Skip to content
Afrodoctor logo

Afrodoctor Privacy Policy

Last Updated: January 2026

This Privacy Policy outlines how Health Solutions Ventures (HSV) manages and protects user data for the Afrodoctor system (including our Web Platform and Mobile Application), in compliance with **Uganda's Data Protection and Privacy Act 2019** and related regulations. By using Afrodoctor, you agree to this Policy.

I. Purpose

This policy provides a comprehensive approach to ensuring the **privacy, confidentiality, and integrity** of patient/client health information within the Afrodoctor application.

II. Data Management and Security

  1. Protection of Health Information: The highest importance is placed on protecting patient/client health information, ensuring confidentiality, privacy, and integrity. This is balanced with the health sector's need to manage **public health** (e.g., notifying emerging diseases).
  2. Access Control: Access to information and functions within the Afrodoctor system is strictly controlled according to authorized privileges.
    • Client Accounts: Clients must create an account with a strong password and log in for each session. Password reset requires identity verification.
    • Administrative Access: Access to the backend is highly restricted, sanctioned by the CEO, and limited to designated staff.
    • Data Ownership and Management: All data is owned and managed by **HSV**. Data changes or updates require explicit CEO approval.
  3. Data Sharing: Datasets may be shared across partner organizations under terms stipulated in **binding memoranda of understanding**. Data sharing will comply with data security principles, including confidentiality, informed consent, and interoperability.
  4. Data Retention and Deletion: Users have the right to request the deletion of their personal data and account. Requests can be submitted via the application settings or by contacting our support team. Upon verification, HSV will securely erase personal identifying data, retaining only anonymized statistical data required for legal or regulatory compliance.
  5. Data Breach Notification: In case of unauthorized data access, **data owners and the data management team will be immediately notified**, and measures to prevent further breaches will be undertaken promptly.

III. Mobile App Permissions and Device Data

To provide core medical functionalities (such as telemedicine and secure document uploads), the Afrodoctor Mobile Application requests specific permissions to access features on your device. We strictly use this data only for the purposes stated below:

  • Camera & Microphone: Required to facilitate real-time video and audio telemedicine consultations between you and healthcare providers. Camera access may also be used to capture photos of physical medical documents for your digital record.
  • Photos, Media, & Files: Required to allow you to securely upload existing medical records, lab results, or update your profile picture from your device's gallery.
  • Location Data: Required to help you identify and navigate to nearby hospitals, clinics, and healthcare facilities within the Afrodoctor network.
  • Biometric Data (Fingerprint/Face ID): Used strictly locally on your device to provide seamless and secure login. Biometric data is managed entirely by your device's operating system and is never transmitted to, or stored on, Afrodoctor servers.

IV. Compliance and Regulatory Requirements

The Afrodoctor application is compliant with the following national regulatory frameworks for digital health in Uganda:

  • Computer Misuse Act 2011
  • Electronic Signature Act 2011
  • Electronic Transactions Act 2011
  • Data Protection and Privacy Act 2019
  • National Information Technology policy 2009
  • Data Protection and Privacy Regulations 2021
  • Electronics Transaction Regulations 2013