1. Who we are
RadFAQS ("we," "us," "our") is a Nigerian radiology directory and second-opinion platform. We connect patients, diagnostic centers, and verified radiologists. This policy explains what information we collect, why we collect it, and how we keep it safe.
For privacy questions or to exercise your data rights, contact us at privacy@radfaqs.com.
2. Information we collect
We collect the following categories of information:
- Account information: name, email address, phone number, role (patient, radiologist, partner center).
- Health and clinical information: medical imaging files (X-Ray, CT, MRI, ultrasound, etc.), referral letters, prior diagnoses, clinical history, and any free-text clinical context you choose to share when requesting a second opinion or booking a scan.
- Payment information: we do not store full card numbers. Payments are processed by Paystack; we retain a payment reference, the amount, and the transaction status.
- Usage information: pages visited, IP address, device and browser type, and similar technical logs used to keep the service reliable and secure.
- Communications: messages you send us, support tickets, and email/WhatsApp notifications you receive.
3. How we use your information
We use your information only for the purposes you would expect:
- To deliver the second-opinion or booking service you requested.
- To share your imaging and clinical context with the radiologist who is reviewing your case (and only that radiologist, plus our authorised clinical operations team).
- To send you transactional notifications (booking received, report ready, payment confirmation) by email or WhatsApp.
- To process payments and provide refunds.
- To improve safety, debug issues, and prevent fraud or abuse.
- To comply with legal obligations.
We do not sell your personal data, and we do not use your medical imaging or clinical history to train AI models without your explicit, separate consent.
4. Legal basis (NDPR)
We process personal data in line with the Nigeria Data Protection Regulation (NDPR) and the Nigeria Data Protection Act 2023. The lawful bases we rely on are:
- Consent — when you upload medical imaging or clinical context, you give us explicit consent to share it with the radiologist fulfilling your request.
- Contract — to deliver the service you signed up for.
- Legitimate interest — to keep the platform secure and to detect fraud.
- Legal obligation — to retain records where the law requires.
5. Who we share information with
- Radiologists: the verified subspecialist who reviews your case sees your imaging and the clinical context you provided.
- Diagnostic centers: if you book through a partner center, we share the booking details (your name, phone number, requested procedure) with that center.
- Service providers: Supabase (database and storage), Vercel (hosting), Paystack (payments), Resend (transactional email), Google (limited AI features only when you explicitly use them).
- Legal authorities: when required by law or a valid court order.
Each service provider is bound by a contract that limits their use of your data to providing the service we engaged them for.
6. Data security
We take reasonable technical and organisational measures to protect your data, including encryption in transit (HTTPS), encryption at rest for stored files, role-based access controls, and short-lived signed URLs for access to medical imaging.
No system is perfectly secure. If we discover a breach affecting your personal data, we will notify you and the relevant authority in line with NDPR requirements.
7. How long we keep your data
- Medical imaging and reports: retained for the period required by Nigerian medical record-keeping standards, then deleted on request.
- Account information: retained while your account is active. You can request deletion at any time.
- Payment records: retained for at least 6 years as required by tax and accounting law.
8. Your rights
Under the NDPR you have the right to:
- Access the personal data we hold about you.
- Correct inaccurate data.
- Request deletion of your data, subject to legal retention rules.
- Object to or restrict certain processing.
- Withdraw consent at any time, where consent is the lawful basis.
- Lodge a complaint with the Nigeria Data Protection Commission (NDPC).
To exercise any of these rights, email privacy@radfaqs.com from the email address linked to your account.
9. Children
RadFAQS is not directed at children under 13. Where a child's scan is uploaded, it must be done by a parent or legal guardian who provides consent on the child's behalf.
10. International transfers
Some of our service providers (e.g., Vercel, Resend) operate infrastructure outside Nigeria. Where personal data is transferred outside Nigeria, we ensure adequate safeguards through contractual commitments from those providers.
11. Cookies
We use a small number of essential cookies to keep you signed in and to remember your preferences. We do not use advertising cookies.
12. Changes to this policy
We may update this policy as the service evolves. The "Last updated" date at the top of this page tells you when. Material changes will be communicated by email or in-app notice before they take effect.
13. Contact
Questions, requests, or complaints: privacy@radfaqs.com.
See also our Terms of Use.