Privacy Policy — ZivanaCare Doctor
Effective Date & Last Updated: June 29, 2026
KingMind Technologies Ltd ("we," "us," or "our") operates the ZivanaCare Doctor application ("the App"), a professional teleconsultation platform for verified healthcare providers on the ZivanaCare ecosystem. This Privacy Policy explains how we collect, use, store, and protect your personal and professional data when you use the App.
ZivanaCare operates globally, including in Nigeria, the United Kingdom, the European Union, the United States, Canada, and other African countries. We are committed to complying with applicable data protection laws in each jurisdiction where we operate.
By registering and using ZivanaCare Doctor, you agree to the practices described in this policy.
1. Who This Policy Applies To
This policy applies exclusively to verified healthcare professionals — including but not limited to obstetricians, gynaecologists, midwives, general practitioners, and other licensed medical personnel — who are onboarded onto the ZivanaCare platform by KingMind Technologies Ltd, regardless of their country of registration.
2. Information We Collect
2.1 Professional Identity & Verification Data
- Full name, profile photo, and date of birth.
- Medical licence number and issuing regulatory body (e.g. MDCN, GMC, NMC, AMA, AMC, or equivalent).
- Specialty, qualifications, and years of experience.
- Hospital or clinic affiliation.
- Government-issued ID (for KYC verification).
2.2 Account & Contact Information
- Email address and phone number.
- Password (stored in encrypted/hashed form — never in plain text).
- Country of practice and preferred currency.
- Device information (device type, OS version, unique device identifiers).
2.3 Consultation & Clinical Activity Data
- Appointment schedules and availability settings.
- Consultation session metadata (date, time, duration).
- Video call session identifiers (processed via LiveKit Cloud — no video content is stored by KingMindTech).
- In-app messages and communications with patients.
- Clinical notes entered within the App.
2.4 Financial & Payout Data
- Bank account details or payment processor recipient codes (Paystack for NGN; Stripe or equivalent for GBP/EUR/USD/CAD).
- Earnings history and transaction records.
- Consultation fees charged and commissions deducted.
- Tax identification numbers where required by local law.
2.5 Usage & Technical Data
- App usage logs and activity timestamps.
- Push notification interaction data (via OneSignal).
- Crash reports and diagnostic information.
- IP address and approximate location (city-level only).
3. How We Use Your Information
| Purpose | Data Used |
|---|---|
| Account creation and authentication | Identity, contact, credentials |
| Professional verification and onboarding | KYC, licence, affiliation data |
| Enabling teleconsultations with patients | Appointment, session, messaging data |
| Processing earnings and payouts | Financial/payout data |
| Sending appointment and platform notifications | Contact, usage data |
| Improving platform performance and reliability | Technical and usage data |
| Complying with legal and regulatory obligations | All categories as required |
| Resolving disputes and enforcing platform policies | Relevant activity data |
4. Patient Data You Access
As a healthcare provider on ZivanaCare, you will access patient health information through the App. You acknowledge and agree that:
- Patient data is provided to you solely for the purpose of delivering care through the ZivanaCare platform.
- You must handle all patient data in accordance with applicable health data regulations in your jurisdiction (including but not limited to HIPAA in the USA, GDPR/UK GDPR in the EU/UK, NDPA in Nigeria, and PIPEDA in Canada).
- You must not copy, export, share, or use patient data outside the ZivanaCare platform for any purpose.
- KingMind Technologies Ltd acts as a data processor in relation to patient data; you, as the treating provider, bear professional responsibility for appropriate use.
5. Video Consultations
Video calls conducted through ZivanaCare Doctor are powered by LiveKit Cloud, a third-party real-time communications provider. Please note:
- KingMind Technologies Ltd does not record, store, or retain video or audio content from consultations.
- Session metadata (start time, duration, participant identifiers) is retained for billing and audit purposes.
- LiveKit's own privacy practices apply to in-transit processing. See: livekit.io/privacy
6. Legal Basis for Processing (GDPR / UK GDPR)
For users in the United Kingdom and European Union, we process your personal data under the following legal bases:
| Processing Activity | Legal Basis |
|---|---|
| Account registration and verification | Contract performance (Art. 6(1)(b)) |
| Professional KYC and licence verification | Legal obligation (Art. 6(1)(c)) |
| Delivering teleconsultation services | Contract performance (Art. 6(1)(b)) |
| Processing health-related professional data | Explicit consent (Art. 9(2)(a)) or employment/healthcare purposes (Art. 9(2)(h)) |
| Payout processing | Contract performance (Art. 6(1)(b)) |
| Platform analytics and improvement | Legitimate interests (Art. 6(1)(f)) |
| Compliance with legal obligations | Legal obligation (Art. 6(1)(c)) |
7. HIPAA Notice (United States)
For healthcare providers practising in the United States, ZivanaCare Doctor operates as a Business Associate as defined under the Health Insurance Portability and Accountability Act (HIPAA). We implement appropriate administrative, physical, and technical safeguards to protect any Protected Health Information (PHI) accessed through the platform. A Business Associate Agreement (BAA) is available upon request by contacting privacy@zivanacare.com.
