Privacy Policy

This policy describes how we collect, use, store, and protect information when you use our websites, mobile apps, and related services (“Services”). It is written to be clear and practical; it is not legal advice. If you do not agree, please do not use the Services.

1. Who we are

Daktalink operates digital health information and tools focused on Nigeria. Contact for privacy questions: use Report issue or the support channels shown in the app.

2. What we collect

Depending on how you use the Services, we may process:

• Account data: name, email address, phone number, password (stored using strong hashing — we do not store your password in plain text), and preferences you set.
• Health-related inputs you choose to provide: for example symptom-checker answers, pregnancy-care inputs, telemedicine messages, uploads you send, or profile fields you complete.
• Technical and usage data: device type, approximate location if you allow it (for example to suggest nearby facilities), IP address, timestamps, cookies or similar technologies, and product analytics that are designed to avoid unnecessary personal detail where possible.
• Communications: messages you send to support, feedback, and records needed to handle billing or referrals where applicable.

3. Why we use your information

We use information to:

• Provide, secure, and improve the Services (including sign-in, sync, reminders, and optional features you turn on).
• Keep users safe where reasonably possible (for example abuse detection and integrity of clinical workflows).
• Meet legal, regulatory, or law-enforcement requirements when required.
• Send service messages (for example verification, password reset, appointment or subscription notices) using the channels you enable.

Where we rely on consent (for example marketing beyond core service email/SMS), we will ask clearly and you can withdraw consent using account settings or support.

4. Sharing

We do not sell your personal information. We may share data with:

• Service providers who help us host, secure, analyse, or deliver the product (under contracts that require appropriate protection).
• Payment or messaging partners when you use paid features or SMS/WhatsApp/email delivery, as needed to complete those transactions.
• Healthcare workflow participants when you use features that explicitly involve others (for example a telemedicine doctor viewing the thread you opened).
• Authorities when we believe in good faith that disclosure is required by law or to protect vital interests.

5. International transfers & AI subprocessors

Some features use subprocessors outside Nigeria (for example OpenAI in the United States for AI-assisted symptom analysis, voice transcription, mental wellness chat, and lab interpretation). SMS, WhatsApp, and payment partners may also process data according to their own policies.

We do not send your health inputs to external AI unless you have accepted our cross-border data processing notice (or equivalent session consent for guests). Without that consent, we use on-platform rule-based tools where possible.

Where we transfer personal data across borders, we use contractual and organisational measures we consider appropriate under the Nigeria Data Protection Act (NDPA) 2023. Organisational registration, Data Protection Impact Assessments, and signed transfer instruments with each provider are maintained outside this app.

6. Retention

We keep information only as long as needed for the purposes above, including legal, accounting, or security requirements. Some logs or backups may persist for a limited period after deletion from live systems.

7. Security

We use industry-standard measures appropriate to the nature of the Services. No online service can be 100% secure; you should use a strong unique password and protect your device.

8. Your choices & data-subject rights

Signed-in users can download a JSON export of their data and delete their account from Account → Data & privacy (password required for deletion).

You may also request access, correction, or deletion by contacting support. We may need to verify your identity. Some requests cannot be fulfilled if we must retain data by law or for legitimate security or dispute resolution.

9. Children

The Services are not directed at children under the minimum age allowed to register in your jurisdiction. If you believe we have collected a child’s data in error, contact us so we can delete it where appropriate.

10. Changes

We may update this policy from time to time. We will post the revised version on this page and, where changes are material, provide additional notice (for example by email or in-app message).