Legal
Privacy Policy
Last updated: May 2026
1. Introduction
Cura Tech Systems Limited ("Cura", "we", "us", "our"), a company registered in Nigeria with RC No. 9514240, is committed to protecting your personal data. This Privacy Policy explains how we collect, use, store, and protect your information when you use the Cura platform at getcura.co.
This Policy complies with the Nigeria Data Protection Act 2023 (NDPA) and the Nigeria Data Protection Regulation 2019 (NDPR).
2. Who This Policy Applies To
This Policy applies to all Users of the Cura platform including:
Company administrators and HR managers
Employees registered on the Platform
Healthcare providers registered on the Platform
Visitors to the Cura website
3. Information We Collect
3.1 Information You Provide
Company registration
Business name and CAC registration number
Contact name, email address, and phone number
Business address and state
Bank account details
Uploaded verification documents (CAC certificate, director ID, etc.)
Employee registration
Full name and email address
Phone number
Employee ID
BVN hash (we store a one-way hash, never the actual BVN)
Health wallet balance and transaction history
Provider registration
Business name and type
Contact person and email address
Phone number
Operating licence number
Address, state, and LGA
Bank account details
Uploaded verification documents
3.2 Information We Collect Automatically
Device type and operating system
Browser type and version
IP address
Pages visited and features used
Time and date of access
Transaction logs and activity history
3.3 Information From Third Parties
We may receive information about you from:
4. How We Use Your Information
We use your personal data for the following purposes:
We will never use your personal data for purposes incompatible with those listed above without your explicit consent.
5. How We Store Your Data
5.1 Storage Location
Your data is stored on secure servers provided by Supabase, hosted on AWS infrastructure. Data may be stored outside Nigeria but is always protected by appropriate safeguards in compliance with the NDPA.
5.2 Retention Period
We retain your personal data for as long as your account is active and for a period of 7 years after account closure to comply with Nigerian financial record-keeping requirements. BVN hashes are deleted immediately upon account closure.
5.3 Security Measures
We protect your data using:
AES-256 encryption for data at rest
TLS 1.3 encryption for data in transit
Role-based access controls limiting who can access your data internally
Regular security audits and vulnerability assessments
Two-factor authentication for administrative access
6. Sharing Your Information
We do not sell your personal data. We share your data only in the following circumstances:
6.1 Service Providers
All service providers are bound by data processing agreements and may only use your data for the specified purpose.
6.2 Regulatory and Legal Requirements
We may disclose your data to government authorities, regulators, or law enforcement agencies where required by law or court order.
6.3 Business Transfer
In the event of a merger, acquisition, or sale of Cura's assets, your data may be transferred to the acquiring entity. We will notify you before your data is transferred and becomes subject to a different privacy policy.
7. Your Rights Under the NDPA
Under the Nigeria Data Protection Act 2023, you have the following rights:
Right to access
You may request a copy of the personal data we hold about you at any time.
Right to rectification
You may request correction of inaccurate or incomplete personal data.
Right to erasure
You may request deletion of your personal data subject to legal and regulatory retention requirements.
Right to restriction
You may request that we restrict processing of your data in certain circumstances.
Right to data portability
You may request your data in a structured, machine-readable format.
Right to object
You may object to processing of your data for direct marketing or where we rely on legitimate interest as our legal basis.
Right to withdraw consent
Where processing is based on your consent, you may withdraw consent at any time without affecting the lawfulness of prior processing.
To exercise any of these rights, contact us at hello@getcura.co. We will respond within 30 days.
8. Cookies
The Cura platform uses cookies and similar technologies to:
Maintain your login session
Remember your preferences
Analyse platform usage to improve performance
You may control cookies through your browser settings. Disabling cookies may affect the functionality of the Platform.
9. Children's Privacy
The Cura Platform is not intended for use by persons under the age of 18. We do not knowingly collect personal data from children. If you believe a child has provided us with their personal data, please contact us at hello@getcura.co and we will delete it promptly.
10. Third Party Links
The Platform may contain links to third party websites. We are not responsible for the privacy practices of those websites and encourage you to review their privacy policies before providing any personal data.
11. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by email or by posting a notice on the Platform. The date at the top of this Policy reflects the most recent update. Your continued use of the Platform after any changes constitutes acceptance of the revised Policy.
12. Data Protection Officer
For privacy-related enquiries, requests, or complaints, contact our Data Protection Officer at:
Email: hello@getcura.co
Subject line: Data Protection Enquiry
Address: Cura Tech Systems Limited, Nigeria
If you are not satisfied with our response, you have the right to lodge a complaint with the Nigeria Data Protection Commission (NDPC) at ndpc.gov.ng.