My Docki - Landing Page

1. Purpose

The purpose of this Data Retention & Security Policy ("Policy") is to outline how MyDocki Digital Healthcare ("MyDocki", "we", "our", "us") collects, stores, protects, and manages user data throughout its lifecycle — from creation to deletion.

This policy ensures that all medical, financial, and personal information shared through the MyDocki App and Web Platform is handled responsibly, securely, and in full compliance with the Nigeria Data Protection Act (NDPA 2023) and other applicable global privacy laws.

2. Scope

This Policy applies to:

All users, including patients, doctors, hospitals, pharmacies, laboratories, and vendors using MyDocki services.
All data collected via our mobile and web applications, APIs, and partner integrations.
All MyDocki staff, contractors, and third-party service providers who have authorized access to our systems.

3. Types of Data We Retain

We retain data necessary for service delivery, compliance, and performance monitoring. These include:

a. User Identification Data

Full name, email, phone number, gender, date of birth, and address.
National Identification Number (NIN), professional licenses (for healthcare providers), and verification documents.

b. Medical & Health Data

Consultation records, prescriptions, symptoms, test results, and doctor recommendations.
Uploaded medical files, lab reports, and referral notes.

c. Transactional Data

Payment history, wallet balance, refund logs, and billing addresses.
NHIS or insurance-related payment claims.

d. Technical & Device Data

Device identifiers, IP address, app usage logs, crash reports, and cookies (for analytics).

e. Communication Data

Chat messages between patients and doctors.
Support inquiries, complaints, or reviews submitted via the app.

4. Retention Period

We retain personal and medical data only for as long as it is legally or operationally required. The following categories define our standard retention durations:

Data Category	Retention Duration	Purpose / Legal Basis
Account details & profile data	Active period + 2 years	Service continuity & legal reference
Consultation & medical records	7 years	Medical documentation and dispute reference
Payment & transaction data	5 years	CBN, NDPC, and audit compliance
Communication & chat logs	2 years	Quality assurance & dispute resolution
Cookies & analytics data	6–12 months	Performance tracking & user behavior analysis
Backup archives	12 months	System recovery & disaster protection

Once data exceeds its retention period, it will be securely deleted, anonymized, or archived in accordance with NDPA standards.

5. Data Security Measures

To ensure maximum protection of user data, MyDocki employs multi-layered security controls both at the application and infrastructure levels:

a. Encryption & Transmission

All user data is encrypted in transit (SSL/TLS) and at rest (AES-256).
Sensitive data such as medical records and payment details are tokenized and stored separately.

b. Access Control

Role-based access ensures that only authorized personnel can view or modify data.
Multi-factor authentication (MFA) is required for all admin and provider logins.

c. Data Minimization

We only collect data that is necessary to deliver healthcare services.
Any data no longer required is promptly purged.

d. Monitoring & Incident Response

Real-time monitoring for suspicious activity or data breaches.
In the event of a breach, MyDocki will notify affected users and the Nigeria Data Protection Commission (NDPC) within 72 hours as required by law.

e. Data Storage & Backup

All servers are hosted on secure, compliant infrastructure (e.g., AWS, Google Cloud) with 24/7 security monitoring.
Regular encrypted backups ensure business continuity.

6. Third-Party Data Handling

MyDocki may share limited user data with verified third-party partners (e.g., pharmacies, labs, logistics providers, payment processors) strictly for operational purposes.

All third-party partners must sign a Data Processing Agreement (DPA) ensuring compliance with NDPA 2023 and GDPR principles.

Partners are prohibited from using MyDocki data for independent marketing or unrelated services.

7. User Rights Over Data

Users reserve full control and transparency over their personal data. At any time, you may:

Request access to your personal data.
Correct or update inaccurate information.
Request deletion ("Right to be Forgotten") where data is no longer needed.
Withdraw consent for specific data uses, where applicable.
Request a copy of your consultation or medical history in a portable format.

Requests should be sent to privacy@mydocki.com, and MyDocki will respond within 30 business days.

8. Data Deletion Process

When data is no longer required or upon user request:

Data is flagged for deletion and removed from active systems.
Backups containing the deleted data are securely purged within 30 days.
Deleted data cannot be recovered after final removal.
Proof of deletion may be provided upon written request.

9. Compliance & Audit

MyDocki conducts periodic internal audits to ensure full compliance with NDPA and international standards.

Any staff or partner found breaching this policy will face disciplinary or legal action.

We maintain up-to-date documentation of all data processing and storage systems.

10. User Acknowledgment

By using the MyDocki platform, you acknowledge that you have read and understood this Policy and consent to the secure processing and retention of your data as described herein.

11. Contact Information

For any questions, concerns, or requests regarding these Terms or your personal data, please contact our Data Protection Officer (DPO) at:

MyDocki Digital Healthcare

125 Olusegun Osoba Way, Oke Ilewo, Abeokuta, Ogun State, Nigeria

Email: support@mydocki.com

Phone: +234 901 615 31384