Last updated: June 2026
Note for Hospital Administrators: By completing registration on the DokiTab Admin Portal, you are entering into a legally binding B2B SaaS agreement. You agree to obtain patient consent under the NDPA before entering clinical records into this CRM.
This Subscription Agreement ("Agreement" or "Terms of Service") is entered into by and between DokiTab Technology Limited ("DokiTab", "we", "our", or "us") and the subscribing healthcare facility, hospital, or clinic ("Hospital", "Tenant", or "you") registering an account on the DokiTab platform.
By registering your hospital via the signup portal or signing an order form, you agree to be bound by this Agreement. If you are entering into this Agreement on behalf of a hospital or corporate healthcare group, you warrant that you have the legal authority to bind such entity to these terms.
DokiTab is a cloud-first, offline-capable B2B Software-as-a-Service (SaaS) clinical CRM and Hospital Management System (HMS) designed for private healthcare facilities in Nigeria. The system includes:
Hospital Setup: Upon registration, your hospital is placed in a setup status. You must complete the onboarding activation checklist (including hospital profile creation, configuration of at least one department, one doctor, one operator, and service catalog consultation fees) before the system status flips to live.
Credential Integrity: The Hospital is responsible for maintaining the confidentiality of all administrator, operator, and clinician login credentials. Any action performed under your hospital tenant's credentials will be deemed an action by the Hospital.
Strict Data Isolation: DokiTab guarantees strict logical isolation of your tenant's database schema. All queries are programmatically scoped at the database level by your unique hospitalId. DokiTab ensures that no other hospital tenant can view, access, or modify your patients' medical records, billing invoices, or audit trails.
Data Ownership: The Hospital retains full, exclusive ownership of all clinical, patient, and financial records uploaded to your tenant profile. DokiTab claims no ownership rights over your data.
Data Export & Portability: Upon termination of this Agreement or at any time during the subscription, the Hospital has the right to export its patient databases, clinical records, and financial summaries in standard format (CSV/PDF) via the admin console.
Roles: Under the Nigeria Data Protection Act (NDPA) 2023, the Hospital is the Data Controller of all patient records, and DokiTab acts as the Data Processor.
Patient Consent Obligation: The Hospital is legally required to obtain explicit, documented consent from every patient (or their legal guardian) prior to registering them in the CRM, utilizing the provided Patient Privacy Notice and Consent Form template.
Audit Logs: The system automatically compiles immutable, audit-ready compliance logs of all patient file access. The Hospital is responsible for regularly reviewing these logs for internal security compliance.
End-of-Day Closes: DokiTab provides automated tools for end-of-day financial reconciliation ("Daily Close"). It is the sole responsibility of the Hospital's administrative team to count cash drawers, verify POS terminal receipts, match incoming bank transfers, and log variances.
Billing Catalog Accuracy: The Hospital is responsible for maintaining the accuracy of its Service Catalog, consultation fees, bed charge granularities, and HMO structures. DokiTab is not liable for errors in billing, uncaptured services, or insurance claim rejections.
Termii Integration: DokiTab utilizes the third-party Termii API to dispatch appointment reminders, follow-up messages, and critical alerts.
SMS Costs: The Hospital must register and maintain its own Termii account credentials. All SMS charges are billed directly to the Hospital's Termii API keys. DokiTab is not responsible for unsent notifications due to insufficient balances on the Hospital's Termii account or network carrier delays in Nigeria.
Geofenced Security: The Hospital can configure GPS boundaries (geofence coordinates and radius) and authorized WiFi networks (SSIDs) to restrict bedside CRM access.
Accuracy of Configurations: The Hospital is solely responsible for inputting correct coordinates and SSID names. DokiTab is not liable if incorrect geofencing inputs lock staff out of the app or mistakenly allow access from outside the facility.
Uptime Target: DokiTab targets a 99.5% service availability SLA (excluding scheduled maintenance windows communicated in advance).
Offline Limitations: DokiTab provides bedside offline capabilities for clinical safety. However, the Hospital acknowledges that mobile devices can queue a maximum of 200 pending offline records, and the maximum offline session length is 8 hours.
Decision Support Tool Only: DokiTab is a data-management and clinical workflow coordination system. It is not a diagnostic tool, nor does it make clinical decisions.
Professional Judgment: All diagnoses, medication administrations, surgical checks, and treatments remain the sole responsibility of the licensed healthcare professionals executing them. DokiTab is not liable for medical malpractice, diagnostic errors, medication dosing mistakes, patient injury, or clinical outcomes resulting from the use or malfunction of the platform.
This Agreement shall be governed by, and construed in accordance with, the laws of the Federal Republic of Nigeria. Any dispute arising out of or in connection with this Agreement shall first be resolved through good-faith mutual consultation, failing which it shall be referred to and finally resolved by arbitration in Lagos, Nigeria, in accordance with the Arbitration and Mediation Act 2023.
NDPA Section 29 Mandate: This Data Processing Agreement (DPA) governs the processing of personal data and sensitive personal health data on DokiTab, setting out the safety, privacy, and breach notification requirements under Nigerian law.
This DPA formalizes the data protection obligations of both parties under the Nigeria Data Protection Act (NDPA) 2023. The Hospital acts as the Data Controller, and DokiTab acts as the Data Processor. It governs the clinical and financial records of your patients and staff stored on the platform.
DokiTab covenants and warrants that it shall:
DokiTab implements the following security controls at the database and application levels:
In the event of a confirmed Security Incident (data breach, unauthorized access, or tenant leakage) affecting the Hospital's data, DokiTab shall:
DokiTab is authorized to engage cloud hosting providers (whose servers are situated within Nigeria or compliant transfer jurisdictions) and Termii (for SMS notifications). DokiTab shall hold all sub-processors to the same standard of data protection specified in this DPA.
Upon subscription termination, DokiTab will delete or return all personal data to the Hospital within thirty (30) days, except where local Nigerian laws require financial record preservation (min 6 years).