Privacy Policy

From visitors to this website, we collect basic analytics — pages viewed, referring source, approximate location based on IP, device and browser type. We use Google Analytics or an equivalent privacy- conscious analytics tool. We do not sell, rent, or trade this data.

From hospitals using ACOS, we collect the information you provide during onboarding — facility details, staff accounts, billing information for your subscription — and the operational and clinical data you generate within the platform. The clinical data remains under your hospital’s control; we hold it on your behalf.

From people who contact us through the demo form, the contact page, email, or WhatsApp, we collect the details you provide — name, email, phone, hospital name — for the purpose of responding to your enquiry.

To provide the ACOS platform — running the service, supporting your team, processing payments, sending operational notifications.

To improve the platform — analysing usage patterns to identify friction, prioritise improvements, and shape new features. We do not train AI models on your patient data; AI features in ACOS that involve third-party model providers are configured to not retain prompts or completions.

To communicate with you — about service updates, security advisories, and (with your consent) product news.

To meet legal obligations — including those imposed by the Ghana Data Protection Act, Ghana’s health regulator, and any applicable laws in jurisdictions where our infrastructure operates.

Patient health information passing through ACOS is sensitive personal data. We hold it on behalf of the hospital that licenses ACOS, under a Data Processing Agreement that defines the responsibilities of both parties.

We do not access patient records except where necessary to provide support, investigate an incident, or comply with a lawful request. Where we do access them, the access is logged in the audit trail and subject to the hospital’s review.

Patient data is encrypted at rest (AES-256) and in transit (TLS 1.3). Backups are encrypted and stored in a separate region. We do not sell, share, or otherwise disclose patient data to third parties except as authorised by the hospital data controller.

Under the Ghana Data Protection Act, you have the right to access personal information we hold about you, to request correction of inaccuracies, to request deletion in certain circumstances, and to object to certain types of processing.

For data held about you as a website visitor or contact, exercise these rights by emailing support@africacos.com.

For data held about you as a patient of a hospital using ACOS, the hospital is the data controller — please direct your request to them. We will support the hospital in fulfilling lawful requests.

We use cookies for essential functions (authentication, session management) and for analytics. You can control cookies through your browser settings; disabling essential cookies will prevent the platform from working.

ACOS uses a small number of carefully selected sub-processors to deliver the service — including AWS (hosting), payment processors, and communication providers. Our current sub-processor list is available on request to support@africacos.com.

We retain operational and clinical data for the life of your relationship with ACOS, plus the regulatory minimum required for healthcare records in Ghana. After termination, data is exported to you and securely deleted from our systems within 90 days, unless a longer retention is required by law.

We will post any changes to this policy on this page with a revised effective date. Material changes will also be communicated to active customers by email at least 30 days before taking effect.

Questions about this policy, our practices, or your rights: support@africacos.com.