Skip to content

Privacy Policy

Effective date: September 2019

Reviewed: November 2022


Whispa Health Limited (“us”, “we”, or “our”) operates the Whispa mobile application (known as “Whispa” or “the app” hereinafter referred to as the “Service”). This privacy policy informs you of our policies regarding the collection, use and disclosure of personal data when you use our Service and the choices you have associated with that data. By using the Service, you agree to the collection and use of information in accordance with this policy. Unless otherwise defined in this Privacy Policy, the terms used in this Privacy Policy have the same meanings as in our Terms and Conditions.

1. Definitions

  1. Cookies: Cookies are small files stored on your device (computer or mobile device);
  2. Health information: This includes medical history or any type of health information about the user that may come into our possession;
  3. Personal Data: means any information relating to an identified or identifiable natural person (‘Data Subject’). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. It can be anything from a name, address, photo, email address, bank details, posts on social networking websites, medical information, and other unique identifiers such as but not limited to MAC address, IP address, IMEI number, IMSI number, SIM, Personal Identifiable Information (PII) and others;
  4. Sensitive Personal Data: means data relating to religious or other beliefs, sexual tendencies, health, race, ethnicity, political views trade union membership, criminal records, or any other sensitive personal information;
  5. Service: Service is the Whispa mobile application created and owned by Whispa Health Limited;
  6. Usage Data: Usage Data is data collected automatically either generated by the use of the Service or from the Service infrastructure itself (for example, the duration of a page visit).

2. Information Collection and Use: We collect several different types of information for various purposes to provide and improve our Service to you.

3. Types of Data Collected

3.1. Personal Data: While using our Service, we may ask you to provide us with certain personally identifiable information that can be used to contact or identify you (“Personal Data”). Personally, identifiable information may include but is not limited to first name, last name, gender, phone number, date of birth/age, address / postal address, email, country code, city, marital status, bank account details, health information, and other related information which constitute Personal Data.

We may use your Personal Data to contact you with newsletters, marketing or promotional materials, and other information that may be of interest to you. You may opt out of receiving any, or all, of these communications from us by following the unsubscribe link or the instructions provided in any email we send.

3.2. Health Information: This includes:

Self-Reported Health Information – We collect the information that you enter while using the service, such as information regarding your health and/or medical condition and related behaviors.

Provider-and-Payer-Reported Health-Related Information – We collect information about you that is submitted with your permission by your authorized healthcare provider or another third party while using the Service, such as information about your health and/or medical condition.

Usage Data: When you access the Service with a mobile device, we may collect certain information automatically, including, but not limited to, the type of mobile device you use, your mobile device’s unique ID, the IP address of your mobile device, your mobile operating system, the type of mobile Internet browser you use, unique device identifiers and other diagnostic data (“Usage Data”).

Location Data: We may use and store information about your location if you give us permission to do so (“Location Data”). We use this data to provide features of our Service, and to improve and customize our Service. You can enable or disable location services when you use our Service at any time by way of your device settings.

Tracking Cookies Data: When accessing our service through the web, we use cookies and similar tracking technologies to track the activity on our Service and we hold certain information. Cookies are files with a small amount of data which may include an anonymous unique identifier. Cookies are sent to your browser from a website and stored on your device. Other tracking technologies may also use such as beacons, tags, and scripts to collect and track information and to improve and analyze our Service.

You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. However, if you do not accept cookies, you may not be able to use some portions of our Service.

Examples of Cookies we use:

Session Cookies. We use Session Cookies to operate our Service.

Preference Cookies. We use Preference Cookies to remember your preferences and various settings.

Security Cookies. We use Security Cookies for security purposes.

3.3.Analytics: Whispa Health may collect and use your device’s unique identifier for analytics purposes or to store your user preferences. Whispa Health may use Google Analytics or other third-party services to monitor and analyze your user behavior. Google Analytics is a web analysis service provided by Google, Inc. (“Google”). Google utilizes the Data collected to track and examine the use of the Service, prepare reports on its activities, and share them with other Google services. Google may use the Data collected to contextualize and personalize the ads of its own advertising network.

