Skip to content
Afrodoctor logo
🔐 Our Commitment to Security

Afrodoctor Privacy Policy

Last Updated: October 2025

This Privacy Policy outlines how Health Solutions Ventures (HSV) manages and protects user data for the Afrodoctor system, in compliance with **Uganda's Data Protection and Privacy Act 2019** and related regulations. By using Afrodoctor, you agree to this Policy.

I. Purpose

This policy provides a comprehensive approach to ensuring the **privacy, confidentiality, and integrity** of patient/client health information within the Afrodoctor application.

II. Data Management and Security

  1. Protection of Health Information: The highest importance is placed on protecting patient/client health information, ensuring confidentiality, privacy, and integrity. This is balanced with the health sector's need to manage **public health** (e.g., notifying emerging diseases).
  2. Access Control: Access to information and functions within the Afrodoctor system is strictly controlled according to authorized privileges.
    • Client Accounts: Clients must create an account with a strong password and log in for each session. Password reset requires identity verification.
    • Administrative Access: Access to the backend is highly restricted, sanctioned by the CEO, and limited to designated staff (HSD, IT, and partner hospital staff) with current contracts.
    • Data Ownership and Management: All data is owned and managed by **HSV**. Data changes or updates require explicit CEO approval.
    • Unauthorized Access: Any unauthorized access will be promptly investigated, and corrective disciplinary and/or technical action will be taken.
  3. Data Sharing: Datasets may be shared across partner organizations under terms stipulated in **binding memoranda of understanding**. Data sharing will comply with data security principles, including confidentiality, informed consent, and interoperability.
  4. Information about Afrodoctor: Official communication will be made through authorized channels: the mobile/web application, email, and HSV's social media.
  5. Data Backup and Recovery: HSV will implement a **secure data backup and recovery plan** to mitigate data loss, with restricted access to backups.
  6. Data Breach Notification: In case of unauthorized data access, **data owners and the data management team will be immediately notified**, and measures to prevent further breaches will be undertaken promptly.
  7. Accountability: All parties with authorized access are accountable for their actions. Usernames and passwords must be kept secret.

III. Compliance and Regulatory Requirements

The Afrodoctor application is compliant with the following national regulatory frameworks for digital health in Uganda:

  • Computer Misuse Act 2011
  • Electronic Signature Act 2011
  • Electronic Transactions Act 2011
  • Data Protection and Privacy Act 2019
  • National Information Technology policy 2009
  • Data Protection and Privacy Regulations 2021
  • Electronics Transaction Regulations 2013