Cross-border data transfers
Cross-border data processing notice
Daktalink — version 2026-05-1 (UTC).
Under the Nigeria Data Protection Act (NDPA) 2023, personal data (including health-related information) must not be transferred outside Nigeria without appropriate safeguards or your informed consent. This notice explains when Daktalink uses subprocessors in other countries and what that means for you.
When data may leave Nigeria
We may send personal or health-related data to the subprocessors below when you use certain features—for example enhanced symptom analysis, voice transcription, mental wellness chat, or lab result interpretation powered by AI.
Subprocessors (indicative list)
| Provider | Purpose | Typical location |
|---|---|---|
| OpenAI | AI symptom analysis, voice transcription, mental wellness chat, lab interpretation assistance | United States |
| Meta (WhatsApp Cloud API) | WhatsApp messaging when you contact us via WhatsApp | United States / Ireland |
| Termii | SMS delivery (verification, reminders) | Nigeria |
| Flutterwave | Payment processing for subscriptions and telemedicine | Nigeria / United States |
Risks
- Foreign laws may differ from Nigerian law; authorities in another country could request data in limited circumstances.
- We rely on contractual safeguards with providers, but no transfer is risk-free.
- If you do not consent, we still offer rule-based guidance that does not use external AI for your inputs.
Your choices
- Signed-in users: accept or review consent under Account → Data & privacy.
- Guest symptom checks: you may accept a session-specific notice before enhanced AI runs.
- You may withdraw consent by contacting support; withdrawal does not affect processing already performed lawfully.
See also our Privacy Policy and Patient Consent Form.
Organisational information only; not legal advice.