Privacy Policy
Last updated: 19 March 2026
Techzoid Innovation Limited ("DawaHQ", "we", "our", or "us") is committed to protecting the privacy of our clinic customers ("Clinic") and their patients ("Data Subjects"). This Privacy Policy explains how we collect, use, disclose, and safeguard information in connection with our healthcare management platform.
DawaHQ operates in compliance with the Nigeria Data Protection Regulation (NDPR) 2019 and the Nigeria Data Protection Act (NDPA) 2023.
1. Data Controller vs Data Processor
Your clinic is the Data Controller — you determine the purposes and means of processing patient data. DawaHQ acts as a Data Processor — we process patient data only on your clinic's instructions. We never use patient data for our own commercial purposes.
2. Information We Collect
Account information: Clinic name, owner name, email address, phone number, clinic address, and registration details.
Patient data (on behalf of your clinic): Patient demographics, medical history, clinical notes, lab results, prescriptions, billing records, and other healthcare information entered by your clinical staff.
Usage data: Log data, IP addresses, browser type, pages visited, and feature usage analytics to improve the platform.
Payment information: Payment transactions are processed by Paystack. DawaHQ does not store card numbers or bank account details.
3. How We Use Information
We use the information we collect to:
- Provide, maintain, and improve the DawaHQ platform
- Process payments and manage billing
- Send service notifications (appointment reminders, system alerts)
- Provide customer support
- Comply with legal obligations
- Monitor platform security and detect fraud
We do not sell, rent, or share patient data with any third party for marketing or commercial purposes.
4. Data Sharing
We share data only with:
- Supabase (AWS) — database hosting and storage
- Vercel — application hosting and CDN
- Paystack — payment processing
- Brevo (Sendinblue) — transactional email delivery
- Termii — SMS delivery
- Telegram — critical system alerts to your designated staff
All third-party providers are contractually bound to process data only as necessary and under strict data protection standards.
5. Data Retention
Patient records and clinic data are retained for the duration of your active subscription plus a 30-day grace period after cancellation. After this period, data is permanently deleted from our systems. You may export all your data at any time from within the platform.
6. Your Rights (NDPR)
Under the NDPR, your clinic patients have the right to:
- Access their personal data held by your clinic
- Correct inaccurate data
- Request erasure of their data
- Object to processing
- Data portability
As Data Controller, your clinic is responsible for responding to patient data rights requests. DawaHQ will assist where technically necessary.
7. Security
We implement AES-256 encryption at rest, TLS 1.3 in transit, row-level security for data isolation between clinics, and role-based access control. See our Security page for full details.
8. Cookies
DawaHQ uses essential session cookies for authentication (Supabase auth tokens) and functional cookies to maintain your login session. We do not use tracking or advertising cookies.
9. Changes to This Policy
We may update this Privacy Policy from time to time. Significant changes will be communicated via email to clinic administrators at least 14 days before taking effect.
10. Contact Us
For privacy-related questions, data requests, or to report a concern, contact our Data Protection Officer at: privacy@dawahq.com
Techzoid Innovation Limited
RC 8623365
Nigeria