Privacy Policy
Digidocta Nexus Ltd.
Last Updated: November 26, 2025Welcome to Digidocta Nexus Ltd. ("Digidocta Nexus," "we," "us," or "our"). We are a digital health company registered with the Corporate Affairs Commission (CAC) of Nigeria under RC 8799404, with our office located at 17, Gwani Street, Zone 4, Wuse, Abuja, NG900108.
This Privacy Policy describes how Digidocta Nexus collects, uses, processes, stores, protects, and discloses your Personal Data when you use our mobile application ("the App"), our website, and any related services (collectively, "our Services").
At Digidocta Nexus, we are committed to protecting your privacy and handling your Personal Data with the utmost care and in compliance with the provisions of the Nigeria Data Protection Act (NDPA) 2023 and the National Information Technology Development Agency (NITDA) Framework and Guidelines for Public and Private Sector Organizations. As a digital health company, we understand the sensitive nature of the information you entrust to us, especially your health data.
By accessing or using our Services, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree with the terms of this Privacy Policy, please do not use our Services.
As per the NDPA 2023 and NITDA Guidelines:
- Personal Data: Any information relating to an identified or identifiable natural person (data subject) — including name, identification number, location data, online identifier, or factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that person.
- Sensitive Personal Data: Personal Data relating to an individual's health status, ethnic or racial origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data, sex life, or sexual orientation. For Digidocta Nexus, this primarily includes health information.
- Processing: Any operation performed on Personal Data — such as collection, recording, organisation, storage, adaptation, retrieval, consultation, use, disclosure, dissemination, alignment, restriction, erasure, or destruction.
- Data Subject: The identified or identifiable natural person to whom Personal Data relates (i.e., you, the user).
- Data Controller: A person who determines the purposes and means of processing personal data. Digidocta Nexus is the Data Controller.
- Data Processor: A person who processes personal data on behalf of the Data Controller.
- Consent: Any freely given, specific, informed, and unambiguous indication of the Data Subject's wishes by which he or she signifies agreement to the processing of Personal Data relating to him or her.
3.1 Information You Provide Directly
Account Information: Full name, email address, phone number, date of birth, gender, and a secure password.
Health Information (Sensitive Personal Data): With your explicit consent, we may collect:
- Medical history (pre-existing conditions, allergies, past surgeries)
- Symptoms and health concerns you report
- Diagnoses and treatment plans
- Prescriptions and medication details
- Lab results and diagnostic reports
- Immunization records
- Biometric data (processed locally on your device, not stored by us)
- Lifestyle information relevant to your health (diet, exercise habits)
Profile Information: Profile pictures, preferred language, and other optional profile data.
Communication Data: Records of communications with us, including support inquiries, feedback, and survey responses.
Payment Information: We use reputable third-party payment processors (e.g., Flutterwave, Paystack) and do not directly store your full payment card details on our servers.
User-Generated Content: Any information, text, images, or files you upload, share, or create within the App.
3.2 Information We Collect Automatically
- Device Information: Device model, operating system version, unique device identifiers, mobile network information, and crash data.
- Usage Data: Features accessed, time, frequency, and duration of activities, referring/exit pages.
- Location Data: With your explicit permission, precise or approximate location for location-based features. You can disable this in your device settings.
- Log Data: IP address, browser type/version, pages visited, time and date of visits.
- Cookies & Tracking Technologies: We use cookies, web beacons, and similar technologies. You can instruct your browser to refuse cookies, though some Service features may be affected.
4.1 To Provide & Maintain Our Services (Contractual Necessity)
- Create and manage your user account
- Enable digital health services — telemedicine, health records, appointments, prescriptions
- Personalise your experience
- Process payments
- Send service-related communications (appointment reminders, health alerts, account updates)
4.2 To Improve Our Services (Legitimate Interests / Consent)
- Understand usage and identify improvements
- Develop new features
- Conduct research using anonymised or aggregated data
- Troubleshoot bugs and ensure smooth operation
4.3 For Communication (Consent / Legitimate Interests)
- Respond to inquiries, feedback, and support requests
- Send marketing/promotional communications only with your explicit consent — you can opt-out at any time
4.4 For Security & Fraud Prevention (Legal Obligation & Legitimate Interests)
- Detect, prevent, and address technical issues, fraud, or malicious activities
- Ensure security and integrity of our systems and your data
4.5 For Legal Compliance (Legal Obligation)
- Comply with applicable laws, regulations, legal processes, or governmental requests
- Enforce our Terms of Service and other agreements
4.6 For Public Health or Research (Consent / Public Interest)
With your explicit and separate consent, we may use de-identified or aggregated health data for public health research, statistics, or educational purposes — your individual identity is never revealed.
