Privacy policy

Last updated 22 June 2026

Optivance provides software that helps optometry and ophthalmology practices in Nigeria run their clinical and commercial operations. Because we process clinical data on behalf of practices, we take privacy seriously and align our practices with the Nigeria Data Protection Act (NDPA). This summary explains how we handle data; it is not a substitute for legal advice.

Who controls the data

The practice is the data controller for its patients' records. Optivance acts as a data processor, handling that data only to provide the service, under the practice's instructions.

What we collect

To run the system we process:

Practice and staff account details (name, role, contact).

Patient records entered by the practice — encounters, prescriptions, orders and balances.

Payment and reconciliation data from connected POS and payment tools.

Usage and device information needed to keep the service secure and reliable.

How we protect it

Data is encrypted in transit and at rest, backed up automatically, and access is restricted by role. Staff see only the records their role requires; owners can see across their branches. We apply the safeguards required under the NDPA.

Patient messaging

When a practice enables order and recall updates, we send messages to patients on WhatsApp and SMS on the practice's behalf. Practices are responsible for the lawful basis of contacting their patients.

Your rights & data portability

Patients may exercise their rights under the NDPA through the practice that holds their records. Practices can export their data and request deletion when they leave Optivance — the data is theirs.

Contact

Questions about this policy can be raised with us any time — get in touch.