Updated on January 13, 2025
Updated on January 13, 2025
Privacy policy
PRIVACY POLICY
My Meds UK
Effective Date: January 2025
Last Updated: January 2025
1. INTRODUCTION
My Meds UK ("we," "our," "us") is committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, store, and protect your information in compliance with:
- General Data Protection Regulation (GDPR) (EU) 2016/679
- UK GDPR and Data Protection Act 2018
- Privacy and Electronic Communications Regulations (PECR) 2003
- Apple App Store Guidelines
Data Controller:
My Meds Ltd
Email: dpo@mymedsltd.com
ICO Registration Number: [Your ICO Registration Number]
2. INFORMATION WE COLLECT
2.1 Personal Information You Provide
Account Information (via Sign in with Apple):
- Apple ID unique identifier (encrypted token)
- Email address (if you choose to share it)
- Name (if you choose to share it)
Communication Data:
- Messages sent through the AI chat feature
- Support inquiries and correspondence
- Feedback and survey responses
Payment Information:
- Processed by Apple; we receive only:
- Subscription status (active/cancelled)
- Transaction ID
- Receipt data
- We do NOT store your credit card details
2.2 Automatically Collected Information
Usage Data:
- Medication searches and queries
- Features accessed
- Session duration and frequency
- Drug interaction checks performed
- Crash reports and diagnostic data
Device Information:
- Device model and operating system version
- Unique device identifiers
- Mobile network information
- IP address (anonymized)
- Time zone and language preferences
Cookies and Similar Technologies:
- We do not use cookies in the mobile app
- We use Apple's standard analytics frameworks
2.3 Sensitive Personal Data
Health Data:
We process special category data (health information) when you:
- Search for medications
- Ask questions about medical conditions
- Use drug interaction checking features
Legal Basis: Your explicit consent (GDPR Article 9(2)(a))
We do NOT:
- Store your medical records
- Diagnose conditions
- Prescribe medications
- Share health data with third parties (except as required for Service provision)
3. HOW WE USE YOUR INFORMATION
3.1 Legal Bases for Processing
We process your data under the following legal bases:
| Purpose | Legal Basis | GDPR Article |
||-||
| Provide the Service | Contract performance | Art. 6(1)(b) |
| Process payments | Contract performance | Art. 6(1)(b) |
| Process health queries | Explicit consent | Art. 9(2)(a) |
| Send service updates | Legitimate interest | Art. 6(1)(f) |
| Comply with legal obligations | Legal obligation | Art. 6(1)(c) |
| Improve Service | Legitimate interest | Art. 6(1)(f) |
| Prevent fraud | Legitimate interest | Art. 6(1)(f) |
3.2 Specific Uses
To Provide the Service:
- Authenticate your account
- Process subscriptions and payments
- Provide AI-powered medication information
- Enable drug interaction checking
- Display MHRA medication data
- Maintain conversation history
To Communicate:
- Respond to your inquiries
- Send service-related notifications
- Provide customer support
- Send subscription renewal reminders
To Improve and Develop:
- Analyze usage patterns (anonymized)
- Fix bugs and improve performance
- Develop new features
- Conduct internal research
For Security:
- Prevent fraud and abuse
- Protect against security threats
- Enforce our Terms of Service
4. HOW WE SHARE YOUR INFORMATION
4.1 We Do NOT Sell Your Data
We never sell your personal data to third parties.
4.2 Third-Party Service Providers
We share data with trusted processors who assist in providing the Service:
Apple Inc. (USA)
- Purpose: Authentication, payment processing, app distribution
- Data Shared: Apple ID token, subscription status
- Legal Basis: Contract performance
- Safeguards: Apple Privacy Policy, Standard Contractual Clauses (SCCs)
OpenAI, Inc. (USA)
- Purpose: AI-powered chat and medication information
- Data Shared: Chat messages, medication queries (no direct identifiers)
- Legal Basis: Explicit consent
- Safeguards: OpenAI Data Processing Addendum, SCCs
- Retention: OpenAI retains data for 30 days for abuse monitoring, then deletes
- Note: Data is processed in the USA under EU-US Data Privacy Framework
CloudKit (Apple) - UK/EU Servers
- Purpose: Data synchronization (if applicable)
- Data Shared: Conversation history, preferences
- Legal Basis: Contract performance
- Location: EU/UK data centers
4.3 International Data Transfers
Transfers to the USA:
- Data processed by OpenAI is transferred to the USA
- Safeguards: Standard Contractual Clauses (EU Commission approved)
- Additional Protection: OpenAI has implemented technical and organizational measures
Your Rights: You may object to international transfers; this may limit Service functionality.
