Privacy Policy — MedicsLink

This Privacy Policy explains how MedicsLink ("MedicsLink", "we", "us" or "our") collects, uses, shares and protects your personal data when you use the MedicsLink mobile application, website and related services (the "Platform"). We process personal data in accordance with the Nigeria Data Protection Act 2023 (the "NDPA") and other applicable laws. By using the Platform you acknowledge the practices described here.

1. Who we are

MedicsLink operates a marketplace that connects independent healthcare professionals ("Professionals") with hospitals, clinics and other healthcare providers ("Organizations"). For the personal data described below, MedicsLink acts as a data controller. Where we process data on behalf of an Organization, we may act as a data processor.

2. Information we collect

Information you give us:

Account details — name, email address, phone number, password, role (Professional or Organization) and intent.
Professional & credential data — profession, registration/licence numbers, issuing body, indemnity insurance, certificates and other documents you upload for verification.
Identity verification (KYC) — identity documents and related details used to confirm who you are.
Organization details — business registration and contact information.
Payment & payout data — bank account details for payouts (account numbers are encrypted at rest) and subscription information. Full card or bank numbers are handled by our payment gateway, not stored in full by us.
Communications — messages you send through in-app chat and support, and ratings or reviews you submit.

Information we collect automatically:

Usage & device data — app interactions, device type, operating system, and approximate technical identifiers used to keep the service secure and reliable.
Push notification identifiers — a device token so we can deliver alerts.

3. How we use your data and our lawful bases

We use personal data to:

Create and manage your account and provide the Platform (performance of a contract).
Verify professional credentials and identity, and operate hire and check-in eligibility gates (legal obligation / legitimate interest in patient safety and trust).
Facilitate Engagements, scheduling, payments, escrow and payouts (performance of a contract).
Send service messages, notifications and, where permitted, updates (consent or legitimate interest).
Prevent fraud, abuse and security incidents, and comply with the law (legal obligation / legitimate interest).

You may withdraw consent at any time where processing is based on consent; this does not affect processing already carried out.

4. Sensitive and credential information

Professional credentials and identity documents are sensitive. We use them only to verify eligibility and operate the Platform, restrict access to authorised personnel, and protect them with appropriate safeguards. Any patient information you access during an Engagement is the responsibility of the Organization and must be handled under their policies and applicable law — it is not collected by MedicsLink for our own purposes.

5. How we share your data

We share personal data only as needed:

Between Users — limited profile, credential-status and contact details are shared between a Professional and an Organization to enable an Engagement.
Service providers (processors) — payment gateway, identity/credential verification, cloud hosting, push-notification and analytics providers, acting on our instructions under appropriate agreements.
App stores — Apple and Google process subscription purchases under their own terms.
Legal & safety — where required by law, regulation, or to protect the rights, property or safety of Users, patients or the public.

We do not sell your personal data.

6. International transfers

Some service providers may process data outside Nigeria. Where we transfer personal data internationally, we take steps required by the NDPA to ensure an adequate level of protection.

7. Data retention

We keep personal data for as long as your account is active and as needed to provide the Platform, then for any further period required to meet legal, regulatory, tax, accounting or dispute-resolution obligations. When data is no longer needed it is deleted or anonymised.

8. Security

We use technical and organisational measures to protect personal data, including encryption of sensitive fields (such as payout account numbers), access controls and secure authentication. No system is completely secure, so we cannot guarantee absolute security; please protect your login credentials and notify us of any suspected unauthorised access.

9. Your rights

Subject to applicable law, you have the right to:

Access the personal data we hold about you.
Request correction of inaccurate or incomplete data.
Request deletion of your data (you can delete your account from within the app).
Object to or restrict certain processing.
Request a copy of your data in a portable format.
Withdraw consent where processing relies on it.

To exercise these rights, contact us through the in-app Help & Support channel. You also have the right to lodge a complaint with the Nigeria Data Protection Commission.

10. Push notifications and communications

With your permission, we send push notifications about shifts, applications, payments and messages. You can disable notifications in your device settings. Some service communications (for example security or payment notices) are necessary to use the Platform.

11. Children

The Platform is intended for users aged 18 and over and is not directed at children. We do not knowingly collect personal data from anyone under 18.

12. Changes to this policy

We may update this Privacy Policy from time to time. Where changes are material, we will provide notice through the Platform. Your continued use after the changes take effect constitutes acceptance of the updated policy.

13. Contact us

For privacy questions or to exercise your rights, contact MedicsLink through the in-app Help & Support channel, or by email at medicslinkng@gmail.com.