Privacy Policy – NAB Vendor

1. Introduction

This Privacy Policy explains how NAB ("NAB Vendor", "we", "us", or "our") collects, uses, stores, shares, and deletes your information when you use the NAB Vendor mobile application and related services (the "Service").

NAB Vendor is a healthcare appointments and services platform that connects users with doctors, clinics, and service providers. By using the Service, you agree to the collection and use of information in accordance with this Policy.

If you do not agree with this Policy, please do not use the Service.

2. Information We Collect

We collect the following categories of information:

a. Personal Information you provide

• Full name
• Email address
• Phone number
• Date of birth and gender (optional)
• Profile photo (optional)
• Login credentials (encrypted password)

b. Health-related information

• Appointment details (doctor, specialty, date, time, clinic)
• Service preferences and saved favorites
• Information you choose to share with the doctor or service provider through the app

NAB Vendor does not store your medical records. Any clinical records remain with the treating doctor or clinic.

c. Financial & transaction information

• Wallet balance and in-app transactions
• Transaction history (amount, date, service)
• Payment method tokens (full card numbers are processed by our payment provider and are not stored on our servers)

d. App activity

• Bookings and booking history
• Reviews and ratings you submit
• In-app messages and notifications
• Searches and pages you view inside the app

e. Device & technical information

• Device model, operating system and version
• App version and language
• IP address and approximate region
• Crash logs and diagnostic data
• Push notification token

f. Location data (only with permission)

If you grant location permission, we use your approximate or precise location to show nearby doctors and clinics. You can revoke this permission at any time from your device settings.

3. How We Use Your Information

• To create and manage your account
• To process appointments, bookings, and payments
• To send appointment reminders, transactional notifications, and service updates
• To personalize the app (e.g., recommended doctors, saved preferences)
• To provide customer support and respond to your requests
• To detect, prevent, and investigate fraud, abuse, and security incidents
• To improve the app's performance, fix bugs, and develop new features (using analytics)
• To comply with legal obligations and enforce our Terms

4. How We Share Your Information

We share data only when necessary, and only with the parties listed below:

• Doctors, clinics, and service providers you book with — they receive your name, contact details, and appointment information so they can serve you.
• Payment processors — to securely process payments and refunds. Card data is handled directly by the payment provider under PCI-DSS standards.
• Service providers who help us run the Service (cloud hosting, push notifications, SMS gateways, analytics). They process data only on our behalf and under confidentiality obligations.
• Legal and regulatory authorities — where required by law, court order, or to protect rights, property, or safety.
• Successor entities — if NAB is involved in a merger, acquisition, or sale of assets, your information may be transferred under the same protections described in this Policy.

5. Data Retention Periods

We keep your data only for as long as it is necessary for the purposes described in this Policy, or as required by law. Specific retention periods are:

Data type	Retention period
Account & profile data	While your account is active
Personal data after account deletion	Erased within 30 days of the deletion request
Appointment records	Up to 2 years, then anonymized
Financial & transaction records	Up to 7 years (legal & tax compliance), in anonymized form where possible
Crash logs & technical diagnostics	Up to 90 days
Analytics & aggregated usage data	Up to 24 months, in aggregated, non-identifying form
Backups	Rotated and fully overwritten within 60 days

Data kept after deletion (e.g., for legal compliance) is anonymized so that it can no longer be linked to you.

6. How to Delete Your Data

You have the right to delete your account and personal data at any time. There are two ways to do this:

Option 1 — From inside the NAB Vendor app

1. Open the NAB Vendor app and sign in.
2. Go to Profile → Settings → Account.
3. Tap Delete Account.
4. Confirm your decision.

Option 2 — By email request (no app required)

Send an email to support@nabline.com from the email address registered with your account, with the subject line "Account Deletion Request". Please include the phone number associated with your account so we can verify your identity.

What happens after a deletion request

• Your account is deactivated immediately upon confirmation, so it can no longer be used to sign in.
• Your personal data is permanently erased within 30 days of confirmation.
• Backups containing your data are rotated and overwritten within 60 days.
• A limited set of records (e.g., completed financial transactions) may be retained for up to 7 years where required by law, but in anonymized form that cannot be linked to you.

7. Data Security

• All data is transmitted over encrypted HTTPS / TLS connections.
• Passwords are stored using one-way hashing (we never see your plain-text password).
• Access to personal data is limited to authorized personnel under confidentiality obligations.
• Servers are protected by access controls, monitoring, and regular security updates.

While we use industry-standard safeguards, no method of transmission or storage is 100% secure. If we become aware of a security breach affecting your data, we will notify you and the relevant authorities as required by law.

8. Children's Privacy

NAB Vendor is not directed to children under 13 years of age (or the minimum age required in your country). We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us at support@nabline.com and we will promptly delete it.

9. Your Rights

Depending on your country, you may have the following rights regarding your personal data:

• Access — request a copy of the personal data we hold about you.
• Correction — ask us to correct inaccurate or incomplete data.
• Deletion — ask us to delete your data (see Section 6).
• Restriction / Objection — ask us to limit or stop certain processing.
• Portability — receive your data in a portable, machine-readable format.
• Withdraw consent — where processing is based on your consent, you may withdraw it at any time.

To exercise any of these rights, contact us at support@nabline.com. We will respond within 30 days.

10. International Data Transfers

Your data may be processed and stored on servers located outside your country of residence. Where this happens, we use appropriate safeguards (such as standard contractual clauses or equivalent measures) to ensure your data continues to receive an adequate level of protection.

11. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or for legal reasons. When we make material changes, we will update the "Effective date" at the top of this page and notify you through the app or by email before the changes take effect. Your continued use of the Service after the effective date means you accept the updated Policy.

12. Contact Us