Legal

Privacy Policy

Last updated: June 2026

1. Introduction

Neurona Health Technologies Ltd. (“NeuronaHealth”, “we”, “us”, “our”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our platform, including our website, mobile applications, and related services (collectively, the “Service”).

This policy is published in compliance with the Nigeria Data Protection Act 2023 (NDPA), the Nigeria Data Protection Regulation 2019 (NDPR), and aligns with international best practices including the EU General Data Protection Regulation (GDPR) principles.

2. Information We Collect

2.1 Information You Provide

Account information: Name, email address, phone number, and password when you create an account or join the waitlist.
Emergency requests: Location data, medical information, and emergency details you provide when requesting coordination services.
Referral information: When you use our referral program, we collect your referral code and the email addresses of referred individuals.
Corporate information: Business name, registration number, and contact details for enterprise accounts.
Communications: Records of your communications with us, including customer support inquiries.

2.2 Information Collected Automatically

Device information: Browser type, operating system, device identifiers, and mobile network information.
Usage data: Pages visited, features used, time spent, click patterns, and interaction data.
Location data: Approximate location derived from IP address or precise location when you grant permission for emergency coordination.
Cookies and similar technologies: See our Cookie Notice below.

2.3 Sensitive Data (Special Categories)

As a healthtech platform, we may process health-related data that constitutes special category data under the NDPA. This includes medical conditions, emergency details, and health information necessary for our emergency coordination service. We process this data only:

With your explicit consent
When necessary to protect your vital interests (e.g., emergency medical coordination)
For the establishment, exercise, or defence of legal claims

3. How We Use Your Information

Service delivery: To provide, maintain, and improve our emergency coordination and healthcare access services.
Emergency coordination: To connect you with ambulance services, hospitals, and healthcare providers.
Communication: To send you service-related notifications, waitlist updates, and referral confirmations.
Analytics: To understand usage patterns and improve our platform (using anonymized and aggregated data).
Security: To detect, prevent, and address fraud, unauthorized access, and other illegal activities.
Compliance: To comply with applicable Nigerian laws and regulatory requirements.

4. Legal Basis for Processing

We process your personal data under the following lawful bases:

Consent: When you have given explicit consent for specific purposes (e.g., marketing communications).
Contract performance: When processing is necessary to provide the Service you requested.
Legal obligation: When processing is required by Nigerian law or regulation.
Vital interests: When processing is necessary to protect your life or safety in an emergency.
Legitimate interests: When processing is necessary for our legitimate business interests, provided those interests are not overridden by your rights.

5. Data Sharing & Disclosure

We do not sell your personal data. We may share your data with:

Healthcare providers: Hospitals, ambulance services, and medical professionals to facilitate emergency coordination.
Service providers: Third-party vendors who assist us in operating the platform (e.g., cloud hosting, analytics), subject to contractual data protection obligations.
Legal authorities: When required by Nigerian law, court order, or governmental regulation.
Corporate partners: With your explicit consent, when you register through an enterprise program.

All third-party data processors are bound by data processing agreements that comply with the NDPA.

6. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, including to satisfy legal, accounting, or reporting requirements. Specifically:

Account data: Retained for the duration of your account plus 3 years after deletion for regulatory compliance.
Emergency request data: Retained for 7 years in accordance with Nigerian healthcare record-keeping requirements.
Waitlist data: Retained until you request removal or we launch the full service.
Usage analytics: Anonymized within 90 days; raw data deleted within 12 months.

7. Data Security

We implement appropriate technical and organizational measures to protect your personal data, including:

Encryption in transit (TLS 1.3) and at rest (AES-256)
Regular security assessments and penetration testing
Access controls and authentication mechanisms
Employee training on data protection practices
Incident response and breach notification procedures

In the event of a data breach affecting your personal data, we will notify the Nigeria Data Protection Commission and affected individuals within 72 hours, as required by the NDPA.

8. Your Rights Under the NDPA

Under the Nigeria Data Protection Act 2023, you have the right to:

Access: Request a copy of the personal data we hold about you.
Rectification: Request correction of inaccurate or incomplete personal data.
Erasure: Request deletion of your personal data (subject to legal retention requirements).
Data portability: Receive your data in a structured, commonly used, and machine-readable format.
Restriction: Request restriction of processing in certain circumstances.
Objection: Object to processing based on legitimate interests or for direct marketing purposes.
Withdraw consent: Withdraw consent at any time where processing is based on consent.

To exercise any of these rights, contact our Data Protection Officer at dpo@neuronahealth.com. We will respond to your request within 30 days.

9. International Data Transfers

Your data may be processed on servers located outside Nigeria. Where data is transferred internationally, we ensure adequate safeguards are in place, including standard contractual clauses approved by the Nigeria Data Protection Commission, and compliance with the NDPA’s requirements for cross-border data transfers.

10. Cookies & Tracking Technologies

We use the following categories of cookies:

Essential cookies: Required for the Service to function (e.g., authentication, security).
Analytics cookies: Help us understand how users interact with the Service (e.g., Microsoft Clarity for heatmap and session analysis).
Marketing cookies: Used to deliver relevant content and measure the effectiveness of our referral program (only with your consent).

You can manage your cookie preferences through your browser settings. Disabling certain cookies may affect the functionality of the Service.

11. Children’s Privacy

The Service is not intended for use by individuals under the age of 18. We do not knowingly collect personal data from children. If we become aware that we have collected data from a person under 18, we will take steps to delete that information promptly.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via the Platform or by email. Your continued use of the Service after such changes constitutes acceptance of the updated policy.

13. Contact

For privacy-related inquiries, to exercise your data subject rights, or to report a data protection concern, please contact:

Data Protection Officer

Neurona Health Technologies Ltd.

20 Babatunde Kuboye Street, Lekki Phase 1, Lagos, Nigeria

Email: dpo@neuronahealth.com

You also have the right to lodge a complaint with the Nigeria Data Protection Commission (NDPC) at ndpc.gov.ng.