4.4 Legal Obligations
We may disclose data if required by:
- Court order or subpoena
- UK law enforcement (with valid legal request)
- Protection of our legal rights
- Compliance with UK regulations (MHRA, ICO, etc.)
4.5 Business Transfers
If we merge, are acquired, or sell assets, your data may be transferred. You will be notified of any such change and your rights.
5. DATA RETENTION
5.1 Retention Periods
| Data Type | Retention Period | Reason |
||||
| Account data | Until account deletion + 30 days | Service provision |
| Chat history | Until you delete or 2 years | Service provision |
| Payment records | 7 years | UK tax law |
| Support inquiries | 3 years | Customer service |
| Analytics data | 2 years (anonymized) | Service improvement |
| Consent records | 7 years | Legal compliance |
5.2 Deletion
After the retention period, we securely delete or anonymize your data.
6. YOUR RIGHTS UNDER GDPR & UK GDPR
You have the following rights:
6.1 Right of Access (Article 15)
Request a copy of all personal data we hold about you.
6.2 Right to Rectification (Article 16)
Correct inaccurate or incomplete data.
6.3 Right to Erasure / "Right to be Forgotten" (Article 17)
Request deletion of your data (subject to legal obligations).
6.4 Right to Restrict Processing (Article 18)
Limit how we process your data in certain circumstances.
6.5 Right to Data Portability (Article 20)
Receive your data in a machine-readable format (CSV/JSON).
6.6 Right to Object (Article 21)
Object to processing based on legitimate interests or for direct marketing.
6.7 Rights Related to Automated Decision-Making (Article 22)
Note: We do NOT use automated decision-making or profiling that produces legal or similarly significant effects.
6.8 Right to Withdraw Consent (Article 7(3))
Withdraw consent at any time for consent-based processing (e.g., health data processing).
How to Exercise Your Rights:
- Email: dpo@mymedsltd.com
- In-App: Settings → Privacy → Data Rights
- We respond within 30 days (may extend to 60 days for complex requests)
7. DATA SECURITY
7.1 Technical Measures
- Encryption in transit: TLS 1.3
- Encryption at rest: AES-256
- Authentication: Sign in with Apple (industry-standard OAuth)
- API Security: API keys rotated regularly
- Access Control: Role-based access, principle of least privilege
7.2 Organizational Measures
- Staff training on data protection
- Data breach response plan
- Regular security audits
- Vendor due diligence
7.3 Data Breach Notification
If a breach occurs, we will:
- Notify the ICO within 72 hours (if high risk)
- Notify affected users without undue delay
- Provide details of the breach and remedial actions
8. CHILDREN'S PRIVACY
8.1 Age Restriction
Our Service is NOT intended for individuals under 18 years of age. We do not knowingly collect data from minors.
8.2 Parental Consent
If we learn we have collected data from a minor, we will delete it promptly. Parents/guardians should contact us immediately if they believe we have collected their child's data.
9. COOKIES AND TRACKING
9.1 Mobile App
Our iOS app does NOT use cookies. We use:
- Apple Analytics Framework: Aggregated, anonymized usage statistics
- Local Storage: Preferences and cache (stored on your device only)
9.2 Website (if applicable)
[Include cookie policy if you have a website]
10. YOUR CHOICES AND CONTROLS
10.1 Account Deletion
Delete your account in Settings → Account → Delete Account. This will:
- Delete your account and associated data
- Cancel your subscription
- Remove conversation history
- Cannot be undone
10.2 Marketing Communications
We do NOT send marketing emails unless you opt in. You can opt out anytime.
10.3 Analytics
You can disable analytics in iOS Settings → Privacy → Analytics & Improvements.
10.4 AI Chat Features
You can use the app without AI features. Disable in Settings → AI Assistant → Off.
11. THIRD-PARTY LINKS
Our Service may link to third-party websites (e.g., NHS, MHRA). We are not responsible for their privacy practices. Review their privacy policies.
12. CHANGES TO THIS PRIVACY POLICY
12.1 Notification
We may update this Policy. Material changes will be notified via:
- In-app notification
- Email (if provided)
- Updated "Last Updated" date
12.2 Continued Use
Continued use after changes constitutes acceptance. If you disagree, please stop using the Service and delete your account.
