Privacy Policy

1. Who We Are

2. Information We Collect

2.1 Information You Provide

• Account information: email address, name (if provided during sign-up)
• Subscription data: subscription tier, payment status (managed by Google Play / Apple App Store)
• User-generated clinical notes: personal notes added to drug entries, stored encrypted and linked to your account
• Support correspondence: any information you provide when contacting us

2.2 Information Collected Automatically

• Device information: device type, operating system version, unique device identifier (hashed and anonymised)
• Usage data: features accessed, session duration, app version
• Technical data: error logs, performance metrics
• Network status: online/offline state (IP addresses are not stored by MedNext)

2.3 Health-Related Data

MedNext Formulary is a medical reference application. The following health-related data is accessed or processed in the course of providing the Service:

a) Drug and Medication Queries (Clinical Decision Support / Medical Reference)

When you search for a drug or use the AI-assisted search feature, your query is transmitted to our servers and processed to return relevant results. Queries are hashed immediately upon processing and are not retained in an identifiable form after the response is returned.

b) Drug Interaction Checker Inputs (Clinical Decision Support / Medication Management)

When you use the Drug Interaction Checker, the drug names you enter are processed in real time to check for interactions. This data is not stored after the response is delivered.

c) Medical Calculator Inputs (Nutrition, Weight and Medication Management)

Values entered into medical calculators (e.g. body weight, age, serum creatinine for BMI, creatinine clearance, and weight-based dosing calculations) are processed entirely on your device. These values are never transmitted to our servers.

d) AI Clinical Query Processing (Clinical Decision Support)

When you use the AI-assisted search feature, your query is processed by Cloudflare Workers AI infrastructure using the Llama 3 language model, operated by Cloudflare, Inc. Your query is transmitted to Cloudflare's infrastructure solely to generate a response. Cloudflare does not retain your query for its own purposes beyond providing the service.

e) Clinical Notes (Medication and Treatment Management)

Personal clinical notes you attach to drug entries are stored encrypted on Cloudflare's infrastructure, linked to your account, and accessible only by you. They are never shared with or sold to third parties.

f) CME/CPD Activity Data (Medical Reference and Education)

If you use the Continuing Medical Education (CME) tracking feature, your drug reading activity (features accessed, reading time, drugs viewed) is recorded against your account to generate CME certificates. This data is stored in our secure infrastructure and is not shared with third parties without your explicit consent.

g) Subscription and Entitlement Data

Your subscription tier (Free, Pro) is linked to your account to determine which features you may access. This is managed via RevenueCat and Google Play / Apple App Store.

2.4 Information We Do NOT Collect

• Patient data, patient health records, diagnoses, or treatment plans — never, under any circumstances
• Biometric data: Face ID / fingerprint authentication is processed entirely by your device's operating system (iOS Keychain / Android Keystore) and is never transmitted to MedNext
• Precise GPS location data
• Contact lists, photos, or files from your device
• Browsing history outside the app
• Any information about your patients

3. App Permissions

The app requests the following device permissions:

We do not request microphone, contacts, location, or file system permissions.

4. How We Use Your Information

We use collected information to:

• Provide and maintain the Service, including delivering drug monographs, interaction checking, calculators, and AI-assisted search
• Process and manage your subscription via Google Play / Apple App Store / RevenueCat
• Generate CME/CPD activity certificates where requested
• Improve the Service through anonymised, aggregated usage analytics
• Respond to support requests
• Detect and prevent fraud, abuse, or unauthorised access
• Comply with legal obligations

We do not use your information to:

• Build advertising profiles or target you with advertisements
• Sell, rent, or trade your data to any third party
• Make automated decisions that affect your healthcare or treatment
• Use health-related queries for any purpose other than returning the clinical reference information you requested

5. Legal Basis for Processing (UK GDPR / EU GDPR)

5.1 Standard Personal Data (Article 6)

Our legitimate interests in processing usage analytics are to improve the Service and ensure its security. We have assessed that these interests do not override your fundamental rights and freedoms given the anonymised and aggregated nature of the data processed.

5.2 Health-Related Data (Article 9)

Health-related data (drug queries, interaction inputs, clinical notes, CME activity) is processed under Article 9(2)(h) UK GDPR — processing necessary for the purposes of preventive or occupational medicine and the provision of health care, carried out by a health professional subject to an obligation of professional secrecy.

MedNext Formulary is designed exclusively for qualified healthcare professionals (doctors, pharmacists, nurses, and allied health professionals). By using the Service, you confirm you are a healthcare professional using the app for your own clinical reference purposes in a professional capacity.

5.3 Data Protection Impact Assessment

Given the health-related nature of the data processed, MedNext has conducted a Data Protection Impact Assessment (DPIA) in accordance with Article 35 UK GDPR. A summary is available upon request to [email protected].

6. Data Sharing and Third Parties

We share data only with the following service providers who process data on our behalf under Data Processing Agreements. We do not sell, rent, or trade your personal information to any third party, advertiser, or data broker.

You may request a copy of the relevant transfer safeguards by contacting [email protected].

7. International Data Transfers

Your data may be processed in countries outside the UK and European Economic Area, including the United States, where Cloudflare, Clerk, RevenueCat, and Expo operate. All such transfers are protected by Standard Contractual Clauses (SCCs) approved by the UK Information Commissioner's Office and/or the European Commission, or by UK International Data Transfer Agreements (IDTAs) where applicable.

