1 Scope
This Policy applies to all users of the Medichat platform, including patients, visitors, and healthcare providers, and governs all personal data and sensitive personal data processed through the Platform.
2 Data Controller
Medichat is the Data Controller for all personal data processed on the Platform.
Legal Entity: Medichat Technologies
Address: Anazodo Street, Nnewi
Email: contactmedichat.ai@gmail.com
3 Information We Collect
We collect only data that is necessary, relevant, and lawful.
Personal Data
- • Name, email, phone number
- • Date of birth, gender
- • Identification details
Health Data
- • Medical history & symptoms
- • Consultation records
- • Prescriptions & care plans
- • Uploaded medical files
Technical Data
- • IP address & device info
- • Usage logs & metadata
4 Legal Grounds for Processing
Personal data is processed only where a lawful basis exists, including: explicit user consent (mandatory for health data), medical necessity for diagnosis, care, or treatment, performance of a contract (service delivery), compliance with legal and regulatory obligations, and legitimate business interests limited strictly to non‑medical operations.
Health data is never processed without explicit, informed, and recorded consent.
5 How We Use Data
We use personal data to facilitate and document telemedicine consultations, maintain accurate medical records, match users with licensed healthcare providers, process payments and appointments, improve Platform safety and performance, prevent fraud and misuse, and comply with applicable laws.
6 Data Sharing and Disclosure
Data may be shared strictly on a need‑to‑know basis with licensed healthcare providers involved in a user's care, payment processors and financial service providers, cloud hosting and security vendors, and regulatory or law‑enforcement authorities where legally required. All third parties are bound by contractual confidentiality and NDPR‑compliant data protection obligations.
7 Cross‑Border Data Transfers
Where personal data is transferred outside Nigeria, adequate legal, technical, and organizational safeguards are implemented. Transfers are limited to jurisdictions with acceptable data‑protection standards, and users are informed and consent is obtained where required by law.
8 Data Security
We implement industry‑appropriate administrative, technical, and physical safeguards including encryption of data in transit and at rest, role‑based and least‑privilege access controls, secure authentication mechanisms, and continuous monitoring and regular security audits.
9 Data Retention
10 User Rights
Users have the right to access their personal data, request correction of inaccurate data, withdraw consent (subject to medical and legal obligations), request deletion where lawful, and object to certain non‑medical processing activities.
mail Submit a Data Rights Request11 Data Breach Notification
In the event of a personal data breach, relevant regulatory authorities will be notified where required by law, affected users will be informed without undue delay, and remedial actions will be taken to prevent recurrence.
12 Children's Data
Medichat does not knowingly collect or process personal data of minors without verified parental or legal‑guardian consent, in accordance with Nigerian law.
13 Policy Updates
This Policy may be updated periodically to reflect legal, regulatory, or operational changes. Material changes will be communicated through the Platform.
14 Contact Information
For privacy‑related inquiries or data‑rights requests:
contactmedichat.ai@gmail.com