing

Depending on the context, we process personal data based on one or more of the following legal grounds: your consent; performance of a contract with you; compliance with a legal obligation; or our legitimate interests (such as securing the Platform and preventing fraud), balanced against your rights.

Sharing and disclosure

We may share your personal data with:

• Payment processors and financial partners (e.g., Flutterwave) to process payments, refunds, and disputes.
• Healthcare providers, clinics, labs, insurers, and logistics partners (where applicable) to deliver the Services you request.
• Technology service providers (hosting, analytics, customer support tools) acting on our instructions.
• Regulators, law enforcement, and courts where required by law or to protect rights, safety, and security.

Cross-border transfers

Some service providers may process data outside Nigeria. Where we transfer personal data across borders, we will take reasonable steps to ensure appropriate safeguards are in place, consistent with applicable Nigerian data protection requirements.

Data retention

We retain personal data only for as long as necessary to provide the Services, meet legal and accounting obligations, resolve disputes, and enforce agreements. Retention periods may vary depending on the type of data and applicable legal requirements.

Security

We implement reasonable technical and organisational measures designed to protect personal data against unauthorised access, loss, misuse, alteration, or disclosure. However, no method of transmission or storage is completely secure.

Your rights

Subject to applicable law, you may have rights to:

• Request access to your personal data and obtain a copy.
• Request correction of inaccurate or incomplete data.
• Request deletion of your personal data in certain circumstances.
• Object to or restrict certain processing.
• Withdraw consent where processing is based on consent.
• Lodge a complaint with the Nigeria Data Protection Commission (NDPC) or another competent authority.

To exercise your rights, contact us at healacare@gmail.com. We may need to verify your identity before responding.

Cookies and analytics

We may use cookies and similar technologies to remember preferences, improve user experience, analyse usage, and enhance security. You can manage cookie preferences through your browser settings and, where available, our cookie banner/settings.

Children's privacy

The Platform is not intended for children under 13. If you believe a child has provided us with personal data without appropriate consent, contact us and we will take steps to delete the data where required.

Changes to this Privacy Policy

We may update this Privacy Policy from time to time. We will post the updated version on our Platform and update the "Last updated" date at the top of this document.

Contact

Privacy questions or requests: healacare@gmail.com