Hekima Privacy Policy
Last Updated: January 16, 2026
1. Introduction
Welcome to Hekima. We respect your privacy and are committed to protecting your personal data. This Privacy Policy explains how we collect, use, store, share, and protect information when you:
- Use our website(s) or application(s) ("Services").
- Interact with us.
Crucially, this policy details our strict handling of Google user data in full compliance with Google API Services User Data Policy.
2. Data Controller & Contact Information
Hekima is the data controller responsible for your personal data under this policy.
If you have any questions about this policy or wish to exercise your data rights, please contact us:
- Email: projecthekima@gmail.com
3. What Information We Collect
We may collect the following categories of personal data when you use our Services:
| Category | Examples & Details |
|---|---|
| A. Identity & Contact Information | Your name, email address, phone number, and profile picture (if provided). |
| B. Google User Data | If you Sign-In with Google or use other Google API services, this may include your Google Account name, email address, and profile photo, and, if you grant specific permission, Google Calendar data (such as event details and availability) to schedule your sessions. |
| C. Financial Data Handling | IMPORTANT: We may parse bank account numbers momentarily for verification or processing purposes, but we do not store this information on our servers. All sensitive bank account and payment details reside solely with our secure payment processing partner (Paystack infrastructure). |
| D. Usage Data | Information about how you access and use our Services, including your IP address, device information, browser type, pages visited, time spent, and referral source. |
| E. Other Data You Provide | Feedback, support requests, survey responses, and any other information you voluntarily submit to us. |
4. How We Use Your Information (Purpose and Legal Basis)
We use your data strictly for the following purposes:
| Purpose | Description |
|---|---|
| A. Service Provision & Management | To provide you with the core functionality of our Services, authenticate you (e.g., via Google Sign-In), manage your account, and deliver requested features, specifically creating and managing calendar events for sessions booked with you. |
| B. Communication | To respond to your queries, send service updates, security alerts, and technical notices. |
| C. Improvement & Personalization | To monitor, analyze, and understand usage trends to continuously improve our Services and customize your experience. |
| D. Security & Integrity | To detect, prevent, and address technical issues, fraud, or abuse and ensure the security and integrity of our Services. |
| E. Legal Compliance | To comply with applicable laws, regulations, and legal processes. |
5. Google User Data: Restricted Use and Compliance
Because we integrate with Google Sign-In and/or use Google API services to enhance our product, we are committed to the following strict requirements regarding any Google user data we access:
A. Restricted Use of Google User Data
We only use Google user data to provide or improve user-facing features within the Hekima Services.
WE WILL NEVER:
- Sell Google user data to third parties.
- Use Google user data for serving advertisements.
- Use Google user data for purposes unrelated to the core functionality of the Services.
B. Token Storage and Usage
To enable ongoing calendar access on your behalf, we securely store OAuth access and refresh tokens on our servers. These tokens are used exclusively to create and manage calendar events for sessions booked through Hekima and are never used for any other purpose.
Hekima's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.
C. Transparency and Consent
- We clearly disclose the specific Google user data we request, the reason we request it, and how we will use it (as detailed in Section 3 and 4).
- We request only the minimum necessary scopes/permissions required to deliver the core features of the Services.
- If we change how we use Google user data (e.g., a new purpose or data type), we will update this policy and obtain necessary new user consent before implementing the change.
6. How We Share and Disclose Information
We will not sell your personal data, including Google user data, to third parties for marketing or other purposes. We may share your data with the following parties, and only when necessary:
- Service Providers: Trusted third-party companies who perform services on our behalf, such as hosting, data analytics, and security. These providers are contractually bound to:
- Maintain strict data security and confidentiality.
- Use the data only for the purposes we define.
- Business Affiliates: Other entities within the Hekima corporate group, if applicable, for internal management purposes.
- Legal and Regulatory Authorities: When we believe disclosure is required by law, regulation, legal process, or to protect the rights, property, or safety of Hekima, our users, or the public.
- Google: In contexts where you have signed-in via Google or used Google APIs, our handling of that data is governed by this policy and, by extension, Google's policies.
Data Retention
We retain your personal data only for as long as necessary to fulfill the purposes outlined in this policy, unless a longer retention period is required or permitted by law. When data is no longer needed, we will securely delete or anonymize it.
Data Security
We implement reasonable and appropriate technical and organizational security measures designed to protect your personal data from unauthorized access, loss, alteration, or disclosure. Examples include: encryption in transit and at rest, strong access controls, and regular security reviews.
8. Your Rights
Depending on your jurisdiction and the nature of our processing, you may have specific data protection rights, which can include:
- The right to access your personal data.
- The right to correct inaccurate data.
- The right to deletion (the 'right to be forgotten').
- The right to restrict or object to the processing of your data.
- The right to data portability.
Note on Deletion: To delete your store, please use the Store Deletion button in settings. To exercise the remaining rights, please contact us using the contact details provided in Section 2. We will respond to your request within the timeframe required by applicable laws.
9. International Data Transfers
If your data is transferred to or stored in a country outside of your jurisdiction (for example, to servers in another country), we will take appropriate safeguards to ensure that your data remains protected in accordance with this Privacy Policy and applicable data protection law. This may include reliance on standard contractual clauses or other legal mechanisms.
10. Children's Privacy
Our Services are not directed to children under 18 years old. We do not knowingly collect personal data from children under that age. If we learn that we have collected personal data of a child under 18 without parental consent, we will take steps to delete that data as quickly as possible.
11. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes to our practices or for other operational, legal, or regulatory reasons. We will post the updated version with a new "Last Updated" date at the top of the policy. Where required by law, we will notify you of significant changes (for example, via email or an in-service notice) before the changes take effect.