Privacy Policy

01

NDPR Compliance

HeartAfrika is an African health platform for Africa. Our policies, technical controls, and operations follow the Nigeria Data Protection Regulation (NDPR), guidance from the Nigeria Data Protection Commission (NDPC), and other applicable Nigerian laws when handling personal and health-related information for users in Nigeria and across Africa.

Nigeria Data Protection Regulation (NDPR)

HeartAfrika is headquartered in Nigeria and built for Africans. We comply with the NDPR (2019) and NDPC guidance as our primary data protection framework. Our NDPR commitments include:

Lawful processing: We collect and use personal data only with a valid legal basis—primarily your consent and our legitimate interest in delivering cardiac risk assessment services
Transparency: Clear notice of what we collect, why we use it, and who we share it with (see sections below)
Data subject rights: Access, correction, deletion, restriction, objection, and portability as described in Your Rights
Data minimization & purpose limitation: We collect only what is needed for assessments, support, and service improvement
Security & breach response: Appropriate technical and organizational measures, with procedures to assess and report notifiable breaches to the NDPC and affected individuals where required
Cross-border transfers: When data leaves Nigeria, we use safeguards such as contracts and encryption consistent with NDPR requirements
Data Protection Officer: Our DPO handles NDPR-related requests at privacy@heartafrika.com

Health & Sensitive Personal Data

Under the NDPR, health information you provide—such as vitals, medical history, and assessment results—is treated as sensitive personal data. We apply strict safeguards, including:

Purpose limitation: Health data is used only for assessments, care support, and related services you request
Access controls: Staff and systems access only the data required for their role, with audit logging where appropriate
Encryption: Sensitive data encrypted in transit (TLS) and at rest (AES-256), as detailed in Data Security
Processors & partners: Third parties that process data on our behalf are bound by NDPR-compliant data processing agreements
Confidentiality: Personnel with access to health data follow confidentiality and security policies
Your rights: You may request access, correction, or deletion of your health-related data as set out in Your Rights

HeartAfrika provides wellness and risk-assessment tools for users across Africa. We are not a substitute for emergency care or a licensed healthcare provider. Where you use our service from another African country, we still apply NDPR standards and respect local requirements where they apply.

02

Information We Collect

We collect information to provide and improve our services. Here's what we collect:

Personal Information

Name and email address
Phone number (optional)
Age and gender
Location (country/region)

Health Information

Blood pressure readings
Heart rate / pulse measurements
Height, weight, and BMI
Medical history (if provided)
Lifestyle information (diet, exercise)

Technical Information

Device type and browser
IP address
Usage patterns and preferences

03

How We Use Your Information

Risk Assessment

To calculate your cardiovascular risk score and provide personalized health insights

Notifications

To send health reminders, assessment updates, and important alerts

Service Improvement

To enhance our AI models and improve the accuracy of our assessments

Customer Support

To respond to your inquiries and provide assistance when needed

04

Data Sharing & Disclosure

We do NOT sell your personal or health data. Your information is never sold to advertisers, data brokers, or any third parties.

We may share your information only in these limited circumstances, and only in ways consistent with the NDPR and Nigerian law:

With your consent: When you explicitly authorize us to share (including valid NDPR consent where required)
Service providers: Trusted partners under NDPR-compliant data processing agreements with appropriate safeguards
Legal requirements: When required by Nigerian law, court order, or the NDPC
Healthcare providers: Only if you request us to share with your doctor or care team

05

Data Security

We implement industry-leading security measures aligned with NDPR security obligations to protect your personal and health data:

AES-256 Encryption

All data is encrypted at rest and in transit using bank-level encryption

Secure Servers

Data stored on SOC 2 Type II certified cloud infrastructure

Access Controls

Strict role-based access with multi-factor authentication

Regular Audits

Continuous security monitoring, audit trails for access to sensitive health data, and regular penetration testing

06

Data Retention

We retain your data only as long as necessary for the purposes outlined in this policy:

Active accounts: Data retained while your account is active
Deleted accounts: Data removed within 30 days of account deletion
Health records: Retained for 7 years or as required by applicable Nigerian healthcare and data protection requirements
Payment records: Retained for 7 years for legal compliance

07

Your Rights

Under the NDPR and our commitment to transparency, you have the following rights regarding your personal and health data:

Right to Access

Request a copy of all your personal data we hold

Right to Rectify

Correct any inaccurate or incomplete data

Right to Erasure

Request deletion of your personal data

Right to Portability

Export your data in a portable format

Right to Object

Opt out of certain data processing activities

Right to Restrict

Limit how we process your data

To exercise your NDPR data subject rights, contact our Data Protection Officer at privacy@heartafrika.com. We will respond within the timelines required by the NDPR and Nigerian law.

08

Cookies & Tracking

We use cookies and similar technologies to enhance your experience:

You can manage cookie preferences through your browser settings or our cookie consent banner.

09

Children's Privacy

Age Restriction

HeartAfrika is not intended for users under 18 years of age. We do not knowingly collect personal information from children. If we discover that a child has provided us with personal data, we will delete it immediately.

10

Policy Changes

We may update this Privacy Policy from time to time. When we make significant changes:

We'll notify you via email or in-app notification
We'll update the "Last Updated" date at the top
Continued use after changes means acceptance

11

Contact Us

For NDPR or other privacy-related inquiries—or to exercise your data subject or health-information rights—contact our Data Protection Officer at our Nigeria headquarters:

privacy@heartafrika.com +1 (631) 817-4737 Contact Support

Privacy at a Glance

Table of Contents

NDPR Compliance

Nigeria Data Protection Regulation (NDPR)

Health & Sensitive Personal Data

Information We Collect

Personal Information

Health Information

Technical Information

How We Use Your Information

Risk Assessment

Notifications

Service Improvement

Customer Support

Data Security

AES-256 Encryption

Secure Servers

Access Controls

Regular Audits

Data Retention

Your Rights

Right to Access

Right to Rectify

Right to Erasure

Right to Portability

Right to Object

Right to Restrict

Cookies & Tracking

Children's Privacy

Age Restriction

Policy Changes

Contact Us

Privacy Policy

Privacy at a Glance

Table of Contents

NDPR Compliance

Nigeria Data Protection Regulation (NDPR)

Health & Sensitive Personal Data

Information We Collect

Personal Information

Health Information

Technical Information

How We Use Your Information

Risk Assessment

Notifications

Service Improvement

Customer Support

Data Sharing & Disclosure

Data Security

AES-256 Encryption

Secure Servers

Access Controls

Regular Audits

Data Retention

Your Rights

Right to Access

Right to Rectify

Right to Erasure

Right to Portability

Right to Object

Right to Restrict

Cookies & Tracking

Essential Cookies

Analytics Cookies

Preference Cookies

Children's Privacy

Age Restriction

Policy Changes

Contact Us