Heala Health Logo
Back to Home

Privacy Policy

Plain English explanations of how we collect, use, and fiercely protect your personal and health information.

Last Updated: January 2025 • NDPR Compliant

Welcome to Heala Health. This policy explains our data practices. Please review this document alongside our Terms of Service, which govern your overall use of the platform.

If you have any questions, you can always reach our team directly at contact@healahealth.com.

1. Who We Are

Heala Health Ltd is a digital healthcare platform incorporated and operating across Nigeria. We act as the Data Controller for your information under the NDPR.

This means we determine how and why your personal data is processed. Our goal is to provide a unified, secure health ecosystem for patients and doctors.

If you have any questions regarding your data, you can reach our Data Protection Officer directly at dpo@healahealth.com.

2. What Data We Collect

We collect account details (name, email), health information (symptoms, history), and basic device analytics to make the platform work.

  • Account Info: Name, email address, phone number, date of birth, and location.
  • Health Info (Sensitive Data): Symptoms, medical history, prescriptions, allergies, lab results, and consultation notes.
  • Payment Info: Processed securely via Paystack. We do not store your actual card numbers on our servers.
  • Automated Data: Device type, IP address, and crash reports to fix technical issues.

3. How We Use Your Data

We only use your data to connect you with doctors, maintain your digital health wallet, and improve our AI triage system.

We use your information strictly to provide the service you signed up for. We never sell your personal or health data to third parties, and we do not use your health data for advertising.

  • Managing your unique Heala Health ID.
  • Operating the AI symptom checker for early health guidance.
  • Sending appointment reminders and digital prescriptions.
  • Detecting and preventing fraud or misuse.

4. Health Data & Security

Your medical records are protected with bank-grade encryption. Only you and the doctors you authorize can view your files.

  • All health data fields are encrypted at rest using AES-256 encryption.
  • All data in transit is protected with TLS 1.3.
  • Sensitive fields (diagnoses, prescriptions) have strict field-level encryption.
  • You can instantly revoke a doctor's access to your records at any time.

5. Who We Share Data With

We share your data only with the doctors you choose, and the secure cloud providers (like AWS and Paystack) that power our app.

We rely on trusted infrastructure providers to operate safely. These include AWS (cloud storage), Paystack (payments), and OpenAI (anonymised AI triage processing). All providers are bound by strict data processing agreements.

We may also disclose data if legally required by a Nigerian court order or in emergency situations to protect your life.

6. Your Rights (NDPR)

You have the right to access, correct, or completely delete your data from our servers at any time.

Under the Nigeria Data Protection Regulation (NDPR) 2023, you have the right to be forgotten. If you request account deletion, we will wipe your personal data within 30 days (except where medical retention laws require otherwise).

To exercise your rights, email contact@healahealth.com.

Contact Our Privacy Team

We take your privacy seriously. If you need to request a data deletion or have specific security concerns, contact our Data Protection Officer.

contact@healahealth.comEmail DPO Directly
By proceeding, you acknowledge that you have read and agree to our Privacy Policy and Terms of Service.
I Agree & Continue