4. Use of Data

Whispa Health Limited uses the collected data for various purposes:

        • To provide and maintain our Service
        • To notify you about changes to our Service
        • To allow you to participate in interactive features of our Service whenever you choose
        • To personalize the Service.
        • To provide customer support
        • To gather analysis or valuable information so that we can improve our Service
        • To monitor the usage of our Service
        • To detect, prevent and address technical issues
        • To provide you with news, special offers, and general information about other goods, services, and events which we offer that are similar to those that you have already purchased or enquired about unless you have opted not to receive such information
        • To send you to push notifications or desktop notifications according to their user settings
  1. Transfer of Data

5.1  Your information, including Personal Data, may be transferred to — and maintained on — computers located outside of your state, province, country, or other governmental jurisdiction where the data protection laws may differ from those of your jurisdiction. If you are located outside Nigeria and choose to provide information to us, please note that we transfer the data, including Personal Data, to Nigeria and process it there. Your consent to this Privacy Policy followed by your submission of such information represents your agreement to that transfer.

5.2  Whispa Health Limited will take all the steps reasonably necessary to ensure that your data is treated securely and in accordance with this Privacy Policy and no transfer of your Personal Data will take place to an organization or a country unless there are adequate controls in place including the security of your data and other personal information.

6. Disclosure of Data

Legal Requirements: Whispa Health Limited may disclose your Personal Data where such action is necessary to:

        • To comply with a legal obligation;
        • To protect and defend the rights or property of Whispa Health Limited;
        • To prevent or investigate possible wrongdoing in connection with the Service;
        • To protect the personal safety of users of the Service or the public;
        • To protect against legal liability.


7. Consent and Access Rights

7.1 We require your consent for the processing of your data.  We shall obtain your consent for individual matters, where any document deals with different matters. ,

7.2 If we intend to use your data for a purpose which is different from the purpose for which your data was obtained, we will seek your consent prior to the use of your data for that other purpose.

In the event of any merger, acquisition or other arrangement whereby Whispa

Health Limited sells or transfers all, or a portion of its business or assets (including in the event of a reorganisation, dissolution or liquidation) to third parties, you hereby consent that your personal data held with Whispa Health Limited can be transferred or assigned to third parties who may become the controllers and/or processors of your personal data that was held by Whispa Health Limited prior to such merger, acquisition or other arrangement. Whispa Health Limited shall at all times ensure that you are notified when your personal data is intended to be transferred to third parties in the circumstances outlined in this clause.

7.3 No consent shall be sought, given or accepted in any circumstance that may engender direct or indirect propagation of atrocities, hate, child rights violation, criminal acts and anti-social conducts.

7.4  You may withdraw your consent, in writing, at any time and may request  access to your personal information in our possession at We can, however, deny you access to the information where we determine that your request is unreasonable.

7.5 You reserve the right to request the modification or amendment of your personal data in our possession.

7.6 In all cases of access or modification / amendment of personal information, we shall request sufficient identification to enable us to confirm that you are the owner of the data sought to be accessed or modified/amended.


You have rights in relation to the way Whispa handles your personal data. These include the following rights: 

a) where the legal basis of our processing is consent, to withdraw that consent at any time; 

b) to ask for access to the personal data that we hold; 

c) to prevent our use of your personal data for direct marketing purposes; 

d) to object to our processing of personal data in limited circumstances; and 

e) to ask us to erase personal data without delay: 

i. if it is no longer necessary in relation to the purposes for which it was collected or otherwise processed; 

ii. if the only legal basis of processing is consent and that consent has been withdrawn and there is no other legal basis on which we can process that personal data; 

iii. if you object to our processing where the legal basis is the pursuit of a legitimate interest or the public interest and we can show no overriding legitimate grounds or interest; and 

iv. if the processing is unlawful. 

