logo

Legal · Privacy

Privacy Policy

Your privacy is our promise.

Effective 01 May 2026

Important notice

NORRA collects and processes sensitive health information including reproductive health data, pregnancy information, and postpartum health data. Please read this Privacy Policy carefully. By using NORRA, you consent to the practices described in this document.

1

Introduction and Who We Are

NORRA is a digital maternal health companion designed specifically for African women navigating the journey of trying to conceive, pregnancy, and the postpartum period. We are committed to protecting the privacy and security of every woman who trusts us with her most personal health information.

This Privacy Policy explains how NORRA collects, uses, shares, and protects your personal data when you use our platform, including our website www.norra.africa, mobile application, and WhatsApp-integrated services.

NORRA operates in compliance with the Nigeria Data Protection Regulation (NDPR) 2019, the Nigeria Data Protection Act (NDPA) 2023, and where applicable, the General Data Protection Regulation (GDPR) and other relevant data protection laws across our operating territories.

1.1 Data Controller

NORRA Technologies Limited is the Data Controller responsible for your personal data. Our registered details are:

Email: hello@norra.africa

2

Information We Collect

We collect information that is necessary to provide you with our maternal health companion services. We collect only what we need, and we are transparent about everything we collect.

2.1 Information You Provide Directly

Account and Registration Information

  • Full name and preferred name
  • Email address and phone number
  • Date of birth and age
  • Country and state of residence
  • Preferred language (English, Igbo, Hausa, Yoruba, Pidgin)
  • Password and account credentials

Reproductive and Maternal Health Information

This is the most sensitive category of data we process. We collect this information solely to deliver our maternal health companion services:

  • Menstrual cycle data: cycle length, period start and end dates, flow intensity
  • Fertility indicators: ovulation tracking, basal body temperature, cervical mucus observations
  • Trying to conceive status: duration of trying, fertility treatment history
  • Pregnancy status and gestational age
  • Pregnancy symptoms, complications, and medical appointments
  • Obstetric history: previous pregnancies, miscarriages, stillbirths, terminations
  • Postpartum information: delivery date, delivery method, recovery progress
  • Breastfeeding status and duration
  • Postpartum mental health indicators
  • Medications and supplements taken during pregnancy or postpartum

Health and Lifestyle Information

  • Weight, height, and body mass index (BMI)
  • Exercise habits and physical activity levels
  • Dietary information and nutritional preferences
  • Sleep patterns and quality
  • Stress levels and emotional wellbeing indicators
  • Alcohol, smoking, and substance use (where disclosed)
  • Pre-existing medical conditions relevant to maternal health
  • Family medical history where voluntarily provided

Communications and Content

  • Messages sent through our WhatsApp integration and in-app chat
  • Questions asked to NORRA’s AI companion
  • Feedback, survey responses, and support requests
  • Voice notes submitted through WhatsApp

2.2 Information Collected Automatically

  • Device information: device type, operating system, app version
  • Usage data: features accessed, time spent, navigation patterns
  • Log data: IP address, access times, pages viewed, error reports
  • Location data: approximate location (country/region level, unless precise location is enabled)
  • Push notification interaction data
  • Analytics data about app performance and user experience

2.3 Information from Third Parties

  • WhatsApp Business API: message content and metadata when you use our WhatsApp service
  • Healthcare providers: where you choose to share NORRA data with your doctor or midwife
  • Payment processors: transaction records (we do not store full payment card details)
  • Authentication providers: if you sign in using Google or Apple accounts
  • Analytics partners: aggregated, anonymised usage information
3

How We Use Your Information

3.1 Providing and Improving Our Services

  • Delivering personalised maternal health guidance tailored to your stage of the motherhood journey
  • Generating cycle predictions, ovulation estimates, and pregnancy week-by-week guidance
  • Powering NORRA’s AI companion to answer your health questions accurately
  • Sending relevant health reminders, appointment alerts, and check-in notifications
  • Tracking your symptoms and flagging patterns that may require medical attention
  • Personalising content in your preferred language
  • Improving the accuracy of our AI models and health guidance
  • Conducting research to better understand maternal health needs of African women

3.2 Safety and Medical Escalation

NORRA is not a substitute for medical care. We use your health data to:

