Privacy Policy — ZivanaCare
Effective Date & Last Updated: June 29, 2026
KingMind Technologies Ltd ("we," "us," or "our") operates the ZivanaCare application ("the App" or "the Platform"), a subscription-based maternal and women's health platform offering pregnancy tracking, teleconsultations, postpartum support, and a medical marketplace.
This Privacy Policy explains how we collect, use, store, share, and protect your personal data when you use ZivanaCare. It applies to all users of the Platform regardless of their country of residence, including users in Nigeria, the United Kingdom, the European Union, the United States, Canada, and other African countries.
We are committed to complying with applicable data protection laws in every jurisdiction where we operate, including:
- Nigeria Data Protection Act 2023 (NDPA) and Nigeria Data Protection Regulation (NDPR)
- UK General Data Protection Regulation (UK GDPR) and Data Protection Act 2018
- EU General Data Protection Regulation (GDPR)
- Health Insurance Portability and Accountability Act (HIPAA) — United States
- Personal Information Protection and Electronic Documents Act (PIPEDA) — Canada
- California Consumer Privacy Act (CCPA) — California, USA
By registering and using ZivanaCare, you agree to the practices described in this policy.
1. Who This Policy Applies To
This policy applies to:
- Expecting mothers using pregnancy tracking, appointment booking, and teleconsultation features.
- New mothers using postpartum support and infant health tracking features.
- Women using the wellness, period tracking, and general health features.
- All registered users of the ZivanaCare platform across all subscription tiers.
2. Information We Collect
2.1 Identity & Account Information
- Full name, date of birth, and gender.
- Email address and phone number.
- Password (stored in encrypted/hashed form — never in plain text).
- Profile photo (optional).
- Country of residence and preferred language.
- Device information (device type, OS version, unique device identifiers).
2.2 Sensitive Health & Maternal Data
This is the most sensitive category of data we collect. It includes:
- Pregnancy stage, estimated due date, and gestational age.
- Postpartum status and recovery information.
- Menstrual cycle and period tracking data.
- Symptoms, health conditions, and medical history you voluntarily input.
- Medications and supplements you log.
- Weight, blood pressure, and other vitals you record.
- Baby growth and developmental milestone tracking.
- Mental health and mood data (where you choose to share it).
We collect this data only with your explicit consent and use it solely to deliver personalised health support through the Platform.
2.3 Teleconsultation Data
- Appointment bookings and scheduling information.
- Video call session metadata (date, time, duration) — processed via LiveKit Cloud.
- In-app messages and chat history with healthcare professionals.
- Consultation notes entered by your assigned healthcare provider.
Important: KingMind Technologies Ltd does not record, store, or retain the audio or video content of your consultations. Session metadata is retained for billing and audit purposes only.
2.4 Marketplace & Transaction Data
- Shipping name and delivery address.
- Order history and purchase records.
- Prescription uploads (where applicable — transmitted only to the fulfilling pharmacy).
- Payment transaction confirmations (full card details are never stored by us — handled by Paystack and Stripe).
2.5 Subscription & Billing Data
- Active subscription tier and mode (Expecting, New Mum, or Wellness).
- Subscription start and renewal dates.
- In-app purchase history (processed via Google Play Billing or Apple App Store).
- Paystack transaction references (for direct web payments).
2.6 Community & Social Data
- Posts, comments, and replies shared in community spaces.
- Community group memberships.
- Reactions and engagement activity.
2.7 Usage & Technical Data
- App usage logs, session duration, and feature interaction patterns.
- Push notification tokens and interaction data (via OneSignal).
- Crash reports and diagnostic information.
- IP address and approximate location (city-level, inferred from IP).
- Precise location (only if you explicitly grant permission).
2.8 Third-Party Login Data
If you sign in via Google or Apple, we receive your name and email address from those providers. We do not receive your passwords.
3. How We Use Your Information
| Purpose | Data Used |
|---|---|
| Account creation and authentication | Identity, account data |
| Personalised pregnancy and health tracking | Sensitive health and maternal data |
| Delivering teleconsultations with healthcare professionals | Consultation and appointment data |
| Processing marketplace orders and deliveries | Marketplace and transaction data |
| Managing your subscription and billing | Subscription and billing data |
| Moderating and operating community features | Community and social data |
| Sending appointment reminders and health notifications | Contact and usage data |
| Improving the Platform through analytics | Technical and usage data |
| Detecting and preventing fraud and security threats | Technical and account data |
| Complying with legal and regulatory obligations | All categories as required |
| Responding to support inquiries | Identity and relevant activity data |
4. Sensitive Health Data — Additional Safeguards
We recognise that maternal and health data is among the most sensitive categories of personal information. In addition to our standard security measures, we apply the following safeguards specifically to health data:
- Health data is encrypted both at rest and in transit using industry-standard protocols.
- Access to health data is strictly limited to authorised KingMindTech personnel and the healthcare professionals directly involved in your care.
- We never sell, rent, or commercially exploit your health data.
- We never use your health data for advertising or profiling purposes.
- Health data shared with healthcare professionals is subject to their professional duty of confidentiality.
- You may delete your health data at any time (subject to applicable medical record retention laws).
By choosing to input health information on the Platform, you give us explicit consent to process that data for the purposes described in this policy.