13. LEGAL FRAMEWORK COMPLIANCE
13.1 GDPR Compliance Summary
Lawful basis for processing (Article 6)
Special category data consent (Article 9)
Data minimization (Article 5(1)(c))
Storage limitation (Article 5(1)(e))
Integrity and confidentiality (Article 5(1)(f))
Accountability (Article 5(2))
Data Protection by Design (Article 25) Data Processing Agreements with processors (Article 28) Data breach notification procedures (Articles 33-34)
Data Protection Impact Assessment (Article 35) [Completed]
13.2 UK GDPR Compliance
We comply with post-Brexit UK GDPR requirements and are registered with the ICO.
13.3 PECR Compliance
We do not use cookies or electronic marketing without consent.
14. SUPERVISORY AUTHORITY
14.1 Information Commissioner's Office (ICO)
You have the right to lodge a complaint with the UK data protection authority:
Information Commissioner's Office (ICO)
Wycliffe House
Water Lane
Wilmslow
Cheshire SK9 5AF
Telephone: 0303 123 1113
Website: https://ico.org.uk/make-a-complaint/
14.2 EU Residents
If you are in the EU, you may also contact your local data protection authority.
15. SPECIAL CATEGORY DATA (HEALTH INFORMATION)
15.1 Explicit Consent
By using health-related features (medication searches, drug interactions), you provide explicit consent to process your health data (GDPR Article 9(2)(a)).
15.2 Minimization
We only collect health data necessary for the Service. We do NOT:
- Store medical records
- Track medical conditions long-term
- Share health data for marketing
15.3 Right to Withdraw
You may withdraw consent at any time by:
- Deleting conversation history
- Disabling AI features
- Deleting your account
16. DATA PROTECTION OFFICER (DPO)
Contact our DPO for data protection inquiries:
Email: dpo@mymedsltd.com
17. CONTACT US
For privacy-related questions:
Email: dpo@mymedsltd.com
Support: support@mymedsltd.com
Response Time: We aim to respond to all inquiries within 30 days.
18. ACKNOWLEDGMENT
BY USING THE SERVICE, YOU ACKNOWLEDGE THAT YOU HAVE READ AND UNDERSTOOD THIS PRIVACY POLICY AND CONSENT TO THE PROCESSING OF YOUR PERSONAL DATA AS DESCRIBED HEREIN.
Document Version: 1.0
Effective Date: January 2025
Last Reviewed: January 2025
ICO Registration: [Your Number]
My Meds Ltd is a company registered in England and Wales with the Registrar of Companies at Companies House.
© 2025 My Meds Ltd. All rights reserved.
PRIVACY POLICY
My Meds UK
Effective Date: January 2025
Last Updated: January 2025
1. INTRODUCTION
My Meds UK ("we," "our," "us") is committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, store, and protect your information in compliance with:
- General Data Protection Regulation (GDPR) (EU) 2016/679
- UK GDPR and Data Protection Act 2018
- Privacy and Electronic Communications Regulations (PECR) 2003
- Apple App Store Guidelines
Data Controller:
My Meds Ltd
Email: dpo@mymedsltd.com
ICO Registration Number: [Your ICO Registration Number]
2. INFORMATION WE COLLECT
2.1 Personal Information You Provide
Account Information (via Sign in with Apple):
- Apple ID unique identifier (encrypted token)
- Email address (if you choose to share it)
- Name (if you choose to share it)
Communication Data:
- Messages sent through the AI chat feature
- Support inquiries and correspondence
- Feedback and survey responses
Payment Information:
- Processed by Apple; we receive only:
- Subscription status (active/cancelled)
- Transaction ID
- Receipt data
- We do NOT store your credit card details
2.2 Automatically Collected Information
Usage Data:
- Medication searches and queries
- Features accessed
- Session duration and frequency
- Drug interaction checks performed
- Crash reports and diagnostic data
Device Information:
- Device model and operating system version
- Unique device identifiers
- Mobile network information
- IP address (anonymized)
- Time zone and language preferences
Cookies and Similar Technologies:
- We do not use cookies in the mobile app
- We use Apple's standard analytics frameworks
2.3 Sensitive Personal Data
Health Data:
We process special category data (health information) when you:
- Search for medications
- Ask questions about medical conditions
- Use drug interaction checking features
Legal Basis: Your explicit consent (GDPR Article 9(2)(a))
We do NOT:
- Store your medical records
- Diagnose conditions
- Prescribe medications
- Share health data with third parties (except as required for Service provision)
3. HOW WE USE YOUR INFORMATION
3.1 Legal Bases for Processing
We process your data under the following legal bases:
| Purpose | Legal Basis | GDPR Article |
||-||
| Provide the Service | Contract performance | Art. 6(1)(b) |
| Process payments | Contract performance | Art. 6(1)(b) |
| Process health queries | Explicit consent | Art. 9(2)(a) |
| Send service updates | Legitimate interest | Art. 6(1)(f) |
| Comply with legal obligations | Legal obligation | Art. 6(1)(c) |
| Improve Service | Legitimate interest | Art. 6(1)(f) |
| Prevent fraud | Legitimate interest | Art. 6(1)(f) |
3.2 Specific Uses
To Provide the Service:
- Authenticate your account
- Process subscriptions and payments
- Provide AI-powered medication information
- Enable drug interaction checking
- Display MHRA medication data
- Maintain conversation history
To Communicate:
- Respond to your inquiries
- Send service-related notifications
- Provide customer support
- Send subscription renewal reminders
To Improve and Develop:
- Analyze usage patterns (anonymized)
- Fix bugs and improve performance
- Develop new features
- Conduct internal research
For Security:
- Prevent fraud and abuse
- Protect against security threats
- Enforce our Terms of Service
4. HOW WE SHARE YOUR INFORMATION
4.1 We Do NOT Sell Your Data
We never sell your personal data to third parties.