f) to ask us to rectify inaccurate data or to complete incomplete data; 

g) to restrict processing in specific circumstances e.g. where there is a complaint about accuracy; 

h) to ask us for a copy of the safeguards under which personal data is transferred outside of Nigeria; 

i) the right not to be subject to decisions based solely on automated processing, including profiling, except where necessary for entering into, or performing, a contract, with Whispa Health Limited; it is based on your explicit consent and is subject to safeguards; or is authorised by law and is also subject to safeguards; 

j) to prevent processing that is likely to cause damage or distress to you or anyone else; 

k) to data portability; 

l) to be notified of a personal data breach which is likely to result in high risk to their rights and freedoms; 

m) to make a complaint to the Nigeria Data Protection Bureau or any other regulatory body; and 

n) in limited circumstances, receive or ask for their personal data to be transferred to a Third Party (e.g. another company which the client has dealing with) in a structured, commonly used and machine-readable format. 

9. Personal Data Protection Principles

When Whispa Health Limited processes your personal data, we are guided by the following principles, which require personal data to be:

a. processed lawfully, fairly, in a transparent manner and with respect for the dignity of the human person.

b) collected only for specified, explicit and legitimate purposes and not further processed in a manner incompatible with those purposes.

c) adequate, relevant and limited to what is necessary in relation to the purposes for which it is processed.

d) accurate and where necessary kept up to date.

e) removed or not kept in a form which permits identification of data subject for no longer than is necessary for the purposes for which the personal data is processed.

f) processed in a manner that ensures its security, using appropriate technical and organisational measures to protect against unauthorised or unlawful processing and against accidental loss, destruction or damage. 

10.      Security of Data

10.1 Whispa Health Limited implements and maintains appropriate safeguards to protect personal data, taking into account in particular the risks to you, presented by unauthorised or unlawful processing or accidental loss, destruction of, or damage to their personal data. 

10.2  Safeguarding will include the use of encryption and pseudonymisation where appropriate. It also includes protecting confidentiality (i.e. that only those who need to know and are authorised to use personal data have access to it), integrity and availability of the personal data. We regularly evaluate and test the effectiveness of those safeguards to ensure security of our processing of personal data.

10.3  You should be aware, however, that no method of transmission over the Internet or method of electronic storage is completely secure. While we strive to protect the security of your information and are constantly reviewing and enhancing our information security measures, we cannot guarantee absolute security. Whispa, therefore, accepts no liability for any damage or loss, however caused, in connection with transmission over the internet or electronic storage.

11.      Service Providers

11.1  We may employ third party companies and individuals to facilitate our Service (“Service Providers”), provide the Service on our behalf, perform Service related services or assist us in analysing how our service is used. These third parties have access to your Personal Data only to perform these tasks on our behalf and are obligated not to disclose or use it for any other purpose.

11.2 Whispa Health Limited will only share personal information with other companies, entities or individuals in the following limited circumstances: 

a) We have your consent. 

b) We provide such information to other professional advisers or other trusted businesses or persons for the purpose of processing personal information on our behalf. We require that these parties agree to process such information based on our instructions and in compliance with this Privacy Policy and any other appropriate confidentiality and security measures. 

c) We have a good faith belief that access, use, preservation or disclosure of such information is reasonably necessary to (i) satisfy any applicable law, regulation, legal process or enforceable governmental request, (ii) enforce applicable terms of service, including investigation of potential violations thereof, (iii) detect, prevent, or otherwise address fraud, security or technical issues, or (iv) protect against imminent harm to the rights, property or safety of Whispa Health Limited, its users or the public as required or permitted by law. Whispa Health Limited is at all times, responsible for the security and appropriate use of that data as long as it remains with us.

12.      Payments

12.1  We may provide paid products and/or services within the Service. In that case, we use third-party services for payment processing (e.g. payment processors). We will not store or collect your payment card details. That information is provided directly to our third-party payment processors whose use of your personal information is governed by their Privacy Policy.

