Medfy logoMedfy
Data & Security

Data Protection

Medfy is committed to protecting the privacy and security of your personal and health information. This page summarises our data protection approach.

1. Our data protection principles

Medfy aims to follow the core principles of data protection laws, including Ghana's Data Protection Act and other applicable regulations. In practice, this means that personal data is:

  • Collected fairly, lawfully, and transparently.
  • Used only for clear, specific purposes that we explain to you.
  • Limited to what is necessary for those purposes.
  • Kept accurate and up to date where needed.
  • Stored only for as long as necessary and then deleted or anonymised.
  • Protected with appropriate technical and organisational measures.

2. Roles & responsibilities

Medfy acts mainly as a platform provider, connecting Patients and Health Professionals. Depending on the situation:

  • Medfy typically acts as a data controller for account, platform, and payment‑related data.
  • Health Professionals generally act as data controllers (or equivalent) for clinical records and medical decisions related to your care.

We work to ensure appropriate agreements and safeguards are in place with Health Professionals and third‑party service providers.

3. Security measures

We use a combination of technical and organisational measures to help protect data, including:

  • Encryption in transit and at rest where appropriate.
  • Strong authentication and access controls for staff and partners.
  • Segregation of environments and regular security updates.
  • Monitoring and logging to detect unusual or unauthorised activity.
  • Staff training on privacy, confidentiality, and information security.

4. Your rights over your data

Subject to local laws, you may have rights over your personal data, such as access, correction, deletion, restriction, or objection to certain processing, and data portability.

To exercise these rights, contact us at team@medfy.org. For some clinical records, we may direct you to your Health Professional where they act as controller.

5. More details

This page is a high‑level summary. For detailed information about how we collect, use, share, and retain data, please read our Privacy Policy and Terms of Use.

6. Contact

If you have questions about data protection at Medfy, please contact our team at team@medfy.org. Where required, you may also have the right to complain to your local data protection authority.