Privacy Policy

MyMeds UK - Effective Date: January 2025

Document Information

Effective Date: January 2025

Last Updated: January 2025

Document Version: 1.0

1. Introduction

MyMedsUK (We Are Us) is committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, store, and protect your information in compliance with the General Data Protection Regulation (GDPR) EU 2016/679, UK GDPR, the Data Protection Act 2018, the Privacy and Electronic Communications Regulations (PECR) 2003, and Apple App Store Guidelines.

Data Controller

  • MyMedsUK
  • UK Business Address: pending but will be ready for the App Store publication
  • Email: dpo@mym3ds.com
  • ICO Registration Number: pending but will be ready for the App Store publication

2. Information We Collect

2.1 Personal Information You Provide

  • Account Information via Sign in with Apple ID, Unique Identifier, Encrypted Token
  • Email Address (if you choose to share it)
  • Name (if you choose to share it)
  • Communication Data (messages sent through the AI Chat feature)
  • Support Inquiries and Correspondence
  • Feedback and Survey Responses
  • Payment Information processed by Apple (we receive only: Subscription Status – Active/Cancelled; Transaction ID; Receipt Data)

We do not store your credit card details.

2.2 Automatically Collected Information

  • Usage Data, including medication searches and queries
  • Features accessed, session duration, and frequency
  • Drug interaction checks performed
  • Crash reports and diagnostic data
  • Device model and operating system version
  • Unique device identifiers
  • Mobile network information
  • IP address
  • Anonymized time zone and language preferences

We do not use cookies in the mobile app; instead, we use Apple's standard analytics frameworks.

2.3 Sensitive Personal Data (Health Information)

We process Special Category Data when you search for medications, ask questions about medical conditions, or use drug interaction checking features.

Legal Basis: Explicit Consent (GDPR Article 9(2)(a)).

We do not store medical records, diagnose conditions, prescribe medications, or share health data with third parties, except as required to provide the service.

3. How We Use Your Information

3.1 Legal Basis for Processing

  • Provide the Service – Contract Performance (Art.6(1)(b))
  • Process Payments – Contract Performance (Art.6(1)(b))
  • Process Health Queries – Explicit Consent (Art.9(2)(a))
  • Send Service Updates – Legitimate Interest (Art.6(1)(f))
  • Comply with Legal Obligations – Legal Obligation (Art.6(1)(c))
  • Improve Service – Legitimate Interest (Art.6(1)(f))
  • Prevent Fraud – Legitimate Interest (Art.6(1)(f))

3.2 Specific Uses

  • Provide the Service: authenticate accounts, process subscriptions, enable medication information and interaction checking.
  • Communicate: respond to inquiries, send notifications, provide customer support, manage subscription renewals.
  • Improve and Develop: analyze usage patterns (anonymized), fix bugs, enhance performance, develop new features, conduct research.
  • Security: prevent fraud, protect against threats, enforce Terms of Service.

4. How We Share Your Information

4.1 We Do Not Sell Your Data

We never sell your personal data to third parties.

4.2 Third-Party Service Providers

Apple Inc. (USA)

  • Purpose: Authentication, Payment Processing, App Distribution
  • Data Shared: Apple ID, Token, Subscription Status
  • Legal Basis: Contract Performance
  • Safeguards: Apple Privacy Policy, Standard Contractual Clauses (SCCs)

OpenAI Inc. (USA)

  • Purpose: AI chat and medication information
  • Data Shared: Chat messages and medication queries (no direct identifiers)
  • Legal Basis: Explicit Consent
  • Safeguards: OpenAI Data Processing Addendum, SCCs
  • Retention: 30 days for abuse monitoring, then deletion

Apple CloudKit (UK/EU)

  • Purpose: Data synchronization
  • Data Shared: Conversation history, preferences
  • Legal Basis: Contract Performance
  • Data Location: EU/UK data centers

4.3 International Data Transfers

Data processed by OpenAI is transferred to the USA under EU Standard Contractual Clauses and technical safeguards. You may object to such transfers, but this may limit service functionality.

