Privacy Policy

Who We Are

Medwiki.co.uk is an AI-powered health information platform that provides trusted, expert-verified health education in simple language. For the purposes of UK data protection law, Medwiki UK is the Data Controller in respect of any personal data collected through this Platform.

Our Commitment

Your privacy and data security are our top priority. We collect only the minimum information necessary to operate our services effectively. Any information gathered automatically is used solely to maintain the security of the Platform and to understand general usage patterns. This information is not processed in any way that would identify any particular user.

What Information We Collect

Information you provide directly

When you use certain features of the Platform, you may provide personal information. This includes:

• Health questions and queries submitted through AskMedwiki
• Prescription documents or images uploaded for explanation
• Inputs entered into health tools and calculators, such as height, weight, age, sleep patterns, mental health indicators, and other health metrics
• Any feedback, messages, or enquiries you send us directly

Information collected automatically

When you visit medwiki.co.uk, certain technical data is collected automatically by our servers and infrastructure:

• IP address
• Browser type and version
• Device type and operating system
• Pages visited, time on page, and navigation behaviour
• Referring website or source
• Date and time of your visit

This data is used solely to keep the Platform running securely and to improve the user experience.

Cookies and local storage

We may use cookies and similar technologies to maintain your session, remember your preferences, and understand how visitors use the Platform. You can manage cookie preferences through your browser settings at any time.

How We Use Your Information

Any information we collect may be used for the following purposes:

• To respond to your health queries and generate AI-powered explanations
• To process prescription uploads and provide medicine explanations
• To calculate results from health tools and assessments
• To maintain and improve the Platform and its features
• To ensure the security of the Platform and prevent misuse
• To respond to your enquiries and provide support
• To comply with applicable legal obligations

We process your personal data only where a lawful basis exists under UK GDPR. Depending on the nature of the data and the feature you use, this will be your explicit consent, our legitimate interests in operating and improving the Platform, or a legal obligation to which we are subject.

Prescription Uploads

We offer a feature where you can photograph or upload your prescription so we can explain what your medicines are for.

A prescription document may contain your full name, date of birth, home address, NHS number, your doctor's details, and specific medicines and dosages that may imply an underlying medical condition.

When you upload a prescription:

• It is processed by an AI system solely to generate a plain-language explanation of your medicines
• It is not stored permanently after your explanation has been generated
• It is not used for any purpose other than answering your query
• It is not shared with any third party except the AI provider processing the request, who is contractually bound to confidentiality

Please only upload your own prescription. If you are uploading a prescription on behalf of a child, you confirm that you are the parent or legal guardian and that you consent to the processing of that child's health data for this purpose.

Sharing Your Information

We do not sell your personal data. We do not share your information with unaffiliated third parties for marketing purposes.

We may share your information with trusted service providers who assist us in operating the Platform.

All third-party providers are permitted to use your data only to perform the specific function for which it is shared. They are not authorised to use your data for their own purposes.

We may also disclose personal data where required or permitted by law — for example, to comply with a court order, respond to a regulatory request, or protect the rights and safety of our users.

International Data Transfers

Some of the trusted service providers who help us operate the Platform, including the AI providers who process your health queries and prescription uploads, may be located outside the United Kingdom. Where this is the case, your personal data, including special category health data, may be transferred to, stored in, or processed in a country outside the UK.

Whenever we transfer personal data outside the UK, we take steps to ensure it receives an equivalent level of protection to that required under UK data protection law. We rely on one or more of the following safeguards:

• Transfers to countries the UK Government has determined provide an adequate level of data protection (UK adequacy regulations);
• The International Data Transfer Agreement (IDTA), or the EU Standard Contractual Clauses together with the UK Addendum, where required; and
• Other lawful transfer mechanisms permitted under UK GDPR.

You can request more information about the safeguards we have in place for international transfers, or a copy of the relevant mechanism, by contacting us at support@medwiki.co.uk.

How Long We Keep Your Data

We keep your information only for a standard retention period to provide our services, meet our legal obligations, or resolve any disputes. Once that period is over, your information is securely deleted.

Unless a longer period is required by law or to resolve a dispute, we apply the following standard retention periods:

• Prescription documents and images — deleted immediately after a plain-language explanation has been generated, and in any event within 24 hours of upload.
• Health queries, health tool inputs, and other special category data — retained for no longer than 12 months from the date of submission, after which they are securely deleted or anonymised.
• Enquiries, feedback, and support correspondence — retained for up to 24 months from the date of your last contact with us, to help us respond to follow-up queries and resolve disputes.
• Automatically collected technical and security data (such as server logs) — retained for up to 12 months for security and platform-integrity purposes.
• Cookie and local storage data — retained for the duration set out in our cookie settings, or until you clear it through your browser.

