Privacy Policy

Ugzo Health Technologies Ltd. ("Ugzo Health", "we", "our", or "us") is committed to protecting the privacy and security of your personal and health information. This Privacy Policy explains how we collect, use, store, share, and protect your data when you use the Ugzo Health platform.

This policy applies to all users of the Ugzo Health mobile application and website and is compliant with the Nigeria Data Protection Act (NDPA) 2023, the Nigeria Data Protection Regulation (NDPR), and applicable international standards.

By using Ugzo Health, you consent to the practices described in this Policy. Our Data Protection Officer can be reached at dpo@ugzohealth.ng.

We collect the following categories of information:

Account & Identity Information:

• Full name, date of birth, gender, profile photo

• Email address, phone number

• Login credentials (passwords are stored in hashed form only)

Health Information (Sensitive Data):

• Medical history, symptoms, and conditions shared during consultations

• Prescriptions, diagnoses, and lab results

• Medications and allergies

• Consultation notes (shared between you and your doctor)

Payment Information:

• Payment method details (processed and stored by our PCI-compliant payment partners — we do not store raw card numbers)

• Transaction history and billing records

Technical Information:

• Device type, operating system, IP address

• App usage data, session duration, feature interactions

• Location data (city/region level, for matching with nearby services)

Communications:

• In-app chat messages with doctors or support

• Feedback, survey responses, support tickets

We use your information to:

• Provide and personalise the Ugzo Health services

• Facilitate consultations between you and licensed medical practitioners

• Process payments and issue receipts

• Send appointment reminders and health notifications

• Improve our platform through aggregated, anonymised analytics

• Comply with Nigerian healthcare regulations and legal obligations

• Detect and prevent fraud, abuse, or security incidents

• Respond to your support requests and complaints

We will NOT use your health data for advertising, sell it to third parties, or share it without your explicit consent except as required by law.

We share your information only in the following circumstances:

With Healthcare Providers: We share your health information with the specific doctor you consult. This is necessary to deliver the service.

With Service Partners: We use trusted third-party service providers for payment processing (Paystack, Flutterwave), cloud storage (AWS), and analytics. These partners are contractually bound to handle your data securely and only for the specified purpose.

For Legal Compliance: We may disclose information if required by a court order, Nigerian law, or regulatory authority (e.g., Federal Ministry of Health, NDPC).

Business Transfers: In the event of a merger or acquisition, your data may be transferred. We will notify you in advance.

With Your Consent: We will share your data in any other way only with your explicit, informed consent.

We do NOT sell your personal or health data to third parties.

We implement industry-standard security measures to protect your data:

• AES-256 encryption for all data at rest

• TLS 1.3 encryption for all data in transit

• End-to-end encrypted video consultation sessions

• Role-based access controls — only authorised personnel can access health records

• Regular security audits and penetration testing

• Secure data centres hosted within Nigeria and ISO 27001-certified facilities

Despite our best efforts, no system is completely secure. We encourage you to use a strong, unique password and to contact us immediately if you suspect unauthorised access to your account.

We retain your data for as long as your account is active and for a period afterwards as required by Nigerian law:

• Health Records: 7 years from the date of consultation (in compliance with medical records retention obligations)

• Financial Records: 7 years (in compliance with CAMA and FIRS requirements)

• Communication logs: 2 years

• Technical/usage logs: 12 months

When data is no longer needed, it is securely deleted or anonymised. You can request early deletion of non-legally-required data by contacting dpo@ugzohealth.ng.

Under the Nigeria Data Protection Act (NDPA) 2023 and applicable regulations, you have the right to:

• Access: Request a copy of the personal data we hold about you

• Correction: Request that we correct inaccurate or incomplete data

• Deletion: Request deletion of your data where it is no longer necessary for the original purpose

• Restriction: Request that we restrict processing of your data

• Portability: Receive your data in a structured, machine-readable format

• Objection: Object to processing based on legitimate interests

• Withdraw Consent: Withdraw consent at any time (this does not affect the lawfulness of prior processing)

To exercise any of these rights, email dpo@ugzohealth.ng with the subject line "Data Rights Request". We will respond within 30 days.

The Ugzo Health website uses cookies and similar technologies to:

• Maintain your login session

• Remember your preferences

• Analyse website usage (via anonymised analytics)

Essential cookies are necessary for the service to function and cannot be disabled. Analytics cookies can be opted out of via the Cookie Preferences link in the footer.

The Ugzo Health mobile app does not use traditional browser cookies but may use device identifiers and local storage for functionality and analytics.

Ugzo Health is not intended for children under 13. Users between 13–17 may use the Platform only with verifiable parental or guardian consent, and a parent/guardian account must be created on their behalf.

We do not knowingly collect personal data from children under 13 without parental consent. If you believe we have done so in error, please contact us immediately at dpo@ugzohealth.ng and we will delete the information promptly.

The Platform may contain links to third-party websites and services (e.g., laboratory partners, pharmacies). These third parties have their own privacy policies and we are not responsible for their data practices. We encourage you to review their policies before providing any personal information.

Our payment partners (Paystack, Flutterwave) process payment data under their own privacy frameworks, which are compliant with PCI-DSS and Nigerian data protection requirements.

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable law. We will notify you of material changes via:

• In-app notification

• Email to your registered address

• A prominent notice on our website

The updated policy will indicate the revision date and will be effective immediately upon posting unless stated otherwise. Continued use of the Platform after changes constitutes acceptance.

For any privacy-related questions, concerns, or requests, please contact:

Data Protection Officer

Ugzo Health Technologies Ltd.

Email: dpo@ugzohealth.ng

Phone: +234 (0) 800 Ugzo Health

Address: 15 Admiralty Way, Lekki Phase 1, Lagos, Nigeria

Office Hours: Monday – Friday, 8:00 AM – 6:00 PM WAT

You also have the right to lodge a complaint with the Nigeria Data Protection Commission (NDPC) at ndpc.gov.ng if you believe your data rights have been violated.

Last updated: March 2026