IntaOps

Legal

Client Service Agreement, Data Protection Agreement, and Privacy Policy. We are committed to transparency, security, and putting you in control of your data.

NDPC Compliant
End-to-End Encryption
User Control
Zero-Trust Architecture
Service AgreementData ProtectionData CollectionData StorageCamera PrivacyYour RightsContact Us

Client Service Agreement

Terms governing the use of IntaOps services

Effective Date: April 17, 2026 · Last Updated: April 17, 2026

1. Parties & Scope

This Client Service Agreement (“Agreement”) is entered into between IntaOps.io Limited (“IntaOps,” “we,” “us”), a company registered and headquartered in Victoria Island, Lagos, Nigeria, and the individual or entity (“Client,” “you”) that registers for or accesses the IntaOps platform.

This Agreement governs your access to and use of all IntaOps services, including but not limited to: Intaops ID issuance; decentralised health-record interoperability; consent-based data exchange; and any APIs, SDKs, or integrations provided by IntaOps (collectively, the “Services”).

By creating an account, accessing the platform, or using any Service, you acknowledge that you have read, understood, and agree to be bound by this Agreement.

2. Services Provided

Identity Verification

Issuance of a unique Intaops ID backed by government-issued documents and biometric authentication, serving as your portable digital identity across partner institutions.

Health Interoperability

Secure cross-institutional sharing of electronic health records (EHR) compliant with FHIR/HL7 standards, enabling seamless continuity of care.

Data Exchange

Consent-driven data sharing with format transformation (FHIR, HL7, JSON, CSV) and real-time validation, governed by smart-contract access controls.

3. Client Obligations

  • Provide accurate, current, and complete information during registration and keep it updated.
  • Safeguard your account credentials. You are responsible for all activity under your account.
  • Use the Services only for lawful purposes and in compliance with all applicable Nigerian and international laws.
  • Not attempt to reverse-engineer, decompile, or otherwise interfere with the platform’s security mechanisms.
  • Comply with all consent protocols when requesting access to another user’s data.
  • For institutional Clients (hospitals, HMOs, labs): ensure all authorised users within your organisation are bound by equivalent obligations.

4. Fees & Payment

Certain Services may be offered at no charge; others require a subscription or per-use fee as described on the applicable pricing page. All fees are quoted in Nigerian Naira (NGN) unless otherwise stated.

IntaOps may update fees upon thirty (30) days’ prior written notice. Continued use of paid Services after the effective date of a fee change constitutes acceptance of the new fees.

Refunds are handled on a case-by-case basis. For disputed charges, contact support@intaops.io within fourteen (14) days of the charge.

5. Intellectual Property

All right, title, and interest in the IntaOps platform—including software, APIs, SDKs, trademarks, documentation, and design—remain the exclusive property of IntaOps.io Limited.

You retain ownership of the data you upload or generate through the platform. We claim no ownership over your personal data, and/or health records.

You grant IntaOps a limited, non-exclusive licence to process your data solely to the extent necessary to provide the Services and fulfil our obligations under this Agreement.

6. Service Levels & Availability

IntaOps targets 99.9 % platform uptime, measured monthly. Scheduled maintenance windows will be communicated at least forty-eight (48) hours in advance and, where possible, performed during low-traffic periods.

IntaOps shall not be liable for downtime caused by force majeure events, third-party service failures, or actions of the Client that compromise platform stability.

7. Limitation of Liability

To the maximum extent permitted by law, IntaOps shall not be liable for any indirect, incidental, special, consequential, or punitive damages, including loss of profits, data, or goodwill, arising out of or in connection with the use or inability to use the Services.

Our total aggregate liability for all claims arising under this Agreement shall not exceed the fees paid by you to IntaOps in the twelve (12) months immediately preceding the event giving rise to the claim.

8. Termination

Either party may terminate this Agreement by providing thirty (30) days’ written notice to the other party. IntaOps may suspend or terminate access immediately if you breach any material term of this Agreement.

Upon termination, you may request an export of your data in a machine-readable format within thirty (30) days. After this period, IntaOps will securely delete your data in accordance with our Data Protection Agreement, unless retention is required by law.

