Privacy Policy

Who We Are

MedConnect Africa ("MedConnect," "we," "us," or "our") is a telemedicine platform operated by MedConnect Health, Inc., a company incorporated in the United States. We provide outpatient internal medicine and adult medicine telemedicine services to patients in Ghana and the Ghanaian diaspora in the United States.

Our physicians are licensed by the Ghana Medical and Dental Council (MDC) and operate in compliance with applicable medical regulations in Ghana and the United States.

This Privacy Policy applies to all users of our website at medconnectafrica.com, our mobile application, and any related services (collectively, the "Platform").

Information We Collect

We collect the following categories of information when you use our Platform:

Identity & Contact Information

• Full name, email address, phone number
• Date of birth and gender
• Location (city, country)
• Google account information (if you sign in with Google)

Health & Medical Information

• Reason for visit and presenting symptoms
• Current medications and dosages
• Duration of symptoms
• Medical history as provided during consultations
• Physician visit notes and diagnoses
• Laboratory results (where applicable)
• Prescription records

Payment Information

• Payment method (MTN MoMo, Vodafone Cash, AirtelTigo Money, or card)
• Transaction reference numbers
• Amount paid and currency
• We do not store your full card number, CVV, or mobile money PIN — these are processed securely by Paystack

Technical Information

• IP address and browser type
• Device type and operating system
• Pages visited and time spent on the Platform
• Appointment booking and completion timestamps

How We Use Your Information

We use your information for the following purposes:

• Providing medical care — sharing your health information with your treating physician before and during your visit
• Appointment management — scheduling, confirming, and sending reminders for your visits
• Payment processing — completing transactions through Paystack and reconciling payments
• Medical records — maintaining a record of your visit history, diagnoses, and treatments
• Communications — sending appointment confirmations, care instructions, and follow-up information via email and WhatsApp
• Platform improvement — analyzing usage patterns to improve our services
• Legal compliance — meeting our obligations under HIPAA, Ghana DPA, and other applicable laws

How We Share Your Information

We do not sell your personal or health information. We share your information only in the following circumstances:

With Your Treating Physician

Your health information is shared with the MedConnect physician conducting your visit. All our physicians are bound by professional confidentiality obligations and this Privacy Policy.

With Service Providers (Business Associates)

We share limited data with trusted third-party vendors who help us operate the Platform. All vendors who handle protected health information sign a Business Associate Agreement (BAA) with us:

• Google Firebase — authentication and database (HIPAA-eligible with BAA)
• Doxy.me — HIPAA-compliant video calling (BAA signed)
• Paystack — payment processing (PCI-DSS compliant)
• Google Workspace — email communications (HIPAA-eligible with BAA)
• Netlify — website hosting

For Legal Reasons

We may disclose your information if required by law, court order, or government authority, including mandatory reporting requirements applicable to medical providers in Ghana or the United States.

With Your Explicit Consent

For any other purpose, we will ask for your explicit written consent before sharing your information.

HIPAA — U.S. Health Privacy Rights

As a U.S.-incorporated medical entity, MedConnect Africa complies with the Health Insurance Portability and Accountability Act (HIPAA). Your Protected Health Information (PHI) is handled in accordance with HIPAA's Privacy Rule and Security Rule.

Under HIPAA, you have the right to:

• Access and receive a copy of your health records
• Request corrections to your health information
• Request restrictions on how we use or share your information
• Receive a record of disclosures we have made of your health information
• File a complaint with the U.S. Department of Health & Human Services (HHS) if you believe your rights have been violated

To exercise any of these rights, contact us at privacy@medconnectafrica.com.

Ghana Data Protection Act (Act 843)

MedConnect Africa is registered with the Ghana Data Protection Commission and complies with Ghana's Data Protection Act, 2012 (Act 843). As a data controller processing personal data of Ghanaian citizens, we are committed to the following principles:

• Lawfulness — we process your data only for lawful medical purposes with your consent
• Purpose limitation — your data is collected for specific, explicit healthcare purposes
• Data minimisation — we collect only what is necessary for your care
• Accuracy — we take steps to ensure your data is accurate and up to date
• Storage limitation — we retain your data only as long as necessary for medical and legal purposes
• Security — we implement appropriate technical and organisational measures to protect your data

Under the Ghana DPA, you have the right to:

• Access your personal data held by us
• Correct inaccurate data
• Object to processing of your data
• Lodge a complaint with the Ghana Data Protection Commission

How We Protect Your Data

We implement industry-standard technical and organisational security measures to protect your personal and health information:

• Encryption in transit — all data transmitted between your device and our servers is encrypted using TLS 1.2 or higher (HTTPS)
• Encryption at rest — your data stored in Firebase Firestore is encrypted at rest by Google
• Access controls — Firestore security rules ensure patients can only access their own records
• Authentication — Firebase Authentication with multi-factor options protects your account
• HIPAA-compliant video — all video consultations are conducted through Doxy.me, a HIPAA-eligible platform
• Vendor agreements — all vendors handling protected health information sign Business Associate Agreements

How Long We Keep Your Data

We retain your data for the following periods:

• Medical records — minimum 10 years from the date of your last visit, as required by Ghanaian medical regulations
• Payment records — 7 years for tax and financial compliance purposes
• Account information — for the duration of your account plus 3 years after closure
• Inactive accounts — we will notify you after 2 years of inactivity before any data deletion

You may request deletion of non-medical account data at any time by contacting privacy@medconnectafrica.com. Medical records may be retained longer if required by law.

Children's Privacy

MedConnect Africa provides adult medicine services and our Platform is not directed at children under the age of 18. We do not knowingly collect personal information from minors.

If you are a parent or guardian booking care on behalf of a family member in Ghana who is a minor, please contact us directly at support@medconnectafrica.com so we can provide appropriate accommodations.

Cookies & Tracking

We use minimal cookies and tracking technologies necessary for the Platform to function:

• Authentication cookies — to keep you signed in during your session (Firebase)
• Session storage — to remember your booking progress
• Analytics — basic usage analytics to improve the Platform

We do not use advertising cookies or share your data with advertising networks.

Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email at the address associated with your account and update the "Last Updated" date at the top of this page. Your continued use of the Platform after changes take effect constitutes acceptance of the updated Policy.

Contact Us

For privacy-related questions, requests to access or delete your data, or to report a concern, contact us: