Privacy Policy

Introduction

Onwynd Health Limited ("Onwynd," "we," "our," or "us") takes your privacy seriously. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mental wellness platform.

Onwynd is intended for users aged 16 and older. Users under 13 are not permitted. Users aged 13–15 may only access Onwynd through an institutional route where their school or organisation acts as data controller. By registering you confirm you meet the applicable age requirement.

Onwynd Health Limited is the data controller under the Nigeria Data Protection Regulation 2023 (NDPR 2023). Our registered address is in Lagos, Nigeria (CAC No. 9571661).

Information We Collect

Personal Information You Provide

When you register, complete assessments, book sessions, or contact support, we may collect:

• Full name, email address, phone number
• Date of birth and demographic information
• Payment and billing details (processed securely via Paystack)
• Professional credentials (for therapist accounts)
• Referral and marketing source

Health & Wellness Information

Automatically Collected Information

We collect device identifiers, IP addresses, browser type, usage patterns, and session metadata to operate and improve our services.

How We Use Your Information

We use the information we collect to:

• Provide and personalise our AI-powered mental wellness services
• Process payments and manage your subscription
• Match you with appropriate licensed therapists
• Generate validated assessment score bands and clinical summaries
• Send service-related communications and appointment reminders
• Conduct anonymised research to improve mental health outcomes
• Detect fraud, ensure platform security, and prevent abuse
• Comply with legal and regulatory obligations under Nigerian law

We process your data on the legal bases of contract performance, legitimate interests, legal obligation, and — for health data — your explicit consent.

Data Privacy & Security

Onwynd is designed in alignment with HIPAA principles and in full compliance with the Nigeria Data Protection Regulation 2023 (NDPR 2023). We implement:

Data Sharing & Disclosure

We may share your data only in the following circumstances:

• With your consent — e.g. sharing a session summary with your healthcare provider
• Service providers — payment processors (Paystack), cloud infrastructure, and email delivery, all bound by confidentiality agreements
• Clinical escalation — in cases of identified risk, relevant information may be escalated to our clinical advisor as part of our safety protocol
• Legal requirements — if required by a Nigerian court order, NDPC directive, or applicable law
• Emergency situations — to protect the life or safety of you or others
• Business transfer — in the event of a merger or acquisition, subject to the same data protection obligations

Your Privacy Rights

Under the NDPR 2023 you have the right to:

• Access — request a copy of the personal data we hold about you
• Correction — update or rectify inaccurate information
• Deletion — request erasure of your data (subject to legal retention obligations)
• Portability — receive your data in a structured, machine-readable format
• Restriction — limit how we process your information in certain circumstances
• Objection — object to processing based on legitimate interests
• Withdraw consent — revoke previously granted consent at any time

To exercise these rights, email privacy@onwynd.com. We will respond within 30 days.

Data Retention

Children's Privacy

Changes to This Policy

We may update this policy from time to time. We will notify you of significant changes by email or through our platform. Your continued use after such changes constitutes acceptance of the updated policy.

Contact Us