9. Governing Law & Dispute Resolution

This Agreement shall be governed by and construed in accordance with the laws of the Federal Republic of Nigeria. Any dispute arising under this Agreement shall first be submitted to good-faith mediation. If mediation fails within thirty (30) days, the dispute shall be resolved by binding arbitration under the rules of the Lagos Court of Arbitration.

Data Protection Agreement

How we safeguard your personal data in compliance with Nigerian and international standards

Effective Date: April 17, 2026 · Aligned with the Nigeria Data Protection Act 2023 (NDPA) & NDPC Regulations

1. Definitions

“Personal Data”

Any information relating to an identified or identifiable natural person, including name, contact details, Intaops ID, biometric identifiers, health records, and financial data processed through the platform.

“Sensitive Personal Data”

A subset of Personal Data requiring heightened protection, including biometric data, health and medical records, government-issued identity numbers, and financial information.

“Data Controller”

The Client (individual or institution) who determines the purposes and means of processing Personal Data through the IntaOps platform.

“Data Processor”

IntaOps.io Limited, which processes Personal Data on behalf of the Data Controller in accordance with this Agreement.

2. Legal Basis for Processing

IntaOps processes Personal Data under one or more of the following lawful bases:

  • Consent: Explicit, informed, and freely given consent obtained before or at the point of data collection. For Sensitive Personal Data, consent is always required.
  • Contractual Necessity: Processing required to perform the Services described in the Client Service Agreement.
  • Legal Obligation: Processing necessary to comply with Nigerian law, regulatory requirements, or court orders.
  • Legitimate Interest: Processing necessary for fraud prevention, platform security monitoring, and service improvement, provided such interests are not overridden by your fundamental rights.

3. Data Processing Principles

Lawfulness & Transparency

We process data lawfully, fairly, and in a transparent manner. You will always be informed of what data is collected and why.

Purpose Limitation

Data is collected for specified, explicit, and legitimate purposes and shall not be processed in a manner incompatible with those purposes.

Data Minimisation

We collect only the minimum data necessary for the stated purpose. Unnecessary fields are never required.

Accuracy

We take reasonable steps to ensure Personal Data is accurate and up to date. You may rectify inaccuracies at any time.

Storage Limitation

Data is retained only for as long as necessary to fulfil the purpose for which it was collected, or as required by law.

Integrity & Confidentiality

Data is processed with appropriate security measures, including AES-256 encryption, blockchain audit trails, and biometric access controls.

4. Consent & User Control

IntaOps operates on a consent-first model. No data is shared silently or in the background.

  • Institutions must send a consent request (similar to a connection request) before accessing your data. You approve or reject each request explicitly.
  • Consent for Sensitive Personal Data (health records, biometrics) requires biometric confirmation via your Intaops ID.
  • You may withdraw consent at any time through your account settings. Withdrawal does not affect the lawfulness of processing carried out before withdrawal.
  • For minors, parental or guardian consent is obtained and verified before any data processing occurs.

5. Technical & Organisational Security Measures

Encryption

AES-256 encryption for data at rest; mTLS for data in transit. Encryption keys are managed in isolated, hardware-backed key stores.

Zero-Trust Access

Your Intaops ID serves as a personal encryption key. No one—including IntaOps staff and hosting providers—can access your data without your biometric authorisation.

Blockchain Audit Trail

Every data access event is recorded on an immutable, tamper-proof blockchain ledger with timestamps, accessor identity, and purpose of access.

Infrastructure

Distributed, redundant infrastructure across multiple regions with 99.9 % uptime. Automated threat detection, intrusion prevention, and regular penetration testing.

6. Data Breach Notification

In the event of a Personal Data breach, IntaOps shall:

  • Notify affected Data Controllers and the Nigeria Data Protection Commission (NDPC) within 72 hours of becoming aware of the breach.
  • Provide a detailed incident report including the nature of the breach, categories and approximate number of data subjects affected, likely consequences, and measures taken to mitigate the breach.
  • Cooperate fully with affected parties and regulators in investigating and remediating the breach.
  • Notify affected individuals directly where the breach is likely to result in a high risk to their rights and freedoms.

7. Sub-Processors & Third Parties

IntaOps may engage sub-processors to assist in delivering the Services. All sub-processors are bound by data protection obligations no less stringent than those in this Agreement.