  • Identify symptoms or patterns that may indicate a medical emergency
  • Provide timely guidance to seek professional medical care when warranted
  • Generate health summaries that you can share with your healthcare provider

3.3 Communications

  • Sending you service notifications and updates
  • Delivering educational health content relevant to your stage
  • Responding to your questions and support requests
  • Sending marketing communications where you have given consent

3.4 Legal Compliance

  • Complying with applicable laws including the NDPA 2023 and NDPR 2019
  • Responding to lawful requests from regulatory authorities
  • Enforcing our Terms of Use and other legal agreements
  • Protecting the rights, property, and safety of NORRA and our users

3.5 Legal Bases for Processing (NDPA / GDPR)

We process your personal data on the following legal bases:

  • Consent — for processing sensitive health data, and for marketing communications
  • Contract performance — to deliver the services you have subscribed to
  • Legitimate interests — for platform security, fraud prevention, and service improvement
  • Legal obligation — for compliance with applicable Nigerian and international law
  • Vital interests — in circumstances involving a risk to your life or health
4

How We Share Your Information

NORRA does not sell your personal health data. We do not share your individually identifiable health data with advertisers, insurance companies, or employers.

4.1 Service Providers

We share data with carefully selected service providers who assist us in delivering our services. All service providers are bound by data processing agreements and may only process your data on our instructions:

  • Cloud hosting providers (data stored on servers within or accessible to Nigeria/Africa where possible)
  • Analytics providers (using anonymised or aggregated data only)
  • Customer support platforms
  • Payment processors
  • WhatsApp Business API provider (Meta Platforms)
  • Email and notification delivery services

4.2 Healthcare Providers

We share your data with healthcare providers only with your explicit consent and at your specific request, for example when you generate and share a health summary with your doctor or midwife.

4.3 Research Partners

We may share anonymised, aggregated data with research institutions, public health organisations, and academic partners to advance maternal health outcomes for African women. This data cannot be used to identify you individually.

4.4 Legal Requirements

We may disclose your information if required by law, regulation, court order, or other legal process, or to protect the vital interests of a person.

4.5 Business Transfers

In the event of a merger, acquisition, or sale of all or substantially all of NORRA’s assets, your data may be transferred to the successor entity. We will notify you of any such transfer and your rights in connection with it.

5

Data Retention

We retain your personal data for as long as your account is active or as needed to provide you with our services. Specific retention periods are:

  • Account and identity data — duration of your account plus 3 years after account closure
  • Health and cycle data — duration of your account plus 2 years after account closure
  • Pregnancy and postpartum records — duration of your account plus 5 years (for medical record purposes)
  • Communications and chat history — 2 years from the date of communication
  • Payment records — 7 years as required by Nigerian financial regulations
  • Security and audit logs — 12 months

You may request deletion of your data at any time. See Section 8 for your rights.

6

Data Security

NORRA takes the security of your sensitive health data extremely seriously. We implement the following measures:

6.1 Technical Safeguards

  • AES-256 encryption for all health data at rest
  • TLS 1.3 encryption for all data in transit
  • End-to-end encryption for sensitive communications where technically feasible
  • Multi-factor authentication for account access
  • Regular security audits and penetration testing
  • Access controls limiting staff access to personal data on a need-to-know basis
  • Automated threat detection and intrusion prevention systems

6.2 Organisational Safeguards

  • Mandatory data protection training for all staff
  • Appointed Data Protection Officer (DPO) registered with NITDA
  • Data Processing Impact Assessments (DPIAs) for new features involving health data
  • Vendor due diligence process for all third-party processors
  • Incident response plan with 72-hour breach notification protocol

6.3 Data Breach Notification

In the event of a data breach that is likely to affect your rights, we will notify you without undue delay and in accordance with our obligations under the NDPA 2023 and applicable regulations.

7

International Data Transfers

NORRA is primarily designed for and operated within Nigeria and Africa. Where we transfer your data outside Nigeria (for example, to cloud service providers), we ensure appropriate safeguards are in place, including:

  • Standard Contractual Clauses (SCCs) approved by relevant authorities
  • Adequacy decisions where applicable
  • Binding Corporate Rules for intra-group transfers

We always seek to use service providers with data centres located in Africa where available and commercially viable.

