Legal

Privacy Policy

Last updated: 9 March 2026

What we collect

When you sign in with Google, we store your name, email address, and profile picture to manage your account. When you make a payment, Stripe processes your card details — we never see or store your full card number. If you use Oriel Ranker, we store the Oriel CSV files you upload, the structured data extracted from them, and the rankings, workflows, and rotations created from that data so they're available when you sign back in.

How we use it

Your data is used solely to provide the MedRank service — authenticating your account, processing payments, saving your rotations, and powering Oriel Ranker. This includes using smart system matching to connect data from your uploaded CSVs to real hospital data so we can generate structured rankings and workflow information for you. We do not sell, share, or use your data for advertising.

Third-party services

We use Google OAuth for sign-in and Stripe for payment processing. If you use Oriel Ranker, some uploaded content may also be processed through OpenAI to help structure and interpret CSV data as part of the ranking workflow. If you choose "Accept all" in our cookie banner, we use PostHog for analytics (e.g. page views and usage) to improve the product; events are sent via our domain and PostHog's privacy practices apply (PostHog privacy). Hospital data comes from publicly available CQC and GMC sources.

Data retention

Your account, uploaded Oriel CSVs, saved rankings, workflows, and rotations are kept for as long as your account is active so you can revisit them later. You can delete your account from the user menu. All personal data is permanently erased within 30 days of deletion. Anonymised analytics data may be retained.

Data breach notification

In the event of a personal data breach, we will notify affected users and the ICO within 72 hours in accordance with UK GDPR.

Contact

For any privacy-related questions, email khalid@drshamiyah.com.