5. Legal Basis for Processing
5.1 GDPR / UK GDPR (EU and UK Users)
| Processing Activity | Legal Basis |
|---|---|
| Account registration and authentication | Contract performance (Art. 6(1)(b)) |
| Pregnancy and health tracking | Explicit consent (Art. 6(1)(a); Art. 9(2)(a)) |
| Teleconsultations and healthcare delivery | Healthcare purposes (Art. 9(2)(h)) |
| Marketplace orders and fulfilment | Contract performance (Art. 6(1)(b)) |
| Subscription and billing management | Contract performance (Art. 6(1)(b)) |
| Platform analytics and improvement | Legitimate interests (Art. 6(1)(f)) |
| Push notifications and reminders | Consent (Art. 6(1)(a)) |
| Compliance with legal obligations | Legal obligation (Art. 6(1)(c)) |
5.2 Nigeria (NDPA 2023)
We process your data based on your consent, the necessity of performing our contract with you, and compliance with applicable Nigerian law.
5.3 United States (HIPAA / CCPA)
Where we process Protected Health Information (PHI) as defined under HIPAA, we implement appropriate safeguards as a Covered Entity or Business Associate. California residents have additional rights under the CCPA — see Section 12.
5.4 Canada (PIPEDA)
We process personal information with your knowledge and consent, and only for the purposes identified in this policy, in accordance with PIPEDA.
6. Video Consultations
Teleconsultations on ZivanaCare are powered by LiveKit Cloud, a third-party real-time communications provider:
- KingMind Technologies Ltd does not record or store your video or audio consultation content.
- Session metadata (start time, duration, participant IDs) is retained for billing and audit purposes.
- LiveKit processes in-transit data under their own privacy policy: livekit.io/privacy.
- All video sessions are conducted over encrypted connections.
7. Data Sharing & Third Parties
We do not sell your personal data. We share your data only in the following circumstances:
7.1 Healthcare Professionals
When you book a consultation, relevant health information is shared with your assigned healthcare provider on the ZivanaCare platform. They are bound by professional confidentiality obligations.
7.2 Marketplace Vendors
Your name, delivery address, and order details are shared with the relevant ZivanaCare Merchant solely to fulfil your order. Vendors may not use this data for any other purpose.
7.3 Service Providers
We share data with trusted third-party service providers under strict data processing agreements:
| Provider | Purpose |
|---|---|
| LiveKit Cloud | Real-time video teleconsultations |
| Paystack | NGN payment processing |
| Stripe | GBP/EUR/USD/CAD payment processing |
| Google Play / Apple App Store | In-app subscription billing |
| OneSignal | Push notification delivery |
| Hetzner (Germany, EU) | Cloud hosting and data storage |
| Cloudinary / AWS S3 | Media and image storage |
7.4 Legal Obligations
We may disclose your data to law enforcement, regulators, or courts where required by a valid legal order or applicable law in any jurisdiction in which we operate.
7.5 What We Will Never Do
- Sell your personal or health data to advertisers or data brokers.
- Share your health data for third-party marketing without your explicit consent.
- Use your health data to make fully automated decisions that significantly affect you without human oversight.
8. International Data Transfers
Your data is stored and processed on servers located in the European Union (Hetzner, Germany). As a global platform, your data may also be processed by our service providers in other countries.
Where data is transferred internationally, we ensure appropriate safeguards are in place (SCCs, UK IDTAs, HIPAA, NDPA 2023, and PIPEDA).
9. Data Retention
| Data Type | Retention Period |
|---|---|
| Account and identity data | Duration of active account + 3 years |
| Sensitive health and maternal data | 5 years after last active use |
| Teleconsultation records | 7 years (international medical record standards) |
| Marketplace and order records | 7 years (tax and regulatory compliance) |
| Subscription and billing records | 7 years (financial compliance) |
| Community content | Until you delete it or close your account |
| Technical and usage logs | 12 months |
10. Data Security
We implement comprehensive technical and organisational security measures:
- Passwords are hashed using bcrypt — never stored in plain text.
- All data in transit is encrypted via TLS/HTTPS.
- Sensitive health data is encrypted at rest.
- Backend infrastructure is hosted on Hetzner private cloud servers (EU).
- MongoDB access is role-restricted and requires authentication.
- Role-based access controls limit which personnel can view personal data.
11. Your Rights
| Right | Nigeria (NDPA) | UK/EU (GDPR) | California (CCPA) | Canada (PIPEDA) |
|---|---|---|---|---|
| Access your data | ✅ | ✅ | ✅ | ✅ |
| Correct inaccurate data | ✅ | ✅ | ✅ | ✅ |
| Delete your data | ✅ | ✅ | ✅ | ✅ |
| Data portability | ✅ | ✅ | ✅ | ✅ |
| Withdraw consent | ✅ | ✅ | ✅ | ✅ |
11.1 California Residents (CCPA)
California residents have the right to know what personal info we collect, request deletion, opt out of data sales (we do not sell data), and enjoy non-discrimination. Contact privacy@zivanacare.com.
12. Children's Privacy
ZivanaCare is not intended for use by children under the age of 18. We do not knowingly collect personal data from individuals under 18.
Note on pregnant teenagers: The Platform may be accessed by pregnant users under 18 in a maternal care context under parent/guardian supervision. If you believe a minor has created an account without supervision, contact us.
13. Supervisory Authorities
You have the right to lodge a complaint with the relevant data protection authority in your country:
- Nigeria: Nigeria Data Protection Commission (NDPC) — ndpc.gov.ng
- UK: Information Commissioner's Office (ICO) — ico.org.uk
- EU: Your local EU Data Protection Authority — edpb.europa.eu
- USA: Department of Health & Human Services (HHS) — hhs.gov/hipaa
- Canada: Office of the Privacy Commissioner (OPC) — priv.gc.ca
14. Data Protection Officer
KingMind Technologies Ltd has appointed a Data Protection Officer (DPO) responsible for overseeing compliance:
Contact our DPO:
Subject line: "Data Protection Inquiry — ZivanaCare"
📍 KingMind Technologies Ltd, Port Harcourt, Rivers State, Nigeria