8

Your Rights

Under the NDPA 2023 and applicable data protection laws, you have the following rights:

8.1 Right to Access

You have the right to request a copy of all personal data we hold about you. We will respond within 30 days of your request. You can access much of your data directly within the NORRA app.

8.2 Right to Rectification

You have the right to correct any inaccurate or incomplete personal data we hold about you. You can update most data directly within your account settings.

8.3 Right to Erasure (‘Right to be Forgotten’)

You have the right to request deletion of your personal data. We will honour this request except where we are required to retain data by law or where we have a legitimate overriding interest.

8.4 Right to Restrict Processing

You have the right to request that we restrict the processing of your personal data in certain circumstances, for example while we resolve a dispute about accuracy.

8.5 Right to Data Portability

You have the right to receive your personal data in a structured, commonly used, machine-readable format, and to transmit that data to another controller.

8.6 Right to Object

You have the right to object to processing of your personal data for direct marketing purposes, and in certain other circumstances. We will stop processing upon receipt of your objection unless we have compelling legitimate grounds.

8.7 Rights Related to Automated Decision-Making

NORRA uses automated processing to generate health insights and guidance. You have the right not to be subject to a decision based solely on automated processing that produces legal or similarly significant effects. You may request human review of any automated decision that significantly affects you.

8.8 Right to Withdraw Consent

Where we process your data based on consent, you may withdraw that consent at any time without affecting the lawfulness of processing before withdrawal.

8.9 How to Exercise Your Rights

To exercise any of these rights, contact us at:

Email: hello@norra.africa

Subject line: “Data Rights Request”

We will respond within 30 days. We may ask you to verify your identity before processing your request.

8.10 Right to Lodge a Complaint

If you are unsatisfied with our handling of your data, you have the right to lodge a complaint with the National Information Technology Development Agency (NITDA), Nigeria’s data protection regulator:

Address: No. 28 Port Harcourt Crescent, Area 11, Garki, Abuja

Website: nitda.gov.ng

9

Children’s Privacy

NORRA is not intended for use by persons under the age of 18. We do not knowingly collect personal data from minors. If we become aware that we have collected data from a person under 18 without verified parental consent, we will take steps to delete that information promptly.

If you believe we have inadvertently collected data from a minor, please contact us immediately at hello@norra.africa.

10

Mental Health and Emotional Wellbeing Data

NORRA collects data relating to your emotional wellbeing, including postpartum depression screening indicators and mood tracking. This data is treated with the highest level of sensitivity.

Mental health indicators are used solely to provide you with appropriate support resources and to personalise your experience. We will never use mental health data in ways that could stigmatise or disadvantage you.

If our systems detect indicators of a mental health crisis, we will provide you with emergency support resources. We do not share mental health data with employers, insurers, or other third parties without your explicit consent.

11

Artificial Intelligence and Automated Processing

NORRA’s companion service uses artificial intelligence to analyse your health data and generate personalised guidance. Key facts about our AI processing:

  • Our AI is designed to be a supportive companion, not a diagnostic tool
  • AI-generated guidance is based on validated maternal health guidelines
  • We continuously review and improve our AI to reduce bias, particularly bias that may disadvantage African women
  • You can always request human review of AI-generated content by contacting hello@norra.africa
  • We do not use your identifiable data to train AI models without your explicit consent
12

Cookies and Tracking Technologies

Our website uses cookies and similar tracking technologies. Please refer to our separate Cookie Policy for full details of what we use, why, and how to manage your preferences.

13

Third-Party Links and Services

NORRA may contain links to third-party websites, health resources, or services. This Privacy Policy does not apply to those third-party services. We encourage you to review the privacy policies of any third-party services you access through NORRA.

14

Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. When we make material changes, we will:

  • Notify you by email or in-app notification at least 30 days before the changes take effect
  • Post the updated policy on our website with a new ‘Last Updated’ date
  • Where required by law, seek your renewed consent

Your continued use of NORRA after the effective date of changes constitutes acceptance of the updated Privacy Policy.

15

Contact Us

For any questions, concerns, or requests relating to this Privacy Policy or our data practices, please contact:

hello@norra.africa

No mother journeys alone. Your trust is the foundation of everything we do.

Last updated 01 May 2026

Back to top ↑