Legal

Privacy Policy

Effective date: 13 April 2026 · Last updated: 13 April 2026

NesChade Global Ltd (“NesChade”, “we”, “us”, or “our”) respects your privacy. This Privacy Policy explains what information we collect, how we use it, and the rights you have when you access or use the Cliniqa Lab OS at lab.cliniqa.cloud. We operate under the Nigeria Data Protection Act 2023 (NDPA).

1. Who We Are

NesChade Global Ltd is a Nigerian company registered with the Corporate Affairs Commission. We build focused AI products for the Nigerian market. The Cliniqa Lab OS is a B2B software-as-a-service platform designed for Nigerian medical laboratories to manage lab results, sample tracking, quality assurance, and patient communication.

For the purposes of the NDPA, NesChade Global Ltd is the data controller of the personal data processed through the Cliniqa Lab OS.

Data Controller Contact

NesChade Global Ltd · support@cliniqa.cloud

2. Scope of This Policy

This policy applies to:

The Cliniqa Lab OS web application at lab.cliniqa.cloud.
Our product website at cliniqa.cloud and any of its pages.
Interactions with us over email, contact forms, or business engagements related to the Cliniqa Lab OS.

This policy does not apply to third-party websites or services we link to. You should review their privacy policies separately.

3. Information We Collect

3.1 Information you provide directly

Account & Identity Data

Lab name, registered business address, contact person name, work email address, phone number, MLSCN registration details, and a password hash.

Uploaded Documents

Lab result files (PDFs, images), CSV result exports, and supporting verification documents submitted during registration. These files may contain patient health information held on behalf of the lab.

Billing Data

Subscription plan, payment reference numbers. Full card details are handled by Paystack and are never stored by Cliniqa.

Inquiries & Correspondence

Information you send us through contact forms, email, or during a business engagement.

3.2 Information collected automatically

Usage & Technical Data

Login timestamps, browser and device type, IP address, feature usage events (e.g. results pushed, samples logged), and error logs needed to keep the platform operating.

Website Analytics

Aggregate visitor statistics (pages viewed, approximate location, referral source). See the Cookies section below.

3.3 Sensitive personal data

Lab result documents uploaded to the platform are considered sensitive personal data under the NDPA because they relate to health. We treat this category of information with additional care, process it only for the purposes described in this policy, and the uploading lab is responsible for ensuring it has obtained the necessary patient consents before uploading that data through our platform.

4. How We Use Your Information

We use the information we collect to:

Provide and operate the Cliniqa Lab OS — including account provisioning, result management, sample tracking, and QA monitoring.
Run AI-assisted quality checks on result files (via Google Cloud Vision OCR and Anthropic Claude API) to support laboratory workflows.
Send transactional emails and OTP codes (via SendGrid/SMTP) required for authentication and platform operation.
Process subscription payments and manage billing records (via Paystack).
Respond to your inquiries and deliver services you have contracted us for.
Monitor platform health, fix bugs, prevent abuse, and improve accuracy of AI-assisted features.
Improve platform features based on aggregated, anonymised usage patterns.
Comply with our legal obligations under Nigerian law.

We do not use your lab result data, patient health data, or personal data to train third-party AI models for unrelated purposes, and we do not sell your personal data to anyone.

5. Legal Basis for Processing

We process personal data under the following lawful bases as defined by the NDPA 2023:

Contract performance (NDPA s.2.5(1)(b)): Processing your account and billing data is necessary to provide the Cliniqa Lab OS under our subscription agreement.
Consent: For processing lab result content, patient health data within uploaded documents, and for sending optional communications.
Legitimate interests (NDPA s.2.5(1)(f)): We process usage and technical data to maintain platform security, prevent fraud, and make operational improvements. These interests do not override your data protection rights.
Legal obligation: Where we must process or retain information to comply with applicable Nigerian law or a lawful court order.

7. Third-Party Service Providers

We use a small number of reputable service providers to run our infrastructure and deliver the platform’s features. These providers only process data on our instructions and are bound by confidentiality and data protection obligations. We do not sell your data to any third party.

