MedPlus
Get started

Legal

Privacy notice

How MedPlus collects, uses, and protects your personal and health data, under the Nigeria Data Protection Act 2023.

Who we are

MedPlus (working name; CAC entity to be confirmed) is the data controller for personal data processed via the MedPlus app and website. Our DPO is reachable at [email protected].

What we collect

  • Identity: name, phone, email, date of birth, optional NIN (hashed only).
  • Health data: consultation notes, prescriptions, allergies, conditions, ratings.
  • Location data: delivery address, service zone (only when you book a home service).
  • Payment data: Paystack handles card data — we never store full card numbers.

Lawful basis

Healthcare delivery (Art. 11 NDPA), consent (for marketing and recording), legitimate interests (fraud prevention, service security).

Retention

  • Clinical records: 7 years from last activity.
  • Non-clinical audit: 3 years.
  • Payment records: 7 years (FIRS).

Your rights

Access, rectification, erasure (within retention limits), portability, objection, withdrawal of consent. Email the DPO at any time.

Breaches

We notify the NDPC within 72 hours of any breach affecting personal data, and affected subjects per NDPA Art. 40.