Haseeb Ullah trading as MedicFlow
Email: support@medicflow.uk
Website: medicflow.uk
| Data type | Purpose | Legal basis | Retention |
|---|---|---|---|
| Name & email | Account creation, login, service comms | Contract | Account life + 2 years |
| Clinical grade/speciality | AI personalisation | Contract | Account life + 2 years |
| Usage logs | Billing, rate limiting, fraud prevention | Legitimate interests | 12 months |
| Payment status | Subscription management | Contract | 7 years (HMRC) |
| IP address | Security, fraud prevention | Legitimate interests | 90 days |
| AI query text | Processing via Anthropic API (not stored by us) | Contract | Not retained |
| Processor | Purpose | Location | Safeguards |
|---|---|---|---|
| Supabase | Auth & database | EU/US | SCCs, SOC2 |
| Stripe | Payment processing | US/EU | PCI DSS, SCCs |
| Vercel | Web hosting | US/EU | SCCs, ISO27001 |
| Anthropic | AI query processing | US | SCCs |
Under UK GDPR you have rights of access, rectification, erasure, portability, restriction, and objection. Contact support@medicflow.uk to exercise these rights. Response time: 30 days. You may complain to the ICO at ico.org.uk.