Privacy Policy

Last updated: 16 February 2026

1. Introduction

MedChemify ("we", "our", "us") is a UK-based online learning platform accessible at medchemify.com. We are committed to protecting your personal data and respecting your privacy in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

This policy explains what personal data we collect, how we use it, and your rights regarding your information.

2. Data Controller

MedChemify is the data controller for personal data collected through our platform. For any privacy-related enquiries, please contact us at support@medchemify.com.

3. Data We Collect

We collect the following types of personal data:

  • Account information: Name, email address, and password (hashed) when you create an account via Supabase Authentication.
  • Payment information: Payment details are processed securely by Stripe. We do not store your full card number. We retain your Stripe customer ID and subscription status.
  • Learning progress: Your quiz scores, completed levels, streaks, and earned certificates.
  • Technical data: Browser type, IP address, device information, and pages visited for analytics and service improvement.

4. How We Use Your Data

  • To provide and maintain our learning platform
  • To process subscriptions and payments via Stripe
  • To track your learning progress and issue certificates
  • To send essential account notifications (e.g., password resets)
  • To improve our service and content
  • To comply with legal obligations

5. Legal Basis for Processing

We process your personal data on the following legal bases:

  • Contract: Processing necessary to provide our services to you.
  • Legitimate interest: Analytics and service improvement.
  • Consent: Where you have given explicit consent, such as for optional cookies.
  • Legal obligation: Where required by law.

6. Cookies

We use essential cookies for authentication and user preferences. For full details, please see our Cookie Policy.

7. Third-Party Services

  • Supabase: Provides authentication and database services. Data may be stored in Supabase's EU/UK data centres.
  • Stripe: Handles payment processing. Stripe is PCI DSS Level 1 certified. See Stripe's Privacy Policy.

8. Data Retention

We retain your personal data for as long as your account is active or as needed to provide our services. You may request deletion of your account and associated data at any time by contacting support@medchemify.com.

9. Your Rights

Under UK GDPR, you have the right to:

  • Access the personal data we hold about you
  • Rectify inaccurate personal data
  • Request erasure of your personal data
  • Restrict or object to processing of your data
  • Data portability
  • Lodge a complaint with the Information Commissioner's Office (ICO)

To exercise any of these rights, contact us at support@medchemify.com.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by posting a notice on our platform. Your continued use of MedChemify after changes are posted constitutes acceptance of the updated policy.

11. Contact Us

If you have any questions about this Privacy Policy, please contact us at support@medchemify.com.