Privacy Policy
How Ajé Intelligent InsurTech collects, uses, shares, and protects personal data, aligned with the Nigeria Data Protection Act 2023 (NDPA).
1. Who we are
Ajé Intelligent InsurTech ("Ajé", "we", "us", "our") is an operating platform for health insurers, built and operated by Meliorem Consulting, based in Lagos, Nigeria. This policy explains how we handle personal data in connection with our website at ajeinsure.cc and the services we provide to our customers.
2. Scope of this policy
This policy applies to personal data we handle as a business, including data from visitors to our website, prospective customers who contact us, and the personal data we process on behalf of the health insurers who use the Ajé platform. It does not cover the separate privacy notices that our customers publish to their own members.
3. Our role: controller and processor
Our responsibilities under the NDPA depend on the data in question:
- As a data controller. For personal data we collect directly, such as the details you submit through our demo request form or when you contact us, we decide why and how that data is processed. This policy governs that data.
- As a data processor. When a health insurer uses the Ajé platform, they remain the data controller for their members' and claims data. We process that data on their behalf and under their instructions, governed by the written agreement between us. That customer's own privacy notice, not this one, tells their members how their data is handled.
4. Personal data we collect through our website
When you interact with our website, we may collect:
- Contact and enquiry details you provide through the demo request form, including your name, organisation, role, work email, and, if you choose to share it, your phone number.
- Communications you send us, such as emails, and our replies.
- Basic technical data that is standard to serving a website, such as the request logs generated by our hosting provider.
We do not use advertising or tracking cookies on this website, and we do not sell personal data.
5. Personal data we process for our customers
To provide the platform to a health insurer, we process the personal data in their member, provider, and claims records. This can include health-related information, which is sensitive personal data under the NDPA. We process this data only to deliver and support the services the customer has engaged us to provide, under their instructions and the terms of our agreement with them.
6. Why we process personal data and our lawful bases
We process personal data for the following purposes, relying on the lawful bases set out in the NDPA:
- To respond to enquiries and arrange demonstrations, on the basis of your consent and our legitimate interest in responding to people who contact us.
- To provide, support, and improve our services to customers, on the basis of the contract with the customer and our legitimate interest in operating our business responsibly.
- To keep our services secure and to detect and prevent fraud, waste, and abuse, on the basis of legitimate interest and, where applicable, legal obligation.
- To meet legal and regulatory obligations, on the basis of compliance with the law.
7. Sensitive personal data
Health data receives heightened protection under the NDPA. Where we process it on behalf of a customer, we do so only as necessary to deliver the service, under the customer's instructions, and with the technical and organisational safeguards described below. The customer, as controller, is responsible for establishing the appropriate lawful basis for that processing with its members.
8. Cookies and analytics
This website is designed to work without advertising or cross-site tracking cookies. It loads web fonts from a third-party font service to render the page. If we introduce analytics in future, we will update this policy and, where required, seek your consent.
9. Who we share personal data with
We share personal data only where necessary, and with parties who are bound to protect it. These may include:
- Service providers and sub-processors who support our operations, such as cloud hosting, communications channels (for example WhatsApp, SMS, and USSD providers), payment rails (for example Paystack and NIBSS-connected flows), and the provider that delivers our demo request form.
- Professional advisers, such as legal, audit, and security testing partners, under duties of confidentiality.
- Authorities and regulators, where we are required to disclose data by law.
We require our sub-processors to protect personal data to a standard consistent with this policy and the NDPA.
10. International data transfers
Where personal data is transferred outside Nigeria, for example to a hosting region or a service provider located abroad, we take steps to ensure the transfer meets the requirements of the NDPA, including that an adequate level of protection is in place.
11. How long we keep personal data
We keep personal data only for as long as it is needed for the purpose it was collected, to meet our legal and contractual obligations, or to resolve disputes. Data we process on behalf of a customer is retained and deleted in line with our agreement with that customer.
12. How we protect personal data
We apply technical and organisational measures appropriate to the sensitivity of the data, including encryption of data in transit and at rest, granular role-based access control, an append-only record of changes, and independent security testing before live data is handled at scale. We maintain an active data protection programme aligned with the NDPA.
13. Your rights under the NDPA
Subject to the conditions in the law, you have the right to request access to your personal data, to have inaccurate data corrected, to have data erased, to object to or restrict certain processing, to data portability, and to withdraw consent where processing is based on consent. Where we process data on behalf of a customer, please direct your request to that customer as the controller, and we will support them in responding.
You also have the right to lodge a complaint with the Nigeria Data Protection Commission (NDPC).
14. Children
Our website is directed at businesses and is not intended for children. Where health services involve minors, the personal data of those members is processed on behalf of, and under the responsibility of, the customer as controller.
15. Changes to this policy
We may update this policy from time to time. When we do, we will revise the "last updated" date above, and where the changes are significant we will take reasonable steps to make them known.
16. How to contact us
For any question about this policy or to exercise your rights, contact us at moyo@melioremconsulting.com. If you are not satisfied with our response, you may contact the Nigeria Data Protection Commission.