Legal · ProGen Health
Privacy Policy
Last updated: 29 May 2026
ProGen Health Limited (“ProGen,” “we,” “us”) respects your privacy. This Privacy Policy explains what information we collect, why we collect it, how we use and protect it, and the choices you have. It applies to the ProGen website, the member portal (web and PWA), and any service that links to this policy.
ProGen Health is a wellness and health-monitoring service in Ghana. We comply with the Ghana Data Protection Act, 2012 (Act 843). Where relevant, we have registered as a data controller with the Data Protection Commission.
1. Information we collect
We collect information in three categories:
- Information you give us — your name, date of birth, sex (used for biomarker reference ranges), region, phone number, email, emergency contact details, health goals and concerns, family-history notes, and any dependent information you choose to add.
- Health and test data — biomarker values returned by partner labs, the source PDF reports, clinician interpretations, AI-generated insights (always reviewed by a clinician before release), nutritionist plans, and any urgent-escalation flags.
- Account and usage data — sign-in events, multi-factor authentication state, device type, browser, IP address, and high-level analytics about which pages you visit so we can improve the service.
2. How we use your information
We use your information to:
- Provide and operate the Services you signed up for.
- Coordinate lab testing, clinician review, nutrition planning, and the delivery of your results.
- Personalise the AI-generated insights surfaced to your clinician — never released directly to you without that clinician’s sign-off.
- Send transactional emails and account notifications.
- Send marketing or product news only with your opt-in consent (you can opt out at any time from your account settings).
- Detect, investigate, and prevent fraud, abuse, and security incidents.
- Comply with Ghanaian law and respond to lawful requests from public authorities.
3. Lawful basis
We process your personal data on the following bases under Act 843: (a) your consent (which you give when you sign up and complete onboarding); (b) the performance of our contract with you; (c) compliance with a legal obligation; and (d) the legitimate interest of ProGen in operating a safe, secure platform (balanced against your rights).
Health and sensitive personal data is processed only with your explicit consent, and only by clinicians and ProGen personnel who need to see it to deliver your service.
4. Who sees your data
Your health data is visible only to the following people:
- You.
- The partner lab that processes your sample, for the limited purpose of running the analysis and uploading the values. Labs see member reference IDs only, not your full name.
- ProGen Admin-Assist staff, who verify the values against the lab’s PDF and route the order.
- The reviewing clinician (doctor) and the reviewing nutritionist.
- ProGen Super Administrators, for oversight, support, and security purposes.
Access is enforced at the database level via row-level security — not just at the user interface. Every access is logged in our audit trail.
5. Service providers we use
We share a minimum of information with carefully chosen service providers who help us operate the platform:
- Supabase for managed Postgres, authentication, and storage (data residency configured per our deployment).
- Hubtel for payment processing (MTN MoMo, Vodafone Cash, AirtelTigo Money, card).
- Anthropic for AI-assisted draft insights, which are reviewed by a licensed clinician before release.
- WhatsApp Business API and email providers for notifications — we send links only, never raw values or clinical interpretations over messaging channels.
- Vercel for hosting the application.
6. How we protect your data
- Encryption in transit (TLS) and at rest.
- Row-level security policies that enforce role boundaries.
- Multi-factor authentication mandatory for all staff roles.
- Optional Face ID / PIN re-lock on the installed PWA so a shared device can’t casually expose your health data.
- Append-only audit log capturing every action taken on your records.
- Regular access reviews and a strict need-to-know principle for staff.
7. How long we keep your data
We retain your account and health data while you are an active member, plus the retention period required by Ghanaian law. If you close your account, we delete identifying information within 30 days, except where we are required to retain certain records for legal, tax, or audit purposes.
8. Your rights
Under the Ghana Data Protection Act you may:
- Access the personal data we hold about you.
- Ask us to correct inaccurate or incomplete data.
- Ask us to delete your data (subject to legal retention obligations).
- Object to or restrict certain processing.
- Withdraw consent at any time.
- Lodge a complaint with the Ghana Data Protection Commission.
To exercise any of these rights, email privacy@progenhealth.com. We respond within 30 days.
9. Children
ProGen accounts are for adults. A member may add up to two dependents (including children) — but the member assumes full responsibility for that dependent’s data and consents on their behalf. We do not knowingly collect data directly from children under 18.
10. International transfers
Some of our service providers (e.g. AI providers) process data outside Ghana. Where this is the case we ensure equivalent contractual protections are in place and minimise the data sent.
11. Cookies and analytics
We use a small number of strictly necessary cookies to keep you signed in and to remember preferences. We use minimal first-party analytics to understand aggregate usage. We do not sell your data and we do not use third-party advertising cookies.
12. Changes to this policy
We will update this page when our practices change. The “Last updated” date at the top reflects the most recent change. We will notify you of material changes through the portal or by email.
13. Contact
ProGen Health Limited
Email: privacy@progenhealth.com