Privacy Policy

Effective Date: 3 March 2022

Last Updated: 10 November 2025

1. Overview

This Privacy Policy explains how Medtribe Ltd ("Medtribe", "we", "us", or "our") collects, uses, and protects your personal information when you use our platform, website, or related services.

2. Data Controller and Contact

Medtribe Ltd acts as the Data Controller for individual user data and as a Data Processor for data uploaded by organisations.

Data Protection Officer:

Kunal Madhav kunal@medtribe.com

For privacy-related queries, contact support@medtribe.com.

We aim to acknowledge all requests within 2 working days and provide full responses within one month, as required by data protection law.

3. Information We Collect

3.1 Voluntarily Provided Information

We collect data you provide directly, including:

Account registration details (name, email, profession)
Event participation and attendance information
Educational or organisational affiliation
Payment and billing information:

Billing name and address
Payment method details (processed by Stripe)
Purchase history and invoices

Payment processing: We use Stripe, Inc. to process payments securely.

Medtribe does not store credit card numbers or security codes.

For Stripe's data practices, visit https://stripe.com/privacy.

3.2 Automatically Collected Information

We collect certain information automatically when you use Medtribe, such as:

Log and usage data (e.g. access times, pages viewed, device type)
Browser details
Performance and diagnostic data

We collect this data through cookies and similar technologies, which help us:

Keep you signed in
Remember your preferences
Analyse site performance and usage

We use the following categories of cookies:

Essential Cookies – required for login, security, and functionality
Functional Cookies – remember preferences and settings
Analytics Cookies – track anonymised usage data

We do not use advertising or cross-site tracking cookies.

For details, see our Cookie Policy.

3.3 Organisation Data

Event organisers and institutions may upload or generate:

Participant lists, resources, and attendance records
Certificates or survey responses created within the system

For this data, the organisation is the Data Controller and Medtribe acts as the Data Processor.

If you are a participant, contact your organisation directly to exercise your data rights.

If you are an organisation, you are responsible for:

Obtaining lawful consent from participants
Responding to participant data rights requests
Ensuring compliance with applicable data protection laws

Medtribe processes organisational data only on the organisation's documented instructions.

3.4 Prohibited Data

Medtribe is not designed for clinical or patient data.

You must not upload:

Patient-identifiable information
Clinical data or medical records
Any data subject to healthcare confidentiality

If such data is uploaded in error, immediately contact support@medtribe.com with subject "Urgent: Data Breach".

4. How We Use Personal Information

We use your information to:

Provide and improve the Medtribe platform
Facilitate events, resources, and learning activities
Manage subscriptions and payments
Communicate important updates
Maintain platform security and integrity
Comply with legal obligations

5. Legal Basis for Processing

We process your data under the following legal bases:

Contract: To provide services you request (e.g., account access, subscriptions)
Legitimate Interests: For service improvement, analytics, and security
Consent: For marketing communications and optional features
Legal Obligation: To meet regulatory, tax, or accounting requirements

6. Marketing Communications

We may send communications about Medtribe and relevant professional opportunities or products.

You can opt out at any time via email footer links or by contacting support@medtribe.com.

7. Data Portability

You may request a copy of your data by contacting support@medtribe.com.

We will verify your identity and provide exports in commonly used, machine-readable formats (CSV or JSON) within 14 days of verification.

8. Data Retention

Active accounts: Retained for as long as your account remains active.
Deleted accounts: Profile, settings, and content deleted within 7 days.
System and billing records: Retained for up to 7 years to comply with UK tax and accounting laws (HMRC requirements).
Organisation data: Retained up to 90 days after subscription cancellation for export or reactivation, unless deletion is requested earlier.

9. Data Storage and Transfers

Data is primarily stored in the UK and EEA.

Some sub-processors may process data in other jurisdictions with adequate safeguards, such as Standard Contractual Clauses (SCCs).

10. Sub-Processors

We use trusted third-party providers including:

Amazon Web Services (AWS) – Storage (UK/EU)
Heroku – Cloud hosting (UK/EU)
Stripe, Inc. – Payment processing (United States; transfers safeguarded under SCCs)
Twilio SendGrid, Inc. – Email delivery (UK)

A maintained list of sub-processors is available here

11. Data Security and User Responsibilities

We implement appropriate technical and organisational measures to protect your data.

Users are responsible for:

Maintaining secure passwords
Avoiding account sharing
Not uploading prohibited or sensitive data
Reporting unauthorised access via support@medtribe.com ("Security Incident")

12. Data Breach Notification

If a data breach occurs that poses a risk to individuals, Medtribe will:

Notify the ICO within 72 hours (where legally required)
Notify affected users without undue delay
Provide details of the breach and mitigation steps

13. Children and Minors

Medtribe is intended for users aged 16 and above.

We do not knowingly collect data from children under 13.

Age Verification:

We rely on users and organisations to provide accurate age information.
We do not use automated age verification.

Parents or guardians may contact support@medtribe.com to remove a minor's data.

14. International Users

We comply with:

UK GDPR and Data Protection Act 2018
EU GDPR (where applicable)
California Consumer Privacy Act (CCPA) and CPRA
Canada's PIPEDA (where applicable)
Australia's Privacy Act 1988 (where applicable)

15. Your Rights

You have the right to:

Access your data
Request correction or deletion
Withdraw marketing consent
Request data portability
Object to processing
Restrict processing (e.g. pending verification of accuracy)
Lodge a complaint with the ICO or your supervisory authority

To exercise these rights:

Email support@medtribe.com
Specify your request
We verify identity within 2 working days
We respond within 30 days (extendable for complex cases)

16. California (CCPA/CPRA) Rights

California residents have the right to:

Access, correct, or delete personal information
Know categories of data collected, disclosed, or sold
Opt out of sale or sharing of personal data
Limit use of sensitive personal information
Be free from discrimination for exercising these rights

We verify identity before processing such requests. We verify your identity by confirming your registered email address and account details. For security, we may request additional information to prevent fraudulent requests.

17. Automated Decision-Making and Profiling

We do not use automated decision-making or profiling that produces legal or similarly significant effects.

18. Business Transfers

If Medtribe or its assets are acquired, data may be transferred under equivalent privacy obligations.

Users will be notified as required by law.

19. Third-Party Links

Our services may include links to external websites.

We are not responsible for their content or privacy practices.

Please review their privacy policies before sharing personal information.

20. Updates to This Policy

We may update this policy periodically.

Material changes will be notified via the platform or email.

21. Contact Us

Medtribe Ltd

support@medtribe.com

kunal@medtribe.com (Data Protection Officer)

We aim to respond within 2 working days and resolve formal data requests within 1 month.