IntaOps

Technical FAQ

Building Trust through Decentralization of Data. IntaOps isn't just meeting Nigerian data-protection standards — it's setting a new benchmark for them.

#1

Is IntaOps compliant with the Nigeria Data Protection Act (NDPA) and NDPR?

Yes. IntaOps is designed with Privacy by Design as its core principle. We comply with the NDPA (2023) and the NDPR (2019) by ensuring that the patient (the Data Subject) remains the ultimate authority over their personal health information. Our platform facilitates the lawful basis of "Consent" and "Contractual Necessity" for data processing.
#2

Where is the medical data actually stored?

IntaOps does not maintain a centralized "honeypot" database of medical records. Instead, we use a Decentralized Storage Model.
  • At Rest: Data remains in a secure, encrypted decentralized node.
  • At Work: We only store the "Pointer" and the "Cryptographic Hash" of the data on the ledger. This means that even if IntaOps were compromised, no medical data could be read because we don't hold the keys.
#3

How does IntaOps handle patient consent?

We move beyond "implied consent" to Active, Granular Consent.
  • Every time an entity or doctor requests access, the patient receives a push notification.
  • Access is granted via a Biometric Handshake (fingerprint or facial recognition).
  • This creates a timestamped, immutable record of consent that is fully audit-ready for NDPR compliance.
#4

What technical measures protect against data breaches?

We implement a multi-layered security stack:
  • End-to-End Encryption (E2EE): Data is encrypted at the source and only decrypted on the authorized recipient's device.
  • Zero-Knowledge Architecture: Our servers facilitate the exchange without ever "seeing" the plain text data.
  • Identity Anchoring: We use W3C-compliant Decentralized Identifiers (DIDs). Unlike traditional usernames/passwords, DIDs are resistant to phishing.
#5

How does this help with HMO claim audits?

IntaOps provides a Verifiable Audit Trail. Every interaction — from patient check-in to lab result issuance — is recorded as a "Verifiable Credential." When an HMO audits a claim, they aren't looking at a PDF that could be photoshopped; they are verifying a digital signature that is mathematically linked to a specific biometric event.
#6

Can a user delete their data ("The Right to be Forgotten")?

Yes. While the ledger record of a transaction is immutable (for audit purposes), the access to the underlying personal data can be revoked by the user at any time. Once a user revokes a "Secret Key," the data remains encrypted and unreadable to all previous parties, effectively fulfilling the right to erasure.
#7

Does IntaOps provide Data Protection Impact Assessments (DPIAs)?

As part of our partnership, we provide our partners with a Technical Compliance Package. This includes:
  • Documentation of our security protocols
  • Data flow maps
  • Risk mitigation strategies to support your organization's annual NDPR audit filings

Still have questions?

Our compliance team is ready to walk you through our full Technical Compliance Package and help with your NDPR audit filings.

Contact Our Team