Privacy Policy

Docarion (“we”, “our”, “us”) is a healthcare technology platform that connects patients with certified healthcare providers across Nigeria and Africa. This Privacy Policy explains how we collect, use, store, and protect your personal data in compliance with the Nigeria Data Protection Regulation (NDPR) 2019 and the Nigeria Data Protection Act (NDPA) 2023.

By using Docarion, you agree to the practices described in this policy. If you do not agree, please do not use our services.

• Healthcare delivery — connecting you with doctors, pharmacies, and labs
• AI-powered health guidance — our symptom checker uses your inputs to provide preliminary health information (this is NOT a medical diagnosis)
• Communication — appointment reminders, prescription updates, and platform notifications
• Platform improvement — anonymized, de-identified data to improve our AI models and services
• Legal compliance — fulfilling regulatory obligations and responding to lawful requests

Pidgin: We go use your information help you find doctor, order medicine, and check your body. We no go sell your data give anybody.

We never sell your personal or health data. We share data only with:

• Healthcare providers — doctors, pharmacists, and lab technicians involved in your care (with your consent)
• Payment processors — to process consultation and pharmacy payments securely
• Legal authorities — when required by law, court order, or to protect safety

In compliance with Nigerian medical practice regulations:

• Medical records (adults) — retained for a minimum of 10 years after last interaction
• Medical records (minors) — retained until the patient reaches age 25
• Account data — retained while your account is active. Upon deletion request, non-clinical data is anonymized within 30 days
• Video consultation recordings — stored locally on the doctor's device only, auto-deleted after 24 hours
• AI chat sessions — de-identified data may be retained for service improvement

Under the NDPR and NDPA, you have the right to:

• Access — request a copy of all personal data we hold about you
• Correction — request correction of inaccurate personal data
• Objection — object to processing of your data for specific purposes
• Portability — receive your data in a portable format
• Deletion — request account deletion (subject to medical record retention requirements)
• Withdraw consent — withdraw previously given consent at any time

To exercise these rights, contact our Data Protection Officer at dpo@docarion.com.

Docarion uses artificial intelligence for:

• Symptom assessment and triage guidance
• Clinical decision support for healthcare providers
• Medical text translation into local languages (Pidgin, Hausa, Yoruba, Igbo)

All patient data processed by AI is de-identified using HIPAA Safe Harbor methodology, with Nigerian-specific identifiers (NIN, BVN, NHIA) also removed.

• Encryption — AES-256 encryption at rest, TLS 1.3 in transit
• Access control — Role-based access (RBAC) ensures providers only see data relevant to their role
• Audit logging — all access to medical records is logged and auditable
• Facility isolation — multi-tenant architecture ensures clinic data is separated
• Secure infrastructure — hosted on Google Cloud with SOC 2, ISO 27001 certification

Docarion uses Google Cloud (Firebase) infrastructure, which may process data in data centers outside Nigeria. In accordance with NDPR Section 2.11, we ensure adequate data protection through:

• Google Cloud's compliance with international data protection standards
• Contractual safeguards with all third-party processors
• Data minimization — only necessary data leaves Nigerian jurisdiction

Data Protection Officer: dpo@docarion.com

General inquiries: support@docarion.com

Registered address: Lagos, Nigeria

You also have the right to lodge a complaint with the Nigeria Data Protection Commission (NDPC) if you believe your data protection rights have been violated.