SnapMedic Logo

Privacy Policy

Last updated: July 20, 2025

Data Controller

Controller: Kirsty Wright

Contact: [email protected]

Location: United Kingdom

ICO Registration: ZB693397

How SnapMedic Works: Two Options

📱 Offline Only (Default)

  • ✅ No data collection
  • ✅ No internet required
  • ✅ All data stays on your device
  • ✅ Complete privacy

🔄 Optional Sync

  • 📧 Requires email signup
  • 🔒 Zero-knowledge encryption
  • 🌍 EU-based secure servers
  • ⚙️ Your choice and control

Important: SnapMedic works completely offline by default. Sync is entirely optional and requires your explicit consent via email signup.

What We Collect (Optional Sync Only)

If you choose to create an account for sync functionality, we collect minimal data:

Email Address

Purpose: Account authentication and encryption key generation

Legal Basis: Your consent (GDPR Article 6)

Encrypted Notes

Purpose: Cross-device synchronization

Protection: Client-side AES-256 encryption before upload

Legal Basis: Your consent

Sync Metadata

What: Timestamps, anonymized device identifiers

Purpose: Conflict resolution and multi-device coordination

Legal Basis: Your consent

Pro Membership Data

What: Email address, internal user ID, subscription status

Purpose: Subscription management and cross-platform synchronization

Protection: Payment details handled by certified payment processors

Legal Basis: Contract performance for subscription services

How We Protect Your Privacy

🔐 Zero-Knowledge Encryption

  • Your notes are encrypted on your device using AES-256 before any upload
  • Encryption keys are derived from your email and never stored on our servers
  • We cannot read your notes - they appear as random encrypted data to us
  • Even if our servers were compromised, your data remains protected

🏥 Health Data Prevention & Privacy Validation

Advanced Privacy Scanning

  • Real-time scanning for 14+ UK healthcare-specific patterns
  • Detects NHS numbers, postcodes, names, and other patient identifiers

Local-Only Processing

  • Privacy warnings generated locally on each device
  • Validation results never synced or shared
  • Each device independently scans your notes
  • No privacy data leaves your device

Professional Guidelines

  • Designed for healthcare professionals' personal notes only
  • Active discouragement of patient identifiable information
  • Compliance with professional note-taking standards
  • Not a replacement for official medical records systems

🌍 EU Data Hosting

  • All data stored on secure EU servers (London, UK)
  • GDPR-compliant data processors with Article 28 agreements
  • No data transfers outside the EU
  • Self-hosted monitoring and PDF services for maximum control

🔒 Payment Security

  • All payment processing handled by certified third-party providers
  • We never store or have access to payment card information
  • Subscription status synchronized securely via RevenueCat
  • Cancellation immediately stops data processing for Pro features

Third-Party Data Processors (Sync Only)

When you use sync functionality, your encrypted data may be processed by:

Supabase Inc. (Primary Processor)

Purpose: Encrypted data storage and sync coordination

Location: EU servers (London, UK)

Compliance: GDPR Article 28 compliant processor with SOC 2 and ISO 27001 certification

Linode/Akamai

Purpose: Infrastructure hosting for self-hosted services

Location: EU region

Data: Hosts our self-hosted Sentry error monitoring and PDF services

RevenueCat (Subscription Management)

Purpose: Cross-platform subscription synchronization and management

Location: United States with appropriate data protection safeguards

Data: Email address and internal user ID only

Compliance: GDPR compliant with appropriate contractual safeguards

Apple App Store / Google Play Store

Purpose: In-app purchase processing for mobile devices

Data: Payment processing handled entirely by platform providers

Note: We never receive or store payment card details

Stripe (Web Payment Processor)

Purpose: Secure payment processing for web subscriptions

Location: Global infrastructure with EU data centers

Compliance: PCI DSS Level 1 certified, GDPR compliant

Self-Hosted Services

We self-host our own Sentry error monitoring and PDF generation services on our own infrastructure under our direct control. PDF export processes only data you send to it, then immediately forgets it.

Your Rights and Controls

🗑️ Account Deletion

Delete your account and all data anytime. Data is immediately removed with 30-day server cleanup period.

📤 Data Export

Download all your data in readable JSON or PDF format anytime through the app.

🚫 Consent Withdrawal

Withdraw consent anytime by deleting your account. No questions asked.

Backup Codes & Account Recovery

How Backup Codes Work

  • Generated locally only after you manually generate them
  • Stored locally on your device, not on our servers
  • Required for account recovery
  • Each code can only be used once

Using Backup Codes

  • Lost Email Access: Login with backup code to regain account access
  • Device Setup: Access your account on new devices
  • Account Recovery: Your only option if you lose email access

⚠️ Critical Security Notice

Due to zero-knowledge encryption, we cannot recover your data if you lose both your email access and backup codes. Save your backup codes in a secure location immediately after generating them.

