Privacy Policy
Last updated: March 2026
MedNext Ltd (“MedNext”, “we”, “us”, “our”) operates the MedNext Formulary mobile application and the website mednext.uk (collectively, the “Service”).
This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service. Please read this policy carefully. If you do not agree with the terms of this policy, please do not access the Service.
1. Information We Collect
1.1 Information You Provide
- Account information: email address, name (if provided during sign-up)
- Subscription data: subscription tier, payment status (managed by Google Play/Apple)
- User-generated content: personal clinical notes (stored encrypted, linked to your account)
- Feedback and support: any information you provide when contacting us
1.2 Information Collected Automatically
- Device information: device type, operating system version, unique device identifier (hashed)
- Usage data: features accessed, search queries (hashed and anonymised), session duration
- Technical data: crash reports, performance metrics, app version
- Network information: online/offline status (not IP addresses stored)
1.3 Information We Do NOT Collect
- Patient data or health records — NEVER
- Patient names, diagnoses, or treatment plans — NEVER
- Biometric data (Face ID/fingerprint data stays on your device)
- Precise location data
- Contact lists, photos, or files from your device
- Browsing history outside the app
2. How We Use Your Information
We use collected information to:
- Provide and maintain the Service
- Process your subscription and manage your account
- Improve the Service through anonymised usage analytics
- Send important service notifications (outages, security alerts)
- Respond to support requests
- Detect and prevent fraud or abuse
We do NOT use your information to:
- Build advertising profiles
- Sell data to third parties
- Target you with third-party advertisements
- Make automated decisions affecting your healthcare
3. Legal Basis for Processing (GDPR)
- Contract performance: providing the Service you subscribed to
- Legitimate interests: improving the Service, preventing fraud
- Consent: optional analytics (you can opt out in Settings)
- Legal obligations: complying with applicable laws
4. Data Sharing and Third Parties
We share data only with these service providers, who process data on our behalf:
| Provider | Purpose | Data Shared |
|---|---|---|
| Cloudflare | Hosting, CDN, API infrastructure | Encrypted API requests |
| RevenueCat | Subscription management | Subscription status, anonymous user ID |
| Google Play | Payment processing | Managed by Google (we don't see payment details) |
| Apple App Store | Payment processing | Managed by Apple (we don't see payment details) |
| Expo | App updates (OTA) | Device type, app version |
We do NOT sell, rent, or trade your personal information to any third party.
5. Data Storage and Security
- All data is stored on Cloudflare's global infrastructure (encrypted at rest with AES-256)
- The app uses online-only architecture — no sensitive data is stored on your device
- Temporary cache (last 5 viewed drugs) is stored locally and automatically expires after 24 hours
- Authentication tokens are stored in your device's secure enclave (iOS Keychain / Android Keystore)
- All data transmission uses TLS 1.3 encryption
- Device binding ensures your account cannot be accessed from unauthorised devices
6. Data Retention
- Account data: retained while your account is active, deleted within 30 days of account deletion
- Usage analytics: anonymised and aggregated after 90 days
- Search queries: hashed immediately, not stored in identifiable form
- Cached drug data: automatically expires after 24 hours
- Support correspondence: retained for 2 years for service improvement
7. Your Rights (GDPR / UK GDPR)
You have the right to:
- Access: request a copy of your personal data
- Rectification: correct inaccurate personal data
- Erasure: request deletion of your personal data (“right to be forgotten”)
- Restriction: restrict processing of your personal data
- Portability: receive your data in a structured, machine-readable format
- Object: object to processing based on legitimate interests
- Withdraw consent: withdraw consent for optional analytics at any time
To exercise these rights, contact: privacy@mednext.uk
We will respond within 30 days (or 72 hours for data breaches as required by GDPR).
8. Children's Privacy
MedNext Formulary is designed for healthcare professionals aged 18 and over. We do not knowingly collect personal information from anyone under the age of 16. If we discover we have collected data from a child under 16, we will delete it immediately.
9. International Data Transfers
Your data may be processed in countries where Cloudflare operates data centres. All transfers comply with GDPR requirements through Cloudflare's Standard Contractual Clauses (SCCs).
10. Cookies and Tracking
The mednext.uk website uses only essential cookies for site functionality. We do NOT use advertising cookies, tracking pixels, or third-party analytics on our website. The mobile app does not use cookies.
11. Medical Disclaimer
MedNext Formulary is a drug reference tool for qualified healthcare professionals. It is NOT a substitute for professional medical judgement, clinical training, or patient assessment. Always verify drug information against authoritative sources before making clinical decisions. We are not liable for clinical outcomes based on information provided by the Service.
12. Changes to This Policy
We may update this Privacy Policy periodically. We will notify you of material changes through:
- In-app notification
- Email to your registered address
- Notice on the mednext.uk website
Continued use of the Service after changes constitutes acceptance of the updated policy.
13. Contact Us
MedNext Ltd
Email: privacy@mednext.uk
Data Protection Officer: dpo@mednext.uk
Website: https://mednext.uk
For complaints about data handling, you may also contact the UK Information Commissioner's Office (ICO): https://ico.org.uk