12.2  These payment processors adhere to the standards set by PCI-DSS as managed by the PCI Security Standards Council, which is a joint effort of brands like Visa, MasterCard, American Express and Discover. PCI-DSS requirements help ensure the secure handling of payment information.

The payment processors we currently work with are:

a.     Flutterwave – Their Privacy Policy can be viewed at 

b.     Apple Store In-App Payments – Their Privacy Policy can be viewed at 

c.     Google Play In-App Payments – Their Privacy Policy can be viewed at   


13.      Links to third party sites

The Whispa Health Limited website and mobile app may contain links to other websites owned and operated by third parties.  These links are provided for your information and convenience only and are not an endorsement by Whispa Health Limited of the content of such linked websites or third parties. The information that we collect from you will become available to these websites if you click the link to the websites. These linked websites are neither under our control nor our responsibility.  Whispa Health Limited, therefore, makes no warranties or representations, express or implied about the safety of such linked websites, the third parties they are owned and operated by and the suitability or quality of information contained on them.  This Privacy Policy does not apply to these websites, thus, if you decide to access these linked thirdparty websites and/or make use of the information contained on them, you do so entirely at your own risk. Whispa Health Limited accepts no liability for any damage or loss, however caused, in connection with accessing, the use of or reliance on any information, material, products or services contained on or accessed through any such linked websites. We advise that you contact those websites directly for information on their privacy policy, security, data collection and distribution policies.  

14.       Children’s Privacy

Our Service does not address anyone under the age of 18 (“Children”).

We do not knowingly collect personally identifiable information from anyone under the age of 18. If you are a parent or guardian and you are aware that your Child has provided us with Personal Data, please contact us. If we become aware that we have collected Personal Data from children without verification of parental consent, we take steps to remove that information from our servers.

15.       Data Retention

Whispa Health Limited shall retain and use your Personal Data only as long as is necessary to implement, administer and manage your request and contract with Whispa Health Limited and retain the data for a maximum of 5 years after the expiration or termination of the contract between you and Whispa Health Limited or as required to comply with legal or regulatory obligations, including under tax and security laws.  At your request, at any time, your Personal Data which is in the custody of Whispa Health Limited may be deleted unless we are required by law to retain such information for a specific period of time so at to comply with our obligations under the law.

16.      Violation of Privacy 

16.1  We have put in place procedures to deal with any suspected personal data breach and will notify you of any personal data breach and let you know the steps we have taken to remedy the breach and the security measures we have applied to render your personal data unintelligible. 

16.2 All suspected breach of personal data will be remedied within1 (one) month from the date of the report of the breach.

16.3 If you know or suspect that a personal data breach has occurred, you should immediately contact the Whispa Health Limited team at 

16.4 Whispa Health Limited will not be responsible for any personal data breach which occurs as a result of:

                    1. an event which is beyond the control of Whispa Health Limited;
                    2. an act or threats of terrorism;
                    3. an act of God (such as, but not limited to fires, explosions, earthquakes, drought, tidal waves and floods) which compromises Whispa Health

Limited’s data protection measures;

                    1. war, hostilities (whether war be declared or not), invasion, act of foreign enemies, mobilisation, requisition, or embargo;
                    2. rebellion, revolution, insurrection, or military or usurped power, or civil war which compromises Whispa Health Limited’s data protection measures;
                    3. Pandemics or epidemics;
                    4. the transfer of your personal data to a third party on your instructions; and
                      1. the use of your personal data by a third party designated by you.

17.      Changes to This Privacy Policy

We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page. We may let you know via email and/or a prominent notice on our service, prior to the change becoming effective and update the “effective date” at the top of this Privacy Policy.

You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page.

18.      Contact Us

If you have any questions about this Privacy Policy, please contact us by email: 

× #WhispaToUs