8. PIPEDA Notice (Canada)
For users in Canada, we process personal information in accordance with the Personal Information Protection and Electronic Documents Act (PIPEDA). You have the right to access, correct, and withdraw consent for the use of your personal information. Contact our Privacy Officer at privacy@zivanacare.com for any related requests.
9. Data Sharing & Third Parties
We do not sell your personal data. We share data only in the following circumstances:
9.1 Service Providers
- LiveKit Cloud — real-time video infrastructure.
- Paystack — NGN payment processing and payouts.
- Stripe — GBP/EUR/USD/CAD payment processing and payouts.
- OneSignal — push notification delivery.
- Hetzner — secure cloud data storage and hosting (EU-based).
9.2 Platform Sharing
- Your professional profile (name, specialty, photo, ratings) is visible to patients on the ZivanaCare patient app.
- Consultation history is accessible to the relevant patient whose session it relates to.
9.3 Legal Obligations
We may disclose your data to regulatory authorities, law enforcement, or courts where required by applicable law in any jurisdiction in which we operate.
10. International Data Transfers
Your data is stored and processed on servers located in the European Union (Hetzner, Germany). Where data is transferred across borders, we ensure appropriate safeguards are in place, including:
- EU/UK users: Standard Contractual Clauses (SCCs) or UK International Data Transfer Agreements (IDTAs) where applicable.
- US users: Compliance with applicable federal and state privacy laws.
- Nigerian users: Compliance with the Nigeria Data Protection Act 2023 (NDPA).
- Canadian users: Compliance with PIPEDA.
11. Data Retention
| Data Type | Retention Period |
|---|---|
| Account and profile data | Duration of active account + 2 years |
| Consultation records | 7 years (international medical record standards) |
| Financial and payout records | 7 years (tax and regulatory compliance) |
| KYC and verification documents | 5 years post-account closure |
| Technical and usage logs | 12 months |
12. Data Security
We implement the following security measures to protect your data:
- Passwords are hashed using bcrypt — never stored in plain text.
- All data in transit is encrypted via TLS/HTTPS.
- Backend infrastructure is hosted on Hetzner private cloud servers (EU).
- MongoDB access is role-restricted and authenticated.
- Access to production systems is limited to authorised KingMindTech personnel only.
- Regular security reviews are conducted on our infrastructure.
In the event of a data breach affecting your personal data, we will notify you and relevant supervisory authorities within the timeframes required by applicable law (72 hours under GDPR; without unreasonable delay under HIPAA and PIPEDA).
13. Your Rights
Depending on your country of residence, you may have the following rights:
| Right | Nigeria (NDPA) | UK/EU (GDPR) | USA (HIPAA) | Canada (PIPEDA) |
|---|---|---|---|---|
| Access your data | ✅ | ✅ | ✅ | ✅ |
| Correct inaccurate data | ✅ | ✅ | ✅ | ✅ |
| Delete your data | ✅ | ✅ | Partial | ✅ |
| Data portability | ✅ | ✅ | ❌ | ✅ |
| Object to processing | ✅ | ✅ | ❌ | ✅ |
| Withdraw consent | ✅ | ✅ | ✅ | ✅ |
To exercise any of these rights, contact us at privacy@zivanacare.com. We will respond within 30 days.
14. Supervisory Authorities
You have the right to lodge a complaint with the relevant data protection authority in your country:
- Nigeria: Nigeria Data Protection Commission (NDPC) — ndpc.gov.ng
- UK: Information Commissioner's Office (ICO) — ico.org.uk
- EU: Your local EU Data Protection Authority — edpb.europa.eu
- USA: Department of Health & Human Services (HHS) — hhs.gov/hipaa
- Canada: Office of the Privacy Commissioner (OPC) — priv.gc.ca
15. Contact Us
If you have any questions, concerns, or data requests regarding this Privacy Policy, please contact:
KingMind Technologies Ltd
Port Harcourt, Rivers State, Nigeria