Data Retention

  • Sync Data: Retained until you delete your account
  • Account Deletion: All data immediately deleted with 30-day server cleanup
  • Error Logs: Self-hosted, anonymized, retained for 12 months for debugging
  • No Analytics: We do not collect usage analytics or behavioral data

Shop and Order Processing

When you purchase physical products from our shop, we process additional data necessary for order fulfillment and shipping:

Shipping Information

What: Name, delivery address, email, phone number (optional)

Purpose: Order fulfillment, shipping coordination, and delivery updates

Legal Basis: Contract performance (necessary to deliver your order)

Order Details

What: Products purchased, quantities, order value, order date

Purpose: Order processing, inventory management, customer service

Legal Basis: Contract performance and legitimate business interests

Payment Information

What: Payment confirmation and transaction ID only

Protection: All payment card details are processed exclusively by Stripe - we never see or store your card information

Legal Basis: Contract performance

🚚 Shipping and Third-Party Processors

To fulfill your order, your shipping information is shared with:

Royal Mail (Shipping Carrier)

Purpose: Comprehensive postal and delivery services

Processing Purposes:
  • Package delivery and tracking
  • Customs clearance and tax compliance
  • Fraud prevention and security checks
  • Credit checks for account services
  • Customer service and query resolution
  • Legal compliance and regulatory obligations
Data Shared:
  • Name and delivery address
  • Order reference and tracking information
  • Contact details (phone/email if provided)
  • Package weight and dimensions
Recipients:
  • Royal Mail Group companies and affiliates
  • Subcontracted carriers and couriers
  • Warehouse and logistics partners
  • IT service and analytics providers
  • Credit reference agencies (for business accounts)
  • Law enforcement and regulatory bodies (when required)
  • Overseas postal operators (for international deliveries)
Legal Bases:
  • Contract performance (delivery services)
  • Legal obligation (customs, tax compliance)
  • Legitimate interests (fraud prevention, service improvement)
  • Consent (where applicable for optional services)
International Transfers:
  • Primarily processed within the United Kingdom
  • International deliveries shared with overseas postal partners
  • Transfers protected by Standard Contractual Clauses (SCCs) or adequacy decisions where applicable
Retention:
  • Delivery and tracking data: Typically 13 months after delivery
  • Transactional records: Up to 7 years for accounting and legal compliance
  • Customer service records: Retained per Royal Mail's retention schedule

For complete details, see Royal Mail's Privacy Policy at royalmail.com/privacy-policy

Stripe (Payment Processor)

Purpose: Secure payment processing

Data Shared: Email address for receipt delivery

Protection: PCI DSS Level 1 certified, GDPR compliant

Note: Card details go directly to Stripe and never pass through our systems

📦 Order Data Retention

  • Active Orders: Retained until delivery is complete
  • Completed Orders: Retained for 7 years for accounting and tax compliance purposes
  • Shipping Details: Archived after delivery, retained per legal requirements
  • Customer Service Records: Retained for 2 years after last contact

Your Shop Data Rights

  • Access: Request a copy of your order history and data
  • Correction: Update shipping address or contact details for pending orders
  • Erasure: Request deletion after legal retention periods expire
  • Portability: Receive your order data in machine-readable format
  • Contact: Email [email protected] for any shop data requests

Professional Use Guidelines

For Healthcare Professionals

  • SnapMedic is designed for your personal professional notes and reference
  • Follow your organization's policies regarding personal note-taking devices
  • Use privacy warnings to avoid storing patient identifiable information
  • You remain responsible for compliance with professional standards
  • This is not a replacement for official medical records systems

Legal Basis for Processing

Data Type Legal Basis Your Control
Email Address Consent (GDPR Article 6) Change or delete account
Encrypted Notes Consent (GDPR Article 6) Edit, export, or delete anytime
Sync Metadata Consent (GDPR Article 6) Delete account to remove
Pro Membership Contract performance (GDPR Article 6) Manage or cancel subscription anytime
Shop Orders & Shipping Contract performance (GDPR Article 6) Request access, correction, or deletion

Note: If health data is incidentally included despite privacy warnings, processing relies on explicit consent under GDPR Article 9. Shop order data is retained for 7 years for legal compliance.

Children's Privacy

Our services are designed for healthcare professionals and are not directed to children under 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us immediately.

Security Measures

  • Client-side AES-256 encryption with PBKDF2 key derivation
  • TLS 1.3 encryption for all data transmission
  • EU-based servers with SOC 2 and ISO 27001 certification
  • Regular security audits and monitoring
  • Row-level security preventing cross-user data access
  • Self-hosted monitoring services for maximum control

Updates to This Policy

We may update this privacy policy to reflect changes in our practices or legal requirements. When we make significant changes:

  • We'll update the "Last updated" date
  • We'll notify you via email if you have a sync account
  • We'll provide 30-day notice for changes affecting your rights
  • Continued use after notice constitutes acceptance

Contact Us

Privacy Questions

Email: [email protected]

Response time: Within 48 hours

Complaints and Regulatory Contact

If you're not satisfied with our response, you can contact:

UK: Information Commissioner's Office (ICO) - ico.org.uk

EU: Your local data protection authority