8. Data Storage and Security

• All server-side data is stored on Cloudflare's infrastructure, encrypted at rest using AES-256
• Authentication tokens are stored in your device's secure enclave (iOS Keychain / Android Keystore)
• All data in transit uses TLS 1.3 encryption
• The app operates on an online-only architecture — no sensitive drug data is stored permanently on your device
• A temporary cache of the last 5 viewed drug monographs is stored locally and expires automatically after 24 hours
• Device binding ensures your account cannot be accessed from unauthorised devices
• Internal access controls limit staff access to personal data to those with a legitimate operational need

9. Data Retention

Note on account deletion: Deleting your account via the app immediately removes your authentication credentials through Clerk. Residual data in our infrastructure (clinical notes, CME records) is permanently deleted within 30 days. To request confirmation of complete deletion, email [email protected].

10. Automated Decision-Making and AI Transparency

The AI-assisted search feature uses the Llama 3 large language model, operated by Cloudflare, Inc. via Cloudflare Workers AI. When you submit a clinical query, your query is sent to Cloudflare's infrastructure, processed by the model, and a response is returned to you.

The AI feature provides reference information only. It does not constitute automated clinical decision-making as defined under Article 22 UK GDPR. No decisions are made solely by automated means that produce legal or similarly significant effects on you or your patients. All clinical information provided by the Service must be verified by a qualified professional against current clinical guidelines before any clinical decision is made.

You have the right to request human review of any response generated by the AI feature by contacting [email protected].

11. Regulatory Status — Clinical Reference Tool

MedNext Formulary is a clinical reference tool equivalent to a digital pharmacopoeia or formulary handbook. It is intended to assist qualified healthcare professionals in accessing drug reference information for their own professional use.

MedNext Formulary is not a medical device as defined under the UK Medical Devices Regulations 2002 (as amended) or the EU Medical Device Regulation 2017/745. It does not diagnose, prevent, monitor, treat, or alleviate disease, and does not make autonomous clinical decisions. It is therefore excluded from Software as a Medical Device (SaMD) classification under current MHRA guidance.

12. Your Rights

12.1 UK and EU Users (UK GDPR / EU GDPR)

You have the right to:

• Access — request a copy of your personal data (Subject Access Request)
• Rectification — correct inaccurate personal data
• Erasure — request deletion of your personal data (“right to be forgotten”)
• Restriction — restrict processing of your personal data
• Portability — receive your data in a structured, machine-readable format (JSON)
• Object — object to processing based on legitimate interests
• Object to profiling — object to processing of your data for profiling purposes (e.g. usage analytics)
• Withdraw consent — withdraw consent for optional analytics at any time in Settings
• Human review — request human review of any AI-generated output

To exercise any of these rights, contact [email protected]. We will acknowledge your request within 72 hours and respond within 30 days (extendable by a further 2 months for complex requests, with notification).

For data breaches affecting your rights and freedoms, we will notify you and the Information Commissioner's Office (ICO) within 72 hours of becoming aware.

To lodge a complaint about our data handling, contact the ICO at ico.org.uk or by post at Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF.

12.2 California Users (CCPA / CPRA)

If you are a California resident, you have the following additional rights:

• Right to know — what personal information we collect, use, and disclose
• Right to delete — request deletion of your personal information
• Right to correct — request correction of inaccurate personal information
• Right to opt out of sale or sharing — we do not sell or share your personal information with third parties for advertising or cross-context behavioural advertising purposes
• Right to limit use of sensitive personal information — health-related queries are used solely to provide the Service

To exercise these rights, contact [email protected] with the subject line “California Privacy Rights”.

12.3 Indian Users (Digital Personal Data Protection Act 2023)

If you are located in India, you have the following rights as a Data Principal:

• Right to access — obtain a summary of your personal data and how it is processed
• Right to correction and erasure — request correction of inaccurate data or erasure where processing is no longer necessary
• Right to grievance redressal — raise a grievance with our Grievance Officer within a reasonable timeframe

Grievance Officer (India): [email protected] — response within 30 days.

We process your personal data only upon obtaining your consent or on another lawful basis under the DPDP Act. You may withdraw consent at any time by deleting your account or contacting our Grievance Officer.

12.4 Other International Users

If you access the Service from outside the UK, EU, California, or India, we apply the same data protection standards described in this policy. Contact [email protected] to exercise any applicable local data rights.

13. Account Deletion

You can delete your account at any time directly within the app: Profile → Delete Account (two confirmation steps are required).

Deleting your account immediately removes your authentication credentials. Residual data stored in our infrastructure (clinical notes, CME records) is permanently deleted within 30 days. If you encounter any issues, contact [email protected].

14. Children's Privacy

MedNext Formulary is designed exclusively for healthcare professionals aged 18 and over. We do not knowingly collect personal information from anyone under the age of 18. If we discover we have inadvertently collected data from a person under 18, we will delete it immediately. If you believe we have done so, contact [email protected].

15. Cookies and Tracking

The mednext.uk website uses only essential cookies required for site functionality. We do not use advertising cookies, tracking pixels, or third-party analytics cookies on our website. The mobile app does not use cookies. Cloudflare may set security and performance cookies as part of its CDN and DDoS protection services.

16. Changes to This Policy

We may update this Privacy Policy periodically. We will notify you of material changes through:

• In-app notification
• Email to your registered address
• Notice on mednext.uk

The effective date at the top of this document will always reflect the date of the most recent update. Continued use of the Service after changes constitutes acceptance of the updated policy.

17. Governing Law

This Privacy Policy is governed by the laws of England and Wales. Any disputes arising in connection with this policy are subject to the exclusive jurisdiction of the courts of England and Wales, without prejudice to your rights under applicable data protection law to raise a complaint with your local supervisory authority.

18. Contact Us

For complaints about data handling, you may also contact the UK Information Commissioner's Office (ICO): https://ico.org.uk | Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF.