Legal
Privacy Policy
PearMedica is committed to protecting patient data and maintaining the highest standards of data security and regulatory compliance.
Our Data Protection Commitments
NDPA 2023 Compliance
Full compliance with the Nigeria Data Protection Act 2023. We follow a phased data localisation strategy to ensure all patient data is processed within Nigeria before any real patient data is handled.
AES-256 Encryption
All Protected Health Information (PHI) is encrypted at rest and in transit using AES-256-GCM with per-record initialisation vectors. Encryption keys are managed through secure key management services.
Consent Management
Clear opt-in consent for data collection. Patients and B2B partners have full control over what data is shared with our platform.
Data Processing Agreements
Every B2B customer signs a Data Processing Agreement that defines data handling responsibilities, retention periods, and processing limitations.
Audit Logging
Comprehensive, immutable audit trails of every API call, data access, and admin action. All audit records are encrypted and append-only.
Data Subject Rights
Procedures for data access, deletion, and export requests. Assessments are retained for 1 year by default, with customisable retention policies for enterprise customers.
Data Breach Protocol
In the event of a data breach, PearMedica will notify affected parties within 72 hours in accordance with NDPA 2023 requirements. Our internal incident response process is documented and reviewed quarterly.
Contact Our Data Protection Officer
For questions about our privacy practices, data subject access requests, or to exercise your rights under NDPA 2023, please contact us at privacy@pearmedica.com