Where data has been aggregated or anonymised so that it can no longer identify you, we may retain it for longer for statistical and service-improvement purposes.

Your Rights

Under UK GDPR and the Data Protection Act 2018, you have the following rights in relation to your personal data:

• See your data — You can ask us what personal information we hold about you and request a copy of it.
• Correct your data — You can ask us to fix any information we hold that is wrong or out of date.
• Delete your data — You can ask us to delete your information if you feel there is no good reason for us to keep it.
• Limit how we use your data — You can ask us to pause or restrict how we use your information while any concern is being looked into.
• Take your data elsewhere — You can ask us to provide your information in a format that you can share with another service provider.
• Object to how we use your data — You can ask us to stop using your information in a particular way if you are not comfortable with it.
• Change your mind — If you gave us permission to use your data, you can take that permission back at any time. This won't affect anything we did before you withdrew your consent.

Processing of Health and Special Category Data

Some of the information you provide to the Platform — including health questions, prescription documents, mental health indicators, and inputs to our health tools — constitutes special category data under Article 9 of the UK GDPR. Special category data is given additional protection because of its sensitive nature, and the UK GDPR prohibits its processing unless a specific condition under Article 9(2) is satisfied in addition to a lawful basis under Article 6.

Where we process your health or other special category data, we rely on the following Article 9(2) conditions:

• Explicit consent (Article 9(2)(a)) — In most cases, we process your health data on the basis of your explicit consent, which you provide by choosing to submit a health query, upload a prescription, or enter data into a health tool. You may withdraw this consent at any time, although this will not affect any processing carried out before withdrawal.
• Establishment, exercise or defence of legal claims (Article 9(2)(f)) — We may process such data where necessary in connection with a legal claim or regulatory matter.
• Reasons of substantial public interest, or public health (Articles 9(2)(g) and 9(2)(i)) — Where applicable and on the basis of UK law, we may process such data to protect against serious threats to health or to ensure the security and integrity of the Platform.

Where our lawful basis for processing special category data is your explicit consent, you are under no obligation to provide this data. If you choose not to, you may be unable to use certain features of the Platform, such as AskMedwiki, prescription explanations, or health calculators. We will not use your special category data for any purpose that is incompatible with the purpose for which you provided it, and we will not make automated decisions producing legal or similarly significant effects about you on the basis of this data.

If you have a concern about how we handle your personal data, we would encourage you to contact us first at support@medwiki.co.uk so we can try to resolve it. You also have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK supervisory authority for data protection matters.

Automated Decision-Making and Profiling

Our AI-powered features use the information you provide to generate explanations, calculate results, and respond to your queries. While this processing is automated, it is intended to provide general health information and education only.

We do not use your personal data, including your health data, to make solely automated decisions that produce legal effects concerning you or that similarly significantly affect you, within the meaning of Article 22 of the UK GDPR. The outputs of our AI features do not constitute medical advice, diagnosis, or treatment, and should not be relied upon as a substitute for professional healthcare. You should always consult a qualified healthcare professional before acting on any information provided by the Platform.

Data Security

We take reasonable administrative, technical, and physical measures to protect your personal data from unauthorized access, use, modification, or disclosure. All data transmitted between your browser and our Platform is encrypted using HTTPS. Access to personal data within our organisation is restricted to those who need it to perform their role.

However, no data transmission over the internet can be fully guaranteed. While we strive to protect your information, you acknowledge that internet security has inherent limitations beyond our control.

In the event we become aware that personal data has been compromised, we will take appropriate steps as required by law.

Children's Privacy

The Platform is not directed at children under the age of 13. We do not knowingly collect personal data from children under 13 without verifiable parental consent.

If you are between 13 and 17, we encourage you to discuss any health questions with a trusted adult or healthcare professional.

AI-Powered Features

Some features on medwiki.co.uk are powered by artificial intelligence. All responses generated through these features are for informational and educational purposes only and do not constitute medical advice, diagnosis, or treatment. Always consult a qualified healthcare professional before acting on any health information provided by this Platform.

Links to Other Websites

The Platform may contain links to third-party websites. We are not responsible for the privacy practices of those websites and encourage you to read their privacy policies before providing any personal information.

Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will update the version number and date at the top of this page and, where appropriate, display a notice on the Platform. Your continued use of medwiki.co.uk after any update constitutes your acknowledgement of the revised Policy.

Acceptance of This Policy

By using medwiki.co.uk and its services, you acknowledge that you have read and agree to this Privacy Policy.

Contact Us

If you have any questions about this Policy or would like to exercise any of your data rights, please get in touch with us at support@medwiki.co.uk