Privacy Policy

Last updated: 8 April 2026

1. Who We Are

Medisec Connect Ltd ("we", "us", "our") operates the Medisec Connect platform. We are the data controller for the personal data we process. For any data protection enquiries, contact us at info@medisecconnect.com.

2. Data We Collect

We collect the following categories of personal data:

  • Account information: name, email address, password (hashed), role type
  • Profile data: professional bio, photo, location, skills, qualifications, work preferences, hourly rate, NHS systems experience
  • Verification documents: photo ID, DBS certificates, proof of qualifications, references (uploaded securely)
  • Communications: messages sent through the platform, contact form submissions
  • Payment data: processed by Stripe; we do not store full card details
  • Usage data: pages visited, features used, IP address, browser type

3. Legal Basis for Processing

We process your personal data under the following legal bases (UK GDPR):

  • Contract: to provide the marketplace service, manage your account, and process payments
  • Legitimate interest: to improve the platform, prevent fraud, and ensure safety
  • Consent: for optional marketing emails and non-essential cookies
  • Legal obligation: to comply with applicable laws and regulations

4. How We Use Your Data

  • To create and maintain your account
  • To display your profile to other users in the marketplace
  • To facilitate secure messaging between Employers and Candidates
  • To process Access Pass purchases and Profile Boosts
  • To review verification documents and issue Verified badges
  • To send transactional notifications (account updates, messages received)
  • To respond to contact form enquiries
  • To analyse usage patterns and improve the platform

5. Data Sharing

We share your data only with:

  • Supabase: our database and authentication provider (data stored in EU/UK regions)
  • Stripe: for payment processing
  • Vercel: for website hosting
  • Resend: for transactional email delivery (when configured)

We do not sell your personal data to third parties. We do not share your data with advertisers.

6. Data Retention

We retain your data for as long as your account is active. If you delete your account, we will remove your personal data within 30 days, except where we are required to retain it for legal or regulatory purposes. Verification documents are securely deleted within 90 days of account closure.

7. Your Rights (UK GDPR)

You have the right to:

  • Access: request a copy of the personal data we hold about you
  • Rectification: correct inaccurate or incomplete data
  • Erasure: request deletion of your personal data ("right to be forgotten")
  • Portability: receive your data in a structured, machine-readable format
  • Restriction: request that we limit processing of your data
  • Objection: object to processing based on legitimate interests
  • Withdraw consent: where processing is based on consent, withdraw at any time

To exercise any of these rights, email us at info@medisecconnect.com. We will respond within 30 days.

8. Security

We implement appropriate technical and organisational measures to protect your data, including encryption in transit (TLS), encrypted storage for sensitive documents, row-level security policies on our database, and secure authentication via Supabase Auth.

Notwithstanding the above measures, Medisec Connect Ltd shall not be held liable for any data breaches, unauthorised access, or loss of personal data resulting from circumstances beyond our reasonable control, including but not limited to cyberattacks, vulnerabilities in third-party services, or user failure to protect their account credentials. In the event of a data breach, we will notify affected users and the Information Commissioner's Office (ICO) in accordance with our obligations under UK GDPR.

9. Cookies

We use essential cookies for authentication and session management. For details on our cookie usage, please see our Cookie Policy.

10. Children

The Platform is not intended for use by anyone under the age of 18. We do not knowingly collect personal data from children.

11. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be notified to registered users via email. The "last updated" date at the top indicates the most recent revision.

12. Complaints

If you are unhappy with how we handle your data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.