Onboard Logo

Privacy Policy | Onboard DCE

Effective Date: November 5, 2025

Last Updated: November 5, 2025

This Privacy Policy describes how Infinity Health Africa (“Infinity Health,” “we,” “us,” or “our”) collects, uses, stores, and protects information when organizations use the Onboard DCE platform and related services.

By accessing or using Onboard DCE, you agree to this Privacy Policy. If you do not agree, please do not use the Platform.

Privacy Policy

Overview

Onboard DCE is a regulatory-technology platform designed to help organizations prepare, validate, and manage Common Technical Document (CTD) dossiers and other regulatory submissions. It provides document validation, AI-assisted review (“Rubrik”), readiness assessment, and document management tools.

This Policy applies to all organizational users — including administrators, regulatory teams, and reviewers — who use Onboard DCE on behalf of their companies or clients.

Information We Collect

We collect business and operational data that enables us to deliver, secure, and support the DCE services.

A. Business and User Information

  • Company name, company address, and contact details.
  • User profile details: name, email, phone number, and assigned role (Team Member, Reviewer, Admin).
  • Authentication details such as login credentials, access logs, and role-based permissions.

B. Regulatory and Document Data

  • Product registration data, dossier files, CTD module uploads, and supporting documents.
  • Validation results and AI-generated feedback from Rubrik.
  • Audit logs, document versions, and user actions within the Document Management Library.

C. Technical and Usage Data

  • IP address, browser type, device metadata, and session analytics
  • Platform metrics, logs, and system events collected via our Multi Cloud infrastructure and other monitoring tools.
  • Cookies or similar technologies to enhance performance and security.

D. Data Relating to Persons Under 18 Years of Age

  • The Onboard DCE Platform is intended strictly for use by organizations and their authorized representatives who are 18 years and above.
  • We do not collect information from minors (any person under the age of 18), so do not submit such information to us.
  • If any data relating to an individual under 18 is mistakenly submitted through the Platform, we will delete or anonymize such information once identified.
  • Organizations using the Platform are responsible for ensuring that only eligible users (18+) are granted access to their accounts and documentation workflows.

How We Use the Information

We process collected information to:

  • Provide and manage DCE platform services, including CTD validation, dossier compilation, and AI-assisted review.
  • Maintain secure access, authenticate users, and prevent unauthorized activity.
  • Support and communicate with customers, including product updates, marketing communication, notifications, and troubleshooting.
  • Improve platform reliability, performance, and AI model accuracy.
  • Comply with applicable legal, regulatory, and audit requirements.

We do not sell, trade, or rent user or business data. All documents are encrypted end to end on our system.

AI Processing (Rubrik) and Oversight

Rubrik is the proprietary AI validation component integrated into Onboard DCE. It reviews uploaded documents to identify completeness, structure, and formatting issues but does not make regulatory decisions.

  • Rubrik operates entirely within Infinity Health’s secure Multi Cloud environment.
  • All AI outputs are expected to be reviewed by authorized human personnel before any regulatory submission or official action.
  • Data processed by Rubrik is used solely for validation and platform improvement within Infinity Health’s infrastructure.

Data Sharing and Transfers

We may share Africa data with:

  • Authorized service providers, and regulatory organisation(s) who support hosting, monitoring, maintenance and auditing
  • Regulatory authorities or partners only when explicitly required by law or contractual arrangement.
  • Infinity Health internal teams for support, compliance, or system optimization which is based on users generated token

Where data is transferred across borders (e.g., between Nigeria, the United Kingdom, or the EEA), we apply appropriate legal safeguards consistent with applicable data protection laws.

Data Security and Retention

  • All documents and personal data are stored in encrypted form using our Multi-cloud services.
  • Access is restricted via role-based permissions, VPN connections, and secure networks.
  • Audit logs and monitoring tools help prevent unauthorized use or data loss.
  • We retain dossier and account data only for as long as necessary to provide the service, meet regulatory retention requirements, or fulfill audit obligations.
  • When retention periods expire, data is securely deleted.

Cookies and Tracking Technologies

We use cookies and related tools to:

  • Enable secure login sessions and platform functionality.
  • Monitor system usage for analytics and optimization.
  • Improve user experience for business customers.

You can manage or disable cookies in your browser settings; however, some DCE features may not function correctly without them.

Your Rights

Depending on your jurisdiction, your organization or its authorized users may:

  • Request access to data stored on your behalf.
  • Request correction or deletion of inaccurate data.
  • Request export of dossier records or validation reports.
  • Withdraw consent for non-essential processing.

To exercise these rights or submit a data access request, contact: privacy@infinityhealth.africa

Updates to This Policy

We may revise this Policy from time to time to reflect technical, legal, or operational changes. Updates will be posted on the Onboard DCE website, and the “Last Updated” date will indicate the latest revision.

Contact Us

Infinity Health Africa (Onboard DCE Team)

Email: privacy@infinityhealth.africa

Website: www.getonboard.africa