Privacy policy.

Dear Henrietta App Privacy Policy

Effective Date: July 25, 2025

Last Updated: July 25, 2025

Introduction

Dear Henrietta is a mobile app providing therapy-related services, safety tools, and emotional wellness support. This Privacy Policy explains how we collect, use, and protect your personal information when you use the app. We are committed to safeguarding your data in compliance with the Nigeria Data Protection Regulation (NDPR).

By using Dear Henrietta, you agree to the practices described in this policy. Our goal is to be transparent, lawful, and respectful so you feel secure and in control while using our services.

Data Controller

The data controller for your personal information is the owner/operator of the Dear Henrietta app, based in Nigeria. This means Dear Henrietta (referred to as “we” or “us”) determines why and how your personal data is processed. We are responsible for complying with the NDPR and take that responsibility seriously.

Personal Data We Collect

We collect only the personal information necessary to provide and improve our services, including:

  • Name: For profile creation and identification.

  • Email Address: Used for login, verification, and communication.

  • Phone Number: Used for account security (e.g., SMS verification) and support.

  • Date of Birth: To verify eligibility and personalize your experience.

  • Location: If you enable GPS access, we may use location data to tailor content (with your permission).

We do not collect or store health records, financial information, or sensitive categories of data such as religious beliefs or medical history. However, some features (like choosing a therapy theme) may reflect emotional or mental health preferences. We treat this data with heightened care, do not store session notes, and never use this information for profiling or external sharing.

Lawful Basis for Data Processing

We only process your data when one of the following lawful bases under NDPR applies:

  • Consent: You provide clear, informed consent during account registration or when enabling features (e.g., location).

  • Performance of a Contract: We process data to deliver the services you’ve requested such as creating your account or connecting you with a therapist.

  • Legal Obligation: If required by law (e.g., court order), we may process data to comply with legal requirements.

We will never use your personal data for purposes beyond what is stated in this policy without your permission.

How We Use Your Personal Data

We use your personal information to:

  • Provide and personalize services (account setup, matching with therapists, app experience).

  • Communicate important updates, account info, and support responses.

  • Improve app features through de-identified, aggregated analytics.

  • Maintain app safety and detect fraud or misuse.

  • Fulfill legal obligations, if necessary.

We do not use your data for unsolicited marketing or allow third parties to do so.

User Consent

We obtain your consent through:

  • Registration: Agreeing to our Terms and this Privacy Policy during sign-up.

  • In-App Permissions: For features like location, a prompt will request your permission.

  • Withdrawals: You may withdraw consent anytime via your settings or by contacting us.

  • Minors: Users must be 18+. If you believe a minor has registered without parental consent, please notify us immediately.

Data Sharing and Disclosure

We do not sell or rent your data. We only share it under limited, secure conditions:

  • Service Providers: We use third-party vendors (e.g., AWS, DigitalOcean) to host data, send emails, or monitor usage. These vendors are bound by data protection agreements and may not use your data for any other purpose.

  • Legal Requests: We may disclose your data to comply with lawful orders. You will be notified when legally permissible.

  • Platform Safety: If needed to protect the app or others (e.g., a security breach), we may disclose limited data to authorities.

  • Business Transfers: In the event of a company merger or sale, your data may be transferred under the same privacy commitments. You will be notified in advance.

Data Storage and International Transfers

Your data is stored on secure cloud servers, primarily hosted via reputable providers like AWS or DigitalOcean. These may be located outside Nigeria.

To protect your rights under NDPR:

  • We only store data in countries with adequate privacy protections.

  • We have contracts (data processing agreements) with our providers to ensure security and legal compliance.

  • We remain the sole data controller, your rights follow your data, no matter where it is stored.

Data Security

We use strong security practices to keep your data safe, including:

  • Encryption: All data in transit and at rest is encrypted.

  • Access Controls: Only authorized staff can access personal data, using secure login protocols.

  • Infrastructure Protections: We rely on best-in-class cloud providers with 24/7 monitoring, firewalls, and threat prevention.

  • Internal Policies: Our team is trained on privacy, and we review security regularly.

  • Breach Protocol: If a breach occurs, we’ll notify you and regulators as required promptly and transparently.

Your role: Please protect your login credentials and notify us immediately if you suspect unauthorized access.

Data Retention

We retain your data only as long as necessary:

  • Active Users: We keep your data while your account is active.

  • Account Deletion: When you delete your account, we erase your data within 30 days.

    We may keep a minimal record (e.g., email, deletion date) solely to confirm your request or prevent impersonation.

  • Legal Retention: Some records may be kept longer if required by law (e.g., fraud prevention or compliance). These will be archived securely and never used for marketing or profiling.

Your Data Protection Rights

Under the NDPR, you have the right to:

  • Be informed about data collection and use

  • Access and receive a copy of your data

  • Correct inaccurate data

  • Request deletion of your data

  • Withdraw consent at any time

  • Object to processing in certain cases

  • Restrict data use (e.g., during correction disputes)

  • Request data portability in common formats

  • File a complaint with the Nigeria Data Protection Bureau (NDPB)

You can exercise any of these rights by emailing us at letters@dearhenrietta.com. We may request identity verification before processing your request. You’ll receive a response within 30 days.

Contacting Us and Data Protection Officer

If you have any questions about your data, this policy, or want to exercise your rights, please contact:

Data Protection Officer

Email: letters@dearhenrietta.com

Address: 5b Oniru Road, Victoria Island, Lagos, Nigeria

Please include your request and relevant details. We’re here to protect your rights and help you feel safe using Dear Henrietta.

Changes to This Policy

We may update this Privacy Policy as laws evolve or our services change. If we make material updates, we’ll notify you by email, or via push notification. Minor clarifications may be updated silently. The latest version will always be accessible in the app and on our website.

Your continued use of the app after changes means you accept the updated policy. Where consent is needed for a new use of your data, we’ll ask explicitly.

Thank you for trusting Dear Henrietta with your information.

We are honored to hold your data, and we will protect it with the care it deserves.