1. Who we are
RadFAQS ("we," "us," "our") is a Nigerian radiology directory and scan-booking platform. We help patients find diagnostic centers, request bookings, and prepare for imaging. This policy explains what information we collect, why we collect it, and how we keep it safe.
For privacy questions or to exercise your data rights, contact us at privacy@radfaqs.com.
2. Information we collect
We collect the following categories of information:
- Contact details: the name, email address, and phone number you provide when you make a request. Patients do not create an account. Partner centers and authorised staff have accounts holding a name, email, and role.
- Health and clinical information:the details you enter on a request card — date of birth, sex, allergies, current medications, clinical indication or symptoms, urgency, side of body, and referring-doctor details — plus an optional referral document (PDF or image) you may choose to upload when booking a scan or asking for scan guide call support. We do not collect or store diagnostic imaging (X-Ray, CT, MRI, ultrasound) for interpretation.
- Payment information: we do not store full card numbers. Payments are processed by Paystack; we retain a payment reference, the amount, and the transaction status.
- Usage information: pages visited, IP address, device and browser type, and similar technical logs used to understand aggregate usage and keep the service reliable and secure. Our analytics setup does not record form contents or session replays.
- Communications: messages you send us, support tickets, and email/WhatsApp notifications you receive.
- Referral photos you send to BeamAI: if you upload a photo of a referral to our BeamAI assistant to have it explained, the image is sent to a third-party AI provider (OpenAI) to read the text, then used to generate the plain-language explanation shown back to you. This upload is processed in memory and is not saved to our systems.
3. How we use your information
We use your information only for the purposes you would expect:
- To deliver the booking or scan guide call service you requested.
- To share your request-card details with the diagnostic center handling your booking, and with our authorised operations team.
- To send you transactional notifications (booking received, report ready, call scheduling, payment confirmation) by email or WhatsApp.
- To process payments and provide refunds.
- To improve safety, debug issues, and prevent fraud or abuse.
- To comply with legal obligations.
We do not sell your personal data, and we do not use your medical imaging or clinical history to train AI models without your explicit, separate consent.
4. Legal basis (NDPR)
We process personal data in line with the Nigeria Data Protection Regulation (NDPR) and the Nigeria Data Protection Act 2023. The lawful bases we rely on are:
- Consent — when you upload medical imaging or clinical context, you give us explicit consent to share it with the diagnostic center fulfilling your request.
- Contract — to deliver the service you signed up for.
- Legitimate interest — to keep the platform secure and to detect fraud.
- Legal obligation — to retain records where the law requires.
5. Who we share information with
- Radiographers: if you book a scan guide call, the assigned radiographer sees the referral wording, question, and contact details needed to complete that guidance call.
- Diagnostic centers: if you book through a partner center, we share the booking details (your name, phone number, requested procedure) with that center.
- Service providers: vetted technology partners that help us operate the platform — including cloud hosting, database and file storage, payment processing, transactional email and messaging, and the limited AI features you can choose to use. We share only the data each partner needs to perform its function.
- Legal authorities: when required by law or a valid court order.
Each service provider is bound by a contract that limits their use of your data to providing the service we engaged them for.
6. Data security
We take reasonable technical and organisational measures to protect your data, including encryption in transit (HTTPS), encryption at rest for stored files, role-based access controls, and short-lived signed URLs for access to medical imaging.
No system is perfectly secure. If we discover a breach affecting your personal data, we will notify you and the relevant authority in line with NDPR requirements.
7. How long we keep your data
- Request cards and uploaded referral documents: retained for the period required by Nigerian medical record-keeping standards, then deleted on request.
- Contact details: retained while we are providing or supporting your request, and for partner accounts while the account is active. You can request deletion at any time.
- Payment records: retained for at least 6 years as required by tax and accounting law.
8. Your rights
Under the NDPR you have the right to:
- Access the personal data we hold about you.
- Correct inaccurate data.
- Request deletion of your data, subject to legal retention rules.
- Object to or restrict certain processing.
- Withdraw consent at any time, where consent is the lawful basis.
- Lodge a complaint with the Nigeria Data Protection Commission (NDPC).
To exercise any of these rights, email privacy@radfaqs.com from the email address you used to make your request.
9. Children
RadFAQS is not directed at children under 13. Where a child's scan is uploaded, it must be done by a parent or legal guardian who provides consent on the child's behalf.
10. International transfers
Some of our service providers operate infrastructure outside Nigeria. Where personal data is transferred outside Nigeria, we ensure adequate safeguards through contractual commitments from those providers.
11. Cookies
We use essential cookies to keep authorised users signed in and limited first-party analytics storage to understand aggregate page usage. We do not use advertising cookies, record session replays, or capture the contents of medical and booking forms.
12. Changes to this policy
We may update this policy as the service evolves. The "Last updated" date at the top of this page tells you when. Material changes will be communicated by email or in-app notice before they take effect.
13. Contact
Questions, requests, or complaints: privacy@radfaqs.com.
See also our Terms of Use.