4.2 Third-Party Service Providers
We share data with trusted processors who assist in providing the Service:
Apple Inc. (USA)
- Purpose: Authentication, payment processing, app distribution
- Data Shared: Apple ID token, subscription status
- Legal Basis: Contract performance
- Safeguards: Apple Privacy Policy, Standard Contractual Clauses (SCCs)
OpenAI, Inc. (USA)
- Purpose: AI-powered chat and medication information
- Data Shared: Chat messages, medication queries (no direct identifiers)
- Legal Basis: Explicit consent
- Safeguards: OpenAI Data Processing Addendum, SCCs
- Retention: OpenAI retains data for 30 days for abuse monitoring, then deletes
- Note: Data is processed in the USA under EU-US Data Privacy Framework
CloudKit (Apple) - UK/EU Servers
- Purpose: Data synchronization (if applicable)
- Data Shared: Conversation history, preferences
- Legal Basis: Contract performance
- Location: EU/UK data centers
4.3 International Data Transfers
Transfers to the USA:
- Data processed by OpenAI is transferred to the USA
- Safeguards: Standard Contractual Clauses (EU Commission approved)
- Additional Protection: OpenAI has implemented technical and organizational measures
Your Rights: You may object to international transfers; this may limit Service functionality.
4.4 Legal Obligations
We may disclose data if required by:
- Court order or subpoena
- UK law enforcement (with valid legal request)
- Protection of our legal rights
- Compliance with UK regulations (MHRA, ICO, etc.)
4.5 Business Transfers
If we merge, are acquired, or sell assets, your data may be transferred. You will be notified of any such change and your rights.
5. DATA RETENTION
5.1 Retention Periods
| Data Type | Retention Period | Reason |
||||
| Account data | Until account deletion + 30 days | Service provision |
| Chat history | Until you delete or 2 years | Service provision |
| Payment records | 7 years | UK tax law |
| Support inquiries | 3 years | Customer service |
| Analytics data | 2 years (anonymized) | Service improvement |
| Consent records | 7 years | Legal compliance |
5.2 Deletion
After the retention period, we securely delete or anonymize your data.
6. YOUR RIGHTS UNDER GDPR & UK GDPR
You have the following rights:
6.1 Right of Access (Article 15)
Request a copy of all personal data we hold about you.
6.2 Right to Rectification (Article 16)
Correct inaccurate or incomplete data.
6.3 Right to Erasure / "Right to be Forgotten" (Article 17)
Request deletion of your data (subject to legal obligations).
6.4 Right to Restrict Processing (Article 18)
Limit how we process your data in certain circumstances.
6.5 Right to Data Portability (Article 20)
Receive your data in a machine-readable format (CSV/JSON).
6.6 Right to Object (Article 21)
Object to processing based on legitimate interests or for direct marketing.
6.7 Rights Related to Automated Decision-Making (Article 22)
Note: We do NOT use automated decision-making or profiling that produces legal or similarly significant effects.
6.8 Right to Withdraw Consent (Article 7(3))
Withdraw consent at any time for consent-based processing (e.g., health data processing).
