Privacy Policy
Last updated: January 18, 2026
Data Controller
Controller: Kirsty Wright
Contact: [email protected]
Location: United Kingdom
ICO Registration: ZB693397
How SnapMedic Works
Offline Only (Default)
No data collection, no internet required. Everything stays on your device.
Optional Sync
Requires email signup. Your notes are encrypted on your device before upload using zero-knowledge encryption.
What We Collect
If you choose to create a sync account, we collect:
- Email address - for account authentication
- Encrypted notes - AES-256 encrypted on your device before upload
- Sync metadata - timestamps and device identifiers for multi-device coordination
If you subscribe to Pro, we also collect:
- Email and user ID - for subscription management via RevenueCat
- Payment details - handled entirely by Apple, Google, or Stripe (we never see card info)
How We Protect Your Data
- Zero-knowledge encryption: Notes are encrypted on your device before upload. We can't read them.
- EU hosting: Data stored on secure EU servers (London, UK)
- Anonymous analytics: We collect anonymous usage statistics to improve the app (no personal data)
- Privacy scanning: The app scans for patient identifiers (NHS numbers, postcodes, names) and warns you before sync. This scanning happens locally - results are never uploaded.
Third-Party Processors
When you use sync or purchase from the shop, your data may be processed by:
| Service | Purpose | Location |
|---|---|---|
| Supabase | Encrypted data storage & sync | EU (London) |
| Hetzner | Self-hosted services (error monitoring, PDF) | EU |
| RevenueCat | Subscription management (DPA) | US (with EU safeguards) |
| Apple / Google | In-app purchase processing | Various |
| Stripe | Web payments & shop payments | EU |
| Royal Mail | Shipping for shop orders | UK |
Royal Mail processes shipping data (name, address) for delivery. See their privacy policy for details.
Your Rights
Delete Account
Delete your account and all data anytime. Removed immediately with 30-day server cleanup.
Export Data
Download all your data in JSON or PDF format through the app.
Withdraw Consent
Stop using sync anytime by deleting your account.
Account recovery: We provide backup codes for account recovery if you lose email access. Learn how backup codes work.
Shop Orders
When you buy physical products, we collect:
- Name, address, email, phone (optional) - for shipping
- Order details - for fulfillment
- Payment confirmation (via Stripe) - we never see card details
Retention: Order data kept for 7 years for tax/accounting purposes. Contact us to request access, correction, or deletion (after legal retention periods).
Data Retention
- Sync data: Kept until you delete your account
- Error logs: Anonymized, kept 12 months
- Shop orders: 7 years (tax/accounting purposes)
Legal Basis (GDPR Article 6)
- Email, notes, sync metadata: Your consent
- Pro subscription: Contract performance
- Shop orders: Contract performance
Security
- AES-256 client-side encryption for sync data
- TLS 1.3 for all transmissions
For Healthcare Professionals
SnapMedic is for your personal professional notes - not patient records. Follow your organization's policies, use the privacy warnings, and avoid storing patient identifiable information. This is not a replacement for official medical records systems.
Children's Privacy
SnapMedic is for healthcare professionals and not directed at children under 16. Contact us if you believe a child has provided personal data.
Policy Updates
We'll update the "Last updated" date and notify sync users by email of significant changes. We'll give 30 days notice for changes affecting your rights.
Contact Us
Privacy questions: [email protected] (response within 48 hours)
Complaints: Contact the UK Information Commissioner's Office at ico.org.uk or your local EU data protection authority.