Processor	Purpose	Data Shared
Cloud hosting & storage	Backend infrastructure & uploaded document storage	Account data, document files
SendGrid / SMTP	Transactional email & OTP delivery	Email address, message content
Paystack	Subscription billing	Name, email, payment reference
Google Cloud Vision	OCR text extraction from result files	Document file content
Anthropic Claude API	AI-assisted result quality analysis	Extracted text from documents

A current list of named processors and their roles is available on request by emailing support@cliniqa.cloud.

8. Data Retention

We keep personal data only for as long as we need it:

Account & identity data5 years after last account activity or account deletion, except where law requires longer retention.

Uploaded result documents3 years from the date of upload. You can delete individual entries from within the portal at any time.

Billing records7 years (statutory financial record-keeping under Nigerian law).

Inquiries & business correspondenceUp to 3 years for service continuity and legal recordkeeping.

Security & audit logs90 days rolling.

Website analyticsAggregated and non-identifying; retained for up to 24 months.

After retention periods expire, data is securely deleted or irreversibly anonymised.

9. Security

We use reasonable administrative, technical, and organisational safeguards to protect personal data in our custody — including encryption in transit (TLS/HTTPS only), AES-256 encryption at rest, role-based access controls, multi-factor authentication on production systems, and the principle of least privilege for staff. No method of transmission or storage is 100% secure, and we cannot guarantee absolute security — but we commit to promptly investigating and notifying affected account holders of any confirmed data breach in accordance with the NDPA.

10. Your Rights Under the NDPA

Under the Nigeria Data Protection Act 2023, you (and the individuals whose data your lab uploads) have the following rights:

Right of Access

Request a copy of the personal data we hold about you.

Right to Correction

Ask us to correct inaccurate or incomplete data.

Right to Erasure

Request deletion of your data where no legal basis for retention exists.

Right to Portability

Receive your personal data in a structured, commonly used format.

Right to Object

Object to, or restrict, certain types of processing.

Right to Withdraw Consent

Where processing relies on consent, withdraw it at any time without affecting prior processing.

To exercise any of these rights, email support@cliniqa.cloud with the subject line “Data Subject Request”. We will respond within the timeframes required by the NDPA. You may also lodge a complaint with the Nigeria Data Protection Commission (NDPC) at ndpc.gov.ng if you believe your rights have been violated.

11. Children

The Cliniqa Lab OS is intended for use by registered medical laboratories and their authorised staff — all of whom must be 18 years of age or older. We do not knowingly collect personal data directly from individuals under 18. Lab result documents may reference minors as patients; the uploading laboratory is responsible for ensuring it has obtained appropriate parental or guardian consent before processing such data through our platform.

12. International Data Transfers

Some of our service providers (for example, cloud hosting, Google Cloud Vision, or Anthropic) may process data outside Nigeria. Where data is transferred internationally, we rely on contractual and technical safeguards to ensure your data receives a level of protection consistent with the NDPA 2023. By using the Cliniqa Lab OS, you understand that your information may be processed in jurisdictions outside Nigeria.

13. Cookies & Tracking

The Cliniqa Lab OS uses only essential, functional cookies required for authentication sessions and security (for example, keeping you logged in). We do not use advertising, tracking, or third-party analytics cookies within the portal itself. No third-party advertising networks have access to your browsing behaviour on this platform. You can disable cookies in your browser settings; core portal functionality may be affected if you do so.

14. Changes to This Policy

We may update this Privacy Policy from time to time as our platform evolves or as the law requires. When we make a material change, we will update the “Last updated” date at the top of this page and notify account administrators by email at least 14 days before the changes take effect. Continued use of the platform after the effective date constitutes acceptance of the updated policy. If you do not agree to the revised policy, you may cancel your subscription before the effective date.

15. Contact Us

If you have any questions, concerns, or requests about this Privacy Policy or how we handle your personal data, please contact us:

Email: support@cliniqa.cloud

Company: NesChade Global Ltd, Nigeria

You may also contact the Nigeria Data Protection Commission (NDPC) if you believe your rights under the NDPA have been violated and we have not addressed your concern.