Kora Health
← Back to site

Privacy Policy

Last updated: 29 June 2026

This Privacy Policy explains how Kora Health collects, uses, shares, and protects personal data when you visit korahealthafrica.com, contact us, or engage our services. We take the privacy of health information seriously and aim to comply with applicable data-protection laws across the African markets we serve.

1. Who we are

Kora Health ("Kora", "we", "us") is operated by Kora Health Africa Ltd. For privacy questions or to exercise your rights, contact our Data Protection Officer at info@korahealthafrica.com.

2. Scope of this policy

This policy covers personal data for which Kora is the data controller — for example, information from website visitors, prospective clients, and partners. Where Kora processes patient or clinical data on behalf of a healthcare provider, hospital, ministry, or other client, Kora acts as a data processor; that processing is governed by our agreement (Data Processing Agreement) with that client and by applicable health-data laws, not solely by this policy.

3. Information we collect

Information you give us

  • Contact and demo-request details: name, work email, organization, role/title, country, phone number, and any message you submit.
  • Communications you send to us by email or other channels.

Information collected automatically

  • Technical and usage data such as IP address, browser and device type, pages visited, and referring source, collected to operate and secure the site.
  • Cookies and similar technologies (see Section 11).

Patient and clinical data

When Kora's platform processes patient records on behalf of a client, that data is handled under the client's instructions and the applicable Data Processing Agreement, with safeguards described in our Security & Trust page. We do not use client patient data for our own purposes.

4. How we use personal data

  • To respond to enquiries, demo requests, and partnership or investment discussions.
  • To provide, maintain, secure, and improve our website and services.
  • To send communications you have requested or that are relevant to an existing relationship.
  • To comply with legal, regulatory, and contractual obligations.

5. Legal bases for processing

Depending on the context and jurisdiction, we rely on one or more of: your consent; performance of a contract; our legitimate interests (e.g., responding to your enquiry, securing our systems); and compliance with a legal obligation. You may withdraw consent at any time where consent is the basis.

6. Sensitive and health data

Health information is treated as a special category of personal data and is subject to heightened protection. Where we process such data as a controller, we do so only with a valid lawful basis and appropriate safeguards. Population-health analytics are performed on de-identified or aggregated data wherever feasible.

7. How we share personal data

  • Service providers who help us operate (e.g., cloud hosting and email-delivery providers), under contractual confidentiality and security obligations.
  • Legal and regulatory disclosures where required by law or to protect rights, safety, and security.
  • Business transfers in connection with a merger, acquisition, or financing, subject to this policy.

We do not sell personal data.

8. International data transfers

Your data may be processed in countries other than your own. Where required, we use appropriate safeguards and, where applicable, support in-country data residency for clinical data. See Security & Trust for details on data location.

9. Data retention

We keep personal data only for as long as necessary for the purposes described here, to comply with legal obligations, resolve disputes, and enforce agreements, after which it is deleted or anonymized.

10. Data security

We apply technical and organizational measures — including encryption in transit and at rest, access controls, and monitoring — described further on our Security & Trust page. No system is perfectly secure, but we work to protect your information and to notify affected parties and regulators of breaches as required by law.

11. Cookies and analytics

We use a minimal set of cookies and similar technologies necessary to run the site and understand usage. You can control cookies through your browser settings; disabling some may affect functionality.

12. Your rights

Subject to applicable law, you may have the right to access, correct, delete, restrict, or object to processing of your personal data; to data portability; and to withdraw consent. To exercise any right, email info@korahealthafrica.com. You also have the right to lodge a complaint with your data-protection authority.

13. Children's privacy

Our website is intended for healthcare professionals, organizations, and partners, and is not directed to children. We do not knowingly collect personal data directly from children through this website.

14. Regulators

Depending on your country, the relevant authority may include the Nigeria Data Protection Commission (NDPC), the Office of the Data Protection Commissioner (Kenya), the Data Protection Commission (Ghana), or your local regulator. You have the right to contact them with concerns.

15. Changes to this policy

We may update this policy from time to time. Material changes will be reflected by updating the "Last updated" date above and, where appropriate, by additional notice.

16. Contact us

Questions or requests: info@korahealthafrica.com · Kora Health Africa Ltd.

Privacy PolicyTerms of ServiceSecurity & Trustinfo@korahealthafrica.com