Under the NDPA 2023, we rely on the following legal bases:
- Consent: For processing sensitive personal data (health information) and marketing communications. Consent can be withdrawn at any time.
- Contractual Necessity: For fulfilling our obligations to you (providing services, managing your account).
- Legal Obligation: For complying with legal or regulatory obligations (record-keeping, public health reporting, lawful requests).
- Vital Interests: In rare cases, to protect your or another person's vital interests (e.g., medical emergencies).
- Legitimate Interests: Where processing is necessary for our legitimate interests and your rights do not override them (improving services, fraud prevention, security). We conduct a legitimate interest assessment for such processing.
6.1 With Your Explicit Consent
- Healthcare Providers: Relevant health information shared with doctors, specialists, and pharmacists to facilitate consultations, diagnosis, treatment, and prescriptions.
- Designated Individuals: Family members or caregivers you explicitly authorise.
6.2 With Third-Party Service Providers (Data Processors)
Trusted providers contractually bound to protect your data and comply with NDPA 2023:
- Cloud Hosting: Secure data storage (e.g., Google Cloud, AWS)
- Payment Processors: Secure transactions
- Analytics: Understanding App usage (anonymised where possible)
- Customer Support & Communications: Managing inquiries, sending emails, SMS, or notifications
6.3 For Legal Reasons
- Comply with legal obligations, court orders, or governmental requests
- Protect rights, property, or safety of Digidocta Nexus, users, or the public
- Prevent or investigate wrongdoing
6.4 Business Transfers
In a merger, acquisition, or asset sale, your data may transfer as a business asset. You will be notified before your data becomes subject to a different Privacy Policy.
6.5 Aggregated & Anonymised Data
We may share data that cannot identify you for research, analysis, or public health purposes.
We implement robust technical, administrative, and physical security measures in accordance with NDPA 2023 and NITDA guidelines:
- Encryption: Data encrypted in transit (SSL/TLS) and at rest
- Access Controls: Strict authentication; need-to-know basis only
- Regular Security Audits: Ongoing vulnerability assessments
- Employee Training: Regular data privacy and security training
- Firewalls & Intrusion Detection: Network-level protection
- Data Backup & Recovery: Regular backups to prevent data loss
While we strive to use commercially acceptable means to protect your data, no method of transmission or storage is 100% secure.
- General principle: Data retained only as long as necessary for the purposes collected, including legal, accounting, or reporting requirements.
- Health Information: Retained for periods mandated by Nigerian health regulations and professional guidelines (typically longer than other data).
- Account Data: Retained while your account is active. Upon closure, data is deleted or anonymised unless retention is required by law.
- Usage & Technical Data: Retained for shorter periods, then anonymised or deleted.
When data is no longer required, we securely delete or anonymise it.
Under the NDPA 2023, you have the following rights:
- Right to Be Informed: Know how your Personal Data is collected and used (this Policy).
- Right of Access: Request a copy of your data in a structured, commonly used, machine-readable format.
- Right to Rectification: Request correction of inaccurate or incomplete data.
- Right to Erasure ("Right to Be Forgotten"): Request deletion when data is no longer necessary or consent is withdrawn. Subject to legal retention obligations, especially for health records.
- Right to Restrict Processing: Request limitation of processing in certain circumstances.
To exercise any of these rights, please contact our Data Protection Officer at esitekere@digidocta.com.
Your data may be transferred to and processed in countries outside Nigeria. We ensure protection through:
- Adequacy Decision: Transfers to countries deemed adequate by the NDPC.
- Standard Contractual Clauses (SCCs): NITDA/NDPC-approved contractual safeguards.
- Explicit Consent: After informing you of the possible risks.
- Other Derogations: Where necessary for contract performance, legal claims, or vital interests.
Our Services are not intended for individuals under 18. We do not knowingly collect Personal Data from children without verifiable parental or guardian consent.
If we discover we have collected data from a child without appropriate consent, we will delete it promptly. If you are a parent or guardian and believe your child has provided us with Personal Data, please contact us at dpo@digidoctanexus.com.
We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy and revising the "Last Updated" date. We may also notify you via email or in-app notices.
Continued use of our Services after changes constitutes acceptance of the revised Privacy Policy.
If you have any questions, concerns, or requests regarding this Privacy Policy or our data protection practices, please contact our Data Protection Officer:
Digidocta Nexus Ltd.
Email: esitekere@digidocta.com
Address: 17, Gwani Street, Zone 4, Wuse, Abuja, NG900108, Nigeria