Legal

Privacy Policy

This policy explains what Helm collects, why we collect it, how we protect laboratory and patient data, and how you can exercise your data rights.

Effective date

1 June 2026

Contact

privacy@helmlims.com

At a glance

  • Your laboratory data and patient records remain your property.
  • Payment card details are handled by Paystack and are not stored on Helm servers.
  • We do not sell, rent, trade, or use patient data for advertising.
  • You can contact us to exercise privacy rights under Nigerian data protection law.

1. Data Controller

Sampliq Health Technologies Limited ("Sampliq", "we", "us", or "our") operates the Helm laboratory information system at helmlims.com. This Privacy Policy explains how we collect, use, and protect personal data in connection with the service. We are committed to complying with the Nigeria Data Protection Regulation (NDPR) 2019 and the Nigeria Data Protection Act (NDPA) 2023.

Sampliq Health Technologies Limited

Lagos, Nigeria

Email: privacy@helmlims.com

2. Data We Collect

Account and billing data: When you sign up we collect your name, email address, laboratory name, and payment information. Payment card details are handled exclusively by Paystack and are never stored on our servers.

Laboratory operational data: Data you enter to operate your laboratory, including patient names, dates of birth, contact details, test orders, and laboratory results. This data is entered by you and belongs to you.

Usage data: Log data such as IP addresses, browser type, pages visited, and timestamps, collected automatically to maintain service security and reliability.

Communications: If you contact our support team, we retain those communications to resolve your issue and improve our service.

3. How We Use Your Data

We use personal data only to:

  • Provide, operate, and maintain the Helm service.
  • Process payments and manage your subscription via Paystack.
  • Send transactional emails, including password resets, receipts, and account notices, via Resend.
  • Monitor service performance, detect errors, and investigate security incidents.
  • Comply with applicable Nigerian law and respond to lawful requests from authorities.

We do not use your data for advertising, profiling, or any purpose unrelated to providing you with the Helm service.

4. Lawful Basis for Processing

Under the NDPA and NDPR, we process personal data on the following bases:

  • Contract performance - to provide the service you subscribed to.
  • Legitimate interests - for service security, fraud prevention, and product improvement, where those interests are not overridden by your rights.
  • Legal obligation - where processing is required by Nigerian law.
  • Consent - where you have explicitly provided it, such as optional marketing communications.

5. Data Ownership and Your Rights

All patient records and laboratory data you enter into Helm remain your property at all times. Sampliq processes this data only as a data processor acting on your instructions.

Under the NDPR and NDPA you have the right to:

  • Access - request a copy of personal data we hold about you.
  • Rectification - correct inaccurate personal data.
  • Erasure - request deletion of your data, subject to legal retention obligations.
  • Portability - export your laboratory data in a machine-readable format at any time from within the app.
  • Objection - object to processing based on legitimate interests.

To exercise any of these rights, email us at privacy@helmlims.com. We will respond within 30 days.

6. Data Storage and Security

Your data is stored on cloud servers (Supabase / PostgreSQL) hosted in the European Union (Frankfurt, Germany) under a data processing agreement that meets NDPR requirements for cross-border data transfers.

We implement industry-standard security measures including TLS encryption in transit, encryption at rest, role-based access controls, and regular security audits. Access to production data is restricted to authorised personnel only.

In the event of a data breach affecting your personal data, we will notify you and the Nigeria Data Protection Commission (NDPC) within 72 hours of becoming aware, as required by the NDPA.

7. Third-Party Service Providers

We share data with trusted processors only to the extent necessary to provide the service:

  • Supabase - database and file storage.
  • Paystack - payment processing. Paystack does not receive patient data.
  • Resend - transactional email delivery.
  • Sentry - error monitoring. Patient identifiers are stripped from error reports before transmission.

We do not sell, rent, or trade your personal data or your patients' data to any third party, ever.

8. Cookies

Helm uses the following cookies:

  • helm_refresh - an HTTP-only, secure session cookie used to maintain your authenticated session. Essential for the service to function; cannot be disabled.

We do not use advertising cookies, third-party tracking pixels, or cross-site tracking technologies. We may use a first-party analytics tool (PostHog, self-hosted) to understand how the product is used in aggregate; this does not involve individual profiling.

9. Data Retention

We retain account and billing data for as long as your subscription is active and for 7 years thereafter, as required for financial record-keeping under Nigerian law. Patient and laboratory data is retained for the duration of your subscription. Upon account closure, data is available for export for 30 days before being permanently deleted.

10. Children

Helm is not directed at individuals under 18. We do not knowingly collect personal data from minors directly. Patient records for minor patients entered by laboratory professionals are treated with the same protections as all other patient data.

11. Changes to This Policy

We may update this Privacy Policy as our practices or the law changes. We will notify you by email at least 14 days before material changes take effect. The current version is always available at helmlims.com/privacy.

12. Contact and Complaints

For privacy questions or to exercise your data rights, contact our Data Protection Officer at privacy@helmlims.com.

If you believe we have not handled your personal data in accordance with the NDPR or NDPA, you may lodge a complaint with the Nigeria Data Protection Commission (NDPC) at ndpc.gov.ng.