InfectoSnap
Legal

Privacy Policy

Last updated: February 2026

Introduction

InfectoSnap ("we," "our," or "us") is committed to protecting your privacy and ensuring the security of your personal and health information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI-powered diagnostic platform, including the Provider App, Family App, and Business Dashboard (collectively, the "Services").

By using our Services, you consent to the practices described in this Privacy Policy. If you do not agree with this policy, please do not use our Services.

1. Information We Collect

1.1 Personal Information

We collect information that identifies you as an individual, including:

  • Account Information: Full name, email address, phone number, job title, and professional credentials
  • Institutional Information: Organization name, type, address, and registration details
  • Authentication Data: Login credentials and security verification information

1.2 Health Information

As a healthcare diagnostic platform, we process sensitive health data, including:

  • Patient Data: Name, age, gender, medical history, and presenting symptoms
  • Diagnostic Images: Photographs of skin conditions submitted for AI analysis
  • Clinical Notes: Healthcare provider observations and notes
  • Diagnosis Results: AI-generated diagnostic suggestions and confidence scores
  • Treatment History: Previous diagnoses, treatments, and outcomes

1.3 Usage Information

We automatically collect information about how you interact with our Services:

  • Device Information: Device type, operating system, browser type, and unique device identifiers
  • Log Data: IP address, access times, pages viewed, and actions taken
  • Analytics Data: Feature usage patterns, session duration, and interaction data

2. How We Use Your Information

2.1 Service Delivery

  • Providing AI-powered diagnostic analysis
  • Managing patient records and healthcare workflows
  • Generating clinical decision support recommendations
  • Enabling secure communication between healthcare providers and patients

2.2 Service Improvement

  • Training and improving our AI diagnostic models (using anonymized data only)
  • Analyzing usage patterns to enhance user experience
  • Developing new features and capabilities
  • Conducting research to advance healthcare outcomes

2.3 Safety and Compliance

  • Ensuring platform security and preventing fraud
  • Complying with legal obligations and regulatory requirements
  • Maintaining audit trails for healthcare compliance
  • Responding to legal requests and protecting our rights

3. Legal Basis for Processing

We process your personal data based on the following legal grounds under the Nigeria Data Protection Regulation (NDPR) and Nigeria Data Protection Act (NDPA):

  • Consent: For health data processing, marketing communications, and optional features
  • Contractual Necessity: To provide the Services you have requested
  • Legal Obligation: To comply with healthcare regulations and legal requirements
  • Legitimate Interest: For security, fraud prevention, and service improvement
  • Vital Interest: In emergency healthcare situations

4. Data Sharing and Disclosure

4.1 Within Your Organization

  • Healthcare administrators within your institution may access aggregated analytics
  • Designated staff members may access patient records based on role permissions

4.2 Service Providers

We may share data with trusted third parties who assist in operating our Services:

  • Cloud infrastructure providers (with data processing agreements)
  • Analytics services (using anonymized data only)
  • Customer support tools

5. Data Security

We implement enterprise-grade security measures including:

  • Encryption: All data is encrypted in transit (TLS 1.3) and at rest (AES-256)
  • Access Controls: Role-based access control (RBAC) with multi-factor authentication
  • Audit Logging: Comprehensive logging of all data access and modifications
  • Secure Infrastructure: Enterprise-grade cloud infrastructure with SOC 2 compliance

6. Data Retention

We retain your information for the following periods:

  • Patient Health Records: As required by Nigerian healthcare regulations (minimum 6 years)
  • Account Information: Duration of account plus 2 years
  • Audit Logs: 7 years
  • Analytics Data: 3 years (anonymized)

7. Your Rights

Under the Nigeria Data Protection Act (NDPA), you have the following rights:

  • Right to Access: Request a copy of the personal data we hold about you
  • Right to Rectification: Request correction of inaccurate or incomplete data
  • Right to Erasure: Request deletion of your data, subject to legal requirements
  • Right to Data Portability: Request your data in a structured, machine-readable format
  • Right to Object: Object to processing based on legitimate interests
  • Right to Withdraw Consent: Withdraw consent at any time
  • Right to Lodge a Complaint: File a complaint with the Nigeria Data Protection Commission (NDPC)

To exercise these rights, contact us at privacy@infectosnap.com.

8. International Data Transfers

Your data is primarily stored and processed in Nigeria. If data transfer outside Nigeria is necessary, we ensure:

  • Adequate data protection standards in the receiving country
  • Standard contractual clauses approved by the NDPC
  • Your explicit consent for specific transfers

9. Changes to This Policy

We may update this Privacy Policy periodically. We will notify you of material changes via email notification, in-app notification, or notice on our website. Continued use after changes constitutes acceptance of the updated policy.

10. Contact Us

For questions about this Privacy Policy or to exercise your data rights:

InfectoSnap Data Protection Team
Email: privacy@infectosnap.com
General Inquiries: hello@infectosnap.com

Data Protection Officer
Email: dpo@infectosnap.com

This Privacy Policy is governed by the laws of the Federal Republic of Nigeria, including the Nigeria Data Protection Act 2023 and the Nigeria Data Protection Regulation 2019.