Cowva← Back to Home

Privacy Policy

We are committed to protecting your personal information and your right to privacy.

Last updated: 28 May 2026

1. Who We Are

Cowva is a vaccination records management platform developed and operated by the Cowva Tech Team, based in Nigeria. Our platform is available at cowva.com and app.cowva.com.

We serve two groups of users: Health Facilities (pharmacies, clinics, hospitals, and immunisation centres) and their Patients(individuals whose vaccination records are managed on the platform).

For questions about this policy, contact us at: support@cowva.com

2. Information We Collect

We collect the following categories of personal data:

2.1 Patient / End-User Data

  • Full name (surname, first name, other names)
  • Email address
  • Phone number and WhatsApp number
  • Date of birth and gender
  • Vaccination records — vaccine names, brands, dates, doses, batch numbers
  • Shot schedules and next vaccination dates
  • Adverse event (AEFI) reports linked to immunisation
  • Unique platform identifier (INO ID)

2.2 Health Facility Data

  • Facility name, address, state, and contact details
  • Administrator and staff names, emails, and phone numbers
  • Subscription and billing information (invoices and payment references)
  • Branch locations and operating hours

2.3 Usage and Technical Data

  • System access logs (login events, actions performed)
  • IP address and browser/device type
  • Reminder delivery logs (SMS, WhatsApp, email)
  • Report download history

2.4 Contact Form Data

  • Name, email address, phone number, and message content submitted via our contact form

3. How We Use Your Information

We use collected data strictly for the following purposes:

  • Providing the Platform: To create and manage user accounts, store vaccination records, and deliver the core functionality of the platform.
  • Sending Reminders: To send automated vaccination reminders via SMS, WhatsApp, or email on behalf of the health facility managing your records.
  • Payment Processing: To process subscription payments and vaccination record download fees via Paystack, our payment partner.
  • Report Generation: To generate and deliver vaccination record PDF reports to patients upon request and payment.
  • Customer Support: To respond to enquiries and support requests submitted via our contact form or email.
  • Platform Improvement: To analyse aggregated, anonymised usage data to improve the platform. We do not sell personal data.
  • Legal Compliance: To comply with applicable Nigerian law including the Nigeria Data Protection Act (NDPA) 2023 and any healthcare data obligations.

4. Email Communications

We send transactional and operational emails using Mailgun (via our domain mg.cowva.com). These emails include:

  • Account registration and email verification
  • Password reset links
  • Vaccination record download links (following payment)
  • Vaccination reminder notifications
  • Subscription and billing notifications

We do not send unsolicited marketing emails. All emails are triggered by actions you or your health facility take on the platform.

You may opt out of non-essential email communications by contacting us at support@cowva.com. Transactional emails (e.g., download links, password resets) cannot be disabled as they are essential to platform operation.

5. How We Share Your Information

We do not sell, rent, or trade personal data. We share data only with the following trusted service providers, solely for the purpose of delivering our services:

ProviderPurposeData Shared
MailgunTransactional email deliveryName, email address
PaystackPayment processingName, email, payment amount
TermiiSMS reminder deliveryPhone number, reminder message
Sendchamp / Meta WhatsAppWhatsApp reminder deliveryWhatsApp number, reminder message
Amazon Web Services (AWS)Cloud hosting and file storageAll platform data (encrypted at rest)

All third-party providers are contractually bound to process data only for the stated purpose and in compliance with applicable data protection laws.

6. Data Retention

We retain personal data for as long as it is necessary to provide our services and comply with legal obligations:

  • Patient vaccination records: Retained for the lifetime of the account. Patients may request deletion subject to applicable health record retention laws.
  • Health facility account data: Retained for the duration of the subscription and for 3 years thereafter for audit and legal purposes.
  • Communication logs: Retained for up to 2 years for support and compliance purposes.
  • Contact form submissions: Retained for up to 12 months.

7. Your Rights

Under the Nigeria Data Protection Act (NDPA) 2023 and applicable regulations, you have the following rights:

  • Right of Access: Request a copy of the personal data we hold about you.
  • Right to Rectification: Request correction of inaccurate or incomplete data.
  • Right to Erasure: Request deletion of your personal data, subject to legal retention requirements.
  • Right to Restriction: Request that we limit how we use your data in certain circumstances.
  • Right to Data Portability: Request your data in a machine-readable format.
  • Right to Object: Object to processing of your personal data for certain purposes.
  • Right to Withdraw Consent: Where processing is based on consent, you may withdraw it at any time.

To exercise any of these rights, email us at support@cowva.com. We will respond within 30 days.

8. Data Security

We implement industry-standard security measures to protect your personal data:

  • All data in transit is encrypted using TLS/SSL (HTTPS)
  • Database backups are encrypted at rest on Amazon RDS (AWS)
  • Access to the production environment is restricted to authorised personnel only
  • User passwords are stored as salted cryptographic hashes — never in plain text
  • Platform sessions expire after 1 hour of inactivity
  • Media files are stored in private AWS S3 buckets

While we take all reasonable precautions, no method of transmission over the internet is 100% secure. If you discover a security vulnerability, please report it immediately to support@cowva.com.

9. Cookies

The Cowva web application (app.cowva.com) uses session cookies strictly necessary for authentication and platform operation. We do not use advertising, tracking, or third-party analytics cookies.

The marketing website (cowva.com) does not use cookies beyond standard browser caching for performance. No personal data is collected through cookies on this website.

10. Children's Privacy

Our platform may process vaccination records for children under the age of 18. Such records are created and managed by a registered health facility or a parent/guardian acting on the child's behalf.

We do not knowingly allow children under 18 to create independent accounts on the platform without the consent of a parent, guardian, or registered health facility.

11. International Data Transfers

Cowva is operated from Nigeria. Our cloud infrastructure (AWS) is hosted in the EU West (Ireland) region. By using our platform, you consent to your data being processed in these jurisdictions. We ensure all transfers comply with the Nigeria Data Protection Act 2023 and applicable international data transfer standards.

12. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable law. When we make material changes, we will update the "Last updated" date at the top of this page and, where appropriate, notify users via email.

Continued use of the platform after the effective date of any changes constitutes acceptance of the revised policy.

13. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or how we handle your personal data, please contact us:

Company: Cowva

Email: support@cowva.com

Website: https://cowva.com

Country: Nigeria