Legal

Privacy Policy

Last updated: 9 March 2026

What we collect

When you sign in with Google, we store your name, email address, and profile picture to manage your account. When you make a payment, Stripe processes your card details — we never see or store your full card number. We also store the rotations you create so they're available when you sign back in.

How we use it

Your data is used solely to provide the MedRank service — authenticating your account, processing payments, and saving your rotations. We do not sell, share, or use your data for advertising.

Third-party services

We use Google OAuth for sign-in and Stripe for payment processing. If you choose "Accept all" in our cookie banner, we use PostHog for analytics (e.g. page views and usage) to improve the product; events are sent via our domain and PostHog's privacy practices apply (PostHog privacy). Hospital data comes from publicly available CQC and GMC sources.

Data retention

Your account and saved rotations are kept for as long as your account is active. You can delete your account from the user menu. All personal data is permanently erased within 30 days of deletion. Anonymised analytics data may be retained.

Data breach notification

In the event of a personal data breach, we will notify affected users and the ICO within 72 hours in accordance with UK GDPR.

Contact

For any privacy-related questions, email khalid@drshamiyah.com.