Introduction
This Privacy Policy is published by Instant Health Services and explains how we handle personal data when you use the XMap Mobile application (the "App"). It is issued in compliance with the Nigeria Data Protection Act (NDPA) 2023.
This policy applies to:
- Radiologists and healthcare professionals who use the App in a professional capacity
- Patients whose radiograph data is submitted for analysis by referring institutions
By accessing or using XMap Mobile, you acknowledge that you have read and understood this policy. We are committed to handling all personal data responsibly, lawfully, and with appropriate security measures in place.
About XMap Mobile
XMap Mobile is a clinical radiograph analysis and reporting tool used exclusively by qualified radiologists at healthcare institutions formally authorised by Instant Health Services.
Important: XMap Mobile is not a consumer product and is not intended for direct use by patients. It is a restricted professional platform for credentialed clinical personnel only.
There is no self-registration facility. All user accounts are provisioned by Instant Health Services following the execution of a formal data processing and service agreement with the relevant institution.
Personal Data We Process
Patient Data
Patient data constitutes sensitive personal data under the NDPA 2023 and is accorded the highest level of protection.
| Data Item | Description |
|---|---|
| Patient ID / reference number | Identifier assigned by the referring facility |
| Age and gender | Basic demographic data accompanying each request |
| Clinical symptoms | Symptoms recorded by the referring facility at the time of request submission |
| CAD4TB score | AI-generated tuberculosis probability score attached to each radiograph |
| Chest X-ray image | The digital radiograph submitted for analysis (PDF format) |
| Radiologist's diagnostic report | Heart size, lung fields, pleural effusion, bony thorax, analysis impression, diagnosis classification, and clinical comments |
Radiologist & User Account Data
| Data Item | Description |
|---|---|
| Name and email address | Used for account identification and login |
| Institution affiliation | Determines which requests are routed to the user |
| Authentication token | Encrypted session token stored on-device. No passwords are ever stored. |
| Device push notification token | Used to deliver alerts when new radiograph requests are assigned |
| Login activity | Institution selected, session timestamps — retained for audit and security purposes |
Why We Process This Data
| Data | Purpose | Legal Basis (NDPA 2023) |
|---|---|---|
| Patient radiograph & clinical data | Enable qualified radiologists to review and report on X-ray findings in support of TB screening and clinical diagnosis | Performance of a contract (institutional service agreement); public interest in healthcare delivery |
| Radiologist account credentials | Authentication, access control, and routing of requests to the appropriate institution | Performance of a contract |
| Device push notification token | Alert radiologists when new requests are assigned to their account | Legitimate interests of the data controller |
| Login activity & audit logs | Security monitoring, compliance auditing, and maintaining an audit trail | Legal obligation; legitimate interests |
Patient consent: Patient data is submitted by staff at referring institutions. Consent is obtained by the referring institution at the point of data collection, prior to upload onto the XMap platform. Instant Health Services relies on the institutional service agreement as confirmation that the required consents have been obtained.
Who Has Access to the Data
Access is strictly limited on a need-to-know basis. Personal data is never sold, rented, or shared with third parties for marketing, advertising, or any commercial purpose unrelated to clinical care.
| Role | Scope of Access |
|---|---|
| Radiologists | Can only view requests and reports routed to their assigned institution. No cross-institution access is possible. |
| Radiographers & programme managers | Can view completed reports for patient referral purposes. Access is limited to their own institution via individual dedicated user accounts. |
| IHS system administrators | Limited access for technical support, system maintenance, and compliance monitoring only. |
| Supervisors & auditors | Role-based access configured per institution, limited to data within the relevant institution. |
Third-Party Processors
Google Firebase (Cloud Messaging)
We use Google Firebase Cloud Messaging solely to deliver push notifications to radiologists when new requests are assigned to their account.
| Item | Details |
|---|---|
| Purpose | Delivering push notifications only |
| Data processed | Device push notification token and notification message (request reference number only — no patient clinical data is included in notifications) |
| Data location | Google's global server infrastructure. Data may be processed outside Nigeria. |
| Safeguard | Google LLC is bound by its Data Processing Addendum and standard contractual clauses for international data transfers |
| Google Privacy Policy | policies.google.com/privacy |
Firebase Cloud Messaging is the only third-party processor integrated into XMap Mobile. No analytics SDKs, advertising networks, or other third-party libraries that process personal data are used.
Data Retention
Instant Health Services operates as a data processor on behalf of subscribing institutions, which act as data controllers for patient data. Retention periods for patient clinical data are therefore determined by each institution in accordance with applicable Nigerian health records legislation.
| Data Type | Retention Period |
|---|---|
| Patient radiograph data & diagnostic reports | Retained until the subscribing institution requests deletion. IHS will not delete clinical data without an explicit instruction from the relevant institution. |
| Radiologist account data | Soft-deleted on account closure (retained to preserve attribution of historical reports). Permanently deleted when the institution requests deletion of associated patient data. |
| Authentication tokens | Expire automatically after 10 minutes. Deleted immediately on logout. |
| Push notification tokens | Invalidated and replaced on each login session. |
| Audit & access logs | Retained for the duration of the institutional service agreement and for a reasonable period thereafter, or as required by applicable law. |
Data Security
We implement appropriate technical and organisational measures to protect personal data against unauthorised access, disclosure, alteration, or loss.
Technical Measures
- All data is transmitted over HTTPS using TLS encryption
- Authentication uses OAuth2 token-based access — no passwords are ever stored in the App
- Access tokens are stored in device-level secure storage (iOS Keychain / Android Keystore)
- The platform operates on a role-based access control system, restricting each user to data and functions appropriate to their role
- Application servers are protected by a strict firewall with controlled inbound and outbound traffic, accessible only to authorised IHS personnel
- Regular server backups are maintained to support data recovery
Organisational Measures
- All user accounts are provisioned directly by IHS under a formal institutional agreement
- Server access is restricted to authorised IHS technical staff only
- In the event of a personal data breach, IHS will notify the Nigeria Data Protection Commission (NDPC) within 72 hours of becoming aware, in accordance with the NDPA 2023
Your Rights as a Data Subject
Under the NDPA 2023 (Section 34), you have the following rights in respect of your personal data. These apply to both patients and platform users.
Right of Access
Request a copy of the personal data we hold about you.
Right to Rectification
Ask us to correct inaccurate or incomplete data.
Right to Erasure
Request deletion of your data where there is no overriding legal obligation to retain it.
Right to Restriction
Ask us to limit how we process your data in certain circumstances.
Right to Object
Object to processing carried out on the basis of legitimate interests.
Right to Portability
Receive your data in a structured, machine-readable format.
To exercise any of these rights, contact us using the details in Section 11. We will respond within 30 days of receipt. Where a request relates to patient data held on behalf of a subscribing institution, we may need to refer it to that institution as the data controller.
Contact Us
For questions about this policy, to exercise your data subject rights, or to raise a data protection concern:
If you are unsatisfied with our response, you have the right to lodge a complaint with the Nigeria Data Protection Commission (NDPC): ndpc.gov.ng
Changes to This Policy
- Instant Health Services reserves the right to update this Privacy Policy from time to time to reflect changes in the law, our data processing activities, or our operational practices.