  • We maintain and make available upon request a current list of sub-processors.
  • We will provide thirty (30) days’ advance notice before engaging a new sub-processor, during which time you may object.
  • IntaOps remains fully liable for the acts and omissions of its sub-processors.

8. International Data Transfers

Where Personal Data is transferred outside Nigeria, IntaOps ensures that adequate safeguards are in place as required by the NDPA and NDPC guidelines, including:

  • Transfer to jurisdictions recognised by the NDPC as providing an adequate level of data protection.
  • Implementation of appropriate contractual clauses and technical safeguards (encryption in transit, access controls) for all cross-border transfers.
  • Conducting transfer impact assessments where required.

9. Data Retention & Deletion

Personal Data is retained only for as long as necessary to fulfil the purposes outlined in this Agreement or as required by applicable law. Specific retention periods include:

  • Identity verification data: Retained for the duration of your active account plus six (6) months after account closure for audit purposes.
  • Health records: Retained in accordance with applicable health-record retention laws in Nigeria or the relevant jurisdiction.
  • Transaction and payment data: Retained for seven (7) years as required by Nigerian financial regulations.
  • Biometric data from verification: Temporary captures are deleted immediately after processing; only encrypted verification results are retained.

Upon expiry of the retention period or upon your valid deletion request, data is securely erased using cryptographic erasure methods, rendering recovery impossible.

10. Data Protection Impact Assessments

IntaOps conducts Data Protection Impact Assessments (DPIAs) before introducing new processing activities that are likely to result in a high risk to data subjects’ rights and freedoms. DPIAs are reviewed annually or when there is a significant change in processing operations. Results are available to the NDPC upon request.

Data Collection & Processing

Understanding what information we collect and why

Personal Information

We collect only the essential information needed to verify your identity and provide our services effectively. This includes basic contact details, and identity verification documents.

Verification Data

Identity verification involves processing government-issued documents and biometric data to ensure the highest level of security and compliance with regulatory requirements.

Usage Analytics

We collect anonymized usage data to improve our platform performance, understand user behavior, and enhance the overall user experience while maintaining your privacy.

Security Monitoring

For security purposes, we monitor platform access patterns and unusual activities to protect your account and prevent fraudulent activities.

Data Storage & Security

How we protect and store your information

Encryption Standards

All data is encrypted using industry-standard AES-256 encryption both in transit and at rest. Your sensitive information is protected with military-grade security protocols.

Infrastructure

Our distributed networks are strategically located across multiple regions with redundant backups and 99.9% uptime guarantee to ensure your data is always accessible and secure.

Access Control

You retain full ownership and control of your data, as you are the only one with the encryption key (Intaops ID). No one, not even the hosts, can access or control your data.

Camera & Biometric Privacy

Your consent and control over camera usage

Explicit Consent Required

We will never access your camera without your explicit permission. Camera access is only requested during identity verification processes and you have full control to deny or revoke access at any time.

Secure Processing

All biometric data captured through your camera is processed securely on our encrypted servers and is never stored locally on your device or shared with third parties.

Purpose Limitation

Camera access is strictly limited to identity verification purposes. We do not use your camera for advertising, tracking, or any other purposes beyond security and verification.

Automatic Deletion

Temporary images captured during verification are automatically deleted after processing. Only essential verification results are retained.

Important Camera Privacy Notice

Your browser will always notify you when we request camera access. You can revoke camera permissions at any time through your browser settings. For mobile apps, you can manage camera permissions through your device’s privacy settings.

Your Privacy Rights

Take control of your personal information

Right to Access

Request a copy of all personal data we hold about you in a readable format.

Right to Rectify

Correct or update any inaccurate or incomplete personal information.

Right to Erasure

Request deletion of your personal data when it is no longer necessary for the original purpose.

Data Portability

Upon your consent, receive your data in a structured, machine-readable format for transfer to another provider.

How to Exercise Your Rights

Email Request

Send a request to support@intaops.io with your specific privacy request

Account Settings

Manage privacy preferences directly in your account dashboard

Phone Support

Call our privacy support team at +234 (807) 411-3131

Have Questions?

We’re here to help. Contact our team for any questions about these agreements, your data protection rights, or our services.

Data Protection Officer

Direct line to our DPO

support@intaops.io

Phone Support

Speak directly with our team

+234 (807) 411-3131

Response Time

We typically respond within

24–48 hours