4.4 Legal Obligations

We may disclose data if required by law, court order, or to comply with UK regulations (MHRA, ICO, etc.).

4.5 Business Transfers

If we merge, are acquired, or sell assets, your data may be transferred. You will be notified of any such changes and your rights.

5. Data Retention and Deletion

  • Account Data: retained until account deletion + 30 days
  • Chat History: retained until deleted by user or for two years
  • Payment Records: seven years (UK tax law)
  • Support Inquiries: three years
  • Analytics Data: two years (anonymized)
  • Consent Records: seven years

After the retention period, we securely delete or anonymize data.

6. Your Rights Under GDPR and UK GDPR

  • Right of Access (Art.15): Request a copy of your data.
  • Right to Rectification (Art.16): Correct inaccurate data.
  • Right to Erasure (Art.17): Request deletion ("right to be forgotten").
  • Right to Restrict Processing (Art.18): Limit processing in specific cases.
  • Right to Data Portability (Art.20): Receive data in CSV or JSON format.
  • Right to Object (Art.21): Object to legitimate interest or direct marketing.
  • Automated Decision Making (Art.22): We do not use automated profiling with legal effects.
  • Withdraw Consent (Art.7(3)): Withdraw consent anytime for consent-based processing (e.g. health data).

To exercise your rights, email dpo@mym3ds.com or use the in-app privacy settings. We respond within 30 days (extendable to 60 for complex requests).

7. Data Security

  • Technical Measures: TLS 1.3 encryption in transit; AES-256 at rest; Sign in with Apple authentication; API key rotation; role-based access control.
  • Organizational Measures: Staff training, breach response plan, regular audits, vendor due diligence.
  • Breach Notification: ICO notified within 72 hours of any breach; affected users notified without undue delay.

8. Children's Privacy

  • Our service is not intended for individuals under 18.
  • If data from a minor is discovered, it will be deleted immediately.

9. Cookies and Tracking

Our iOS app does not use cookies; it relies on Apple's anonymized analytics. If our website uses cookies, we will publish a separate Cookie Policy.

10. Your Choices and Controls

  • Delete your account in settings (irreversible).
  • Opt-out of marketing emails anytime.
  • Disable analytics in iOS settings.
  • Disable AI chat features in settings if desired.

11. Third-Party Links

Our app may link to third-party sites (e.g., NHS, MHRA). We are not responsible for their privacy practices; please review their policies.

12. Changes to This Privacy Policy

We may update this policy periodically. Material changes will be communicated via in-app notice or email. Continued use of the service after updates means acceptance of the new version.

13. Legal Framework Compliance

GDPR and UK GDPR compliance ensured (Articles 6, 9, 5(1)(c), 5(1)(e), 5(1)(f), 25, 28, 33–35).

Registered with ICO (pending but will be ready for the App Store publication).

No electronic marketing without consent (PECR compliant).

14. Supervisory Authority

Information Commissioner's Office (ICO)

Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF

Telephone: 0303 123 1113

Website: https://ico.org.uk/make-a-complaint/

EU residents may contact their local Data Protection Authority.

15. Special Category Data (Health Information)

  • Explicit Consent (GDPR Article 9(2)(a)) for health-related features.
  • We only process necessary data and do not store medical records or use data for marketing.
  • Consent may be withdrawn by deleting conversation history, disabling AI, or deleting your account.

16. Data Protection Officer (DPO)

Email: dpo@mym3ds.com

Postal Address: pending but will be ready for the App Store publication

17. Contact Us

For privacy-related questions, contact:

  • Email: dpo@mym3ds.com
  • Support: support@mym3ds.com
  • Address: pending but will be ready for the App Store publication

We aim to respond within 30 days.

18. Acknowledgement

By using the service, you acknowledge that you have read and understood this Privacy Policy and consent to the processing of your personal data as described herein.

Document Footer

Document Version: 1.0

Effective Date: January 2025

Last Reviewed: January 2025

ICO Registration: pending but will be ready for the App Store publication

Copyright © 2025 MyMedsUK. All rights reserved.