1. Introduction

10MG Health (“we,” “our,” “us”) is a healthcare financing technology company that provides:

• Instant access to affordable, collateral-free financing for clinics, pharmacies, and hospitals by our network of lenders healthcare credit.

We are committed to protecting your privacy and complying with applicable laws, including:

• HIPAA (US)
• GDPR & UK GDPR
• Nigeria NDPR 2019 & NDPA 2023
• Senegal Law No. 2008-12

This Privacy Policy explains how we collect, use, share, and protect your personal information, including sensitive health and financial data.

‍

2. Information We Collect

We may collect the following categories of data:

• Identity Data: name, date of birth, gender, government-issued ID, NIN/SSN/passport.
• Contact Data: phone, email, physical address.
• Financial Data: bank account details, transaction data, credit history, repayment ability, system logs.
• Usage Data: app activity, IP address, device information, cookies.

‍

3. How We Use Your Information

We use your data to:

1. Provide healthcare financing and credit services.
2. Verify your identity and eligibility.
3. Assess creditworthiness using AI-powered systems.
4. Prevent fraud, abuse, and financial crime.
5. Comply with regulatory obligations (HIPAA, AML/KYC).
6. Improve and train our AI models (with safeguards).
7. Provide customer support and resolve disputes.

‍

4. Legal Basis for Processing

Depending on your country, our processing is based on:

• Consent (for health data, marketing, AI training).
• Contract (to deliver financing services).
• Legal Obligations (HIPAA, AML, EFCC, NDPA reporting, tax requirements, or any order of court).
• Legitimate Interests (fraud prevention, AI system improvement).

‍

5. Automated AI Decisions

We use AI systems to assess creditworthiness and financing eligibility.

• You have the right to a human review of any AI decision that significantly affects you (GDPR Art. 22, UK GDPR, NDPA 2023).
• We regularly test our AI for fairness, accuracy, and bias prevention.

‍

6. Data Sharing & Disclosure

We may share your data with:

• Lending Partners (to facilitate healthcare financing).
• Regulators on special request (HIPAA compliance in the US, NDPC Nigeria, CDP Senegal, ICO UK).
• Third-Party Service Providers (cloud hosting, analytics, payment processors).
• Cross-Border Transfers: safeguarded by Standard Contractual Clauses (SCCs) or regulatory approvals (Senegal CDP, Nigeria NDPC).

We never sell personal data.

‍

‍

7. Data Retention

• Financial records are retained as required by law for a maximum period of 6 years.
• Credit and transaction data are retained as required by law for a minimum period of 6 years.
• After retention periods, data is securely deleted or anonymized.

‍

8. Your Rights

Depending on your jurisdiction, you may have the right to:

• Access your data.
• Correct inaccurate data.
• Request deletion (“Right to be Forgotten”).
• Restrict or object to processing.
• Data portability.
• Withdraw consent at any time.
• File a complaint with your data protection authority.

‍

9. Security

We use encryption, access controls, HIPAA-compliant cloud hosting, and AI audit logs to protect your data.

‍

10. Data subject age requirement

Our services are not targeted at children below the legal age of your jurisdiction. We do not collect data from minors without their parent's or guardians' consent.

‍

11. Changes to These Terms

We may update this Data Privacy Policy. If such changes affect your rights, we will notify you by posting the updated Terms on this page with a revised “Last Updated” date. Continued use of the Services after updates constitutes acceptance of the new Terms.

‍

12. Contact

If you have questions or concerns about our Privacy Practices, or would like to report a violation, please contact us by sending an email to info@10mg.co.uk