How to Exercise Your Rights:
- Email: dpo@mymedsltd.com
- In-App: Settings → Privacy → Data Rights
- We respond within 30 days (may extend to 60 days for complex requests)
7. DATA SECURITY
7.1 Technical Measures
- Encryption in transit: TLS 1.3
- Encryption at rest: AES-256
- Authentication: Sign in with Apple (industry-standard OAuth)
- API Security: API keys rotated regularly
- Access Control: Role-based access, principle of least privilege
7.2 Organizational Measures
- Staff training on data protection
- Data breach response plan
- Regular security audits
- Vendor due diligence
7.3 Data Breach Notification
If a breach occurs, we will:
- Notify the ICO within 72 hours (if high risk)
- Notify affected users without undue delay
- Provide details of the breach and remedial actions
8. CHILDREN'S PRIVACY
8.1 Age Restriction
Our Service is NOT intended for individuals under 18 years of age. We do not knowingly collect data from minors.
8.2 Parental Consent
If we learn we have collected data from a minor, we will delete it promptly. Parents/guardians should contact us immediately if they believe we have collected their child's data.
9. COOKIES AND TRACKING
9.1 Mobile App
Our iOS app does NOT use cookies. We use:
- Apple Analytics Framework: Aggregated, anonymized usage statistics
- Local Storage: Preferences and cache (stored on your device only)
9.2 Website (if applicable)
[Include cookie policy if you have a website]
10. YOUR CHOICES AND CONTROLS
10.1 Account Deletion
Delete your account in Settings → Account → Delete Account. This will:
- Delete your account and associated data
- Cancel your subscription
- Remove conversation history
- Cannot be undone
10.2 Marketing Communications
We do NOT send marketing emails unless you opt in. You can opt out anytime.
10.3 Analytics
You can disable analytics in iOS Settings → Privacy → Analytics & Improvements.
10.4 AI Chat Features
You can use the app without AI features. Disable in Settings → AI Assistant → Off.
11. THIRD-PARTY LINKS
Our Service may link to third-party websites (e.g., NHS, MHRA). We are not responsible for their privacy practices. Review their privacy policies.
12. CHANGES TO THIS PRIVACY POLICY
12.1 Notification
We may update this Policy. Material changes will be notified via:
- In-app notification
- Email (if provided)
- Updated "Last Updated" date
12.2 Continued Use
Continued use after changes constitutes acceptance. If you disagree, please stop using the Service and delete your account.
13. LEGAL FRAMEWORK COMPLIANCE
13.1 GDPR Compliance Summary
Lawful basis for processing (Article 6)
Special category data consent (Article 9)
Data minimization (Article 5(1)(c))
Storage limitation (Article 5(1)(e))
Integrity and confidentiality (Article 5(1)(f))
Accountability (Article 5(2))
Data Protection by Design (Article 25) Data Processing Agreements with processors (Article 28) Data breach notification procedures (Articles 33-34)
Data Protection Impact Assessment (Article 35) [Completed]
13.2 UK GDPR Compliance
We comply with post-Brexit UK GDPR requirements and are registered with the ICO.
13.3 PECR Compliance
We do not use cookies or electronic marketing without consent.
14. SUPERVISORY AUTHORITY
14.1 Information Commissioner's Office (ICO)
You have the right to lodge a complaint with the UK data protection authority:
Information Commissioner's Office (ICO)
Wycliffe House
Water Lane
Wilmslow
Cheshire SK9 5AF
Telephone: 0303 123 1113
Website: https://ico.org.uk/make-a-complaint/
14.2 EU Residents
If you are in the EU, you may also contact your local data protection authority.
15. SPECIAL CATEGORY DATA (HEALTH INFORMATION)
15.1 Explicit Consent
By using health-related features (medication searches, drug interactions), you provide explicit consent to process your health data (GDPR Article 9(2)(a)).
15.2 Minimization
We only collect health data necessary for the Service. We do NOT:
- Store medical records
- Track medical conditions long-term
- Share health data for marketing
15.3 Right to Withdraw
You may withdraw consent at any time by:
- Deleting conversation history
- Disabling AI features
- Deleting your account
16. DATA PROTECTION OFFICER (DPO)
Contact our DPO for data protection inquiries:
Email: dpo@mymedsltd.com
17. CONTACT US
For privacy-related questions:
Email: dpo@mymedsltd.com
Support: support@mymedsltd.com
Response Time: We aim to respond to all inquiries within 30 days.
18. ACKNOWLEDGMENT
BY USING THE SERVICE, YOU ACKNOWLEDGE THAT YOU HAVE READ AND UNDERSTOOD THIS PRIVACY POLICY AND CONSENT TO THE PROCESSING OF YOUR PERSONAL DATA AS DESCRIBED HEREIN.
Document Version: 1.0
Effective Date: January 2025
Last Reviewed: January 2025
ICO Registration: [Your Number]
My Meds Ltd is a company registered in England and Wales with the Registrar of Companies at Companies House.
© 2025 My Meds Ltd. All rights reserved.