Privacy Policy

Medical Scout ("we", "us", "our") is a trading name of TQC Ltd, registered in England (company number 15704673). This policy explains what data we collect, why, and how we protect it.

1. What We Collect

When you sign up

We collect your email address when you create an account via magic link login. If you upgrade to a paid plan, we collect payment details through Stripe (we do not store your full card details).

When you visit our website

We use Vercel Web Analytics to understand how people use our site. These tools collect anonymised data including pages visited, time on site, and approximate location. We do not use this data to identify individual visitors.

When you become a customer

If you subscribe to a paid plan, we collect your name, email address, company name, and billing details via Stripe. Payment processing is handled entirely by Stripe and we do not store your full card details.

2. The Data We Provide

Our dashboard contains business contact information sourced from publicly available UK records, including the Care Quality Commission register, Companies House filings, Google Maps, and company websites. This is business-to-business data about healthcare facilities and their publicly listed officers or contacts.

We do not sell consumer data. All data we provide is derived from sources that are freely accessible to the public.

3. Lawful Basis

We process personal data under the following lawful bases (UK GDPR):

• Legitimate interest (Article 6(1)(f)) for processing publicly available business data and for B2B marketing communications
• Contract (Article 6(1)(b)) for processing customer data needed to deliver our services
• Consent (Article 6(1)(a)) where you have opted in to receive communications from us

4. How We Use Your Data

• To provide dashboard access and deliver our services
• To process payments and manage your subscription
• To send you relevant B2B communications (you can opt out at any time)
• To improve our website and services
• To comply with legal obligations

5. Who We Share Data With

We do not sell your personal data to third parties. We share data only with:

• Service providers who help us run our business (Vercel for hosting, Stripe for payments, Supabase for authentication and data storage)
• Legal authorities if required by law

6. Data Retention

• Account data: Duration of your subscription plus 6 years (for tax and legal compliance)
• Analytics data: Anonymised, retained indefinitely
• Trial accounts: 12 months after trial expiry if not converted

7. Your Rights

Under UK GDPR, you have the right to:

• Access the personal data we hold about you
• Correct inaccurate data
• Delete your data (where we have no legal obligation to retain it)
• Object to processing based on legitimate interest
• Port your data to another provider
• Withdraw consent at any time, where processing is based on consent

To exercise any of these rights, email hello@medicalscout.co.uk. We will respond within 30 days.

8. Cookies

We use a minimal number of cookies:

• Authentication cookies to keep you logged in
• Essential cookies required for the website to function

We do not use advertising cookies or tracking pixels.

9. Changes to This Policy

We may update this policy from time to time. The "last updated" date at the top reflects the most recent version.

10. Contact

If you have questions about this policy or want to exercise your data rights:

• Email: hello@medicalscout.co.uk
• Website: medicalscout.co.uk

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.