Privacy & Data Protection

• Account info: name, email, phone, country.
• Health info you give a doctor: symptoms, ICD-10 code, consult notes.
• Pharmacy & prescription QR data when you scan a medicine.
• Technical: IP address, browser type, country detected for compliance.

To connect you with a licensed doctor, dispense a verified prescription, detect counterfeit medicines, and meet legal record-keeping duties.

Your explicit consent (NDPR Art. 2.5) and the necessity of providing the medical care you request (GDPR Art. 9(2)(h)).

• The licensed doctor you consult — only for the duration of your consult.
• The verified pharmacy you choose — only the prescription needed to dispense.
• NAFDAC, NITDA or MDCN — only when legally required (e.g. counterfeit reporting).
• Never sold. Never shared with advertisers.

• Consult notes: 7 years (medical record retention).
• Prescription QR scans: 2 years.
• Account data: until you request deletion.

• Access — download all your data anytime from My Data.
• Rectification — correct anything wrong by contacting support.
• Erasure — request deletion from My Data.
• Audit — see who accessed your record on the same page.
• Complain to NITDA (Nigeria) or your national DPA (EU).

All traffic uses TLS 1.3. Data is encrypted at rest. Row-Level Security in our database ensures one patient cannot read another patient's record. Every access to a health record is logged.

Data Protection Officer: dpo@careconnect.africa