Last Updated: [7 August 2025]
Welcome to GP Accipe ("the App"). This Privacy Policy explains how [GP Accipe Ltd] ("we," "us," or "our") collects, uses, and discloses information about you when you use our mobile application. We are committed to protecting your privacy and handling your data in an open and transparent manner.
This policy has been prepared in compliance with the UK General Data Protection Regulation (UK GDPR).
For the purpose of the UK GDPR, the data controller is [GP Accipe Ltd] of [Romford, England].
We collect information in the following ways:
a) Information You Provide to Us:
Account Information: When you register for an account, we collect your First Name, Last Name, Email Address, your chosen Role (e.g., GP Partner, Salaried GP), and your NHS Clinical Commissioning Group (CCG).
User-Generated Content: We collect the information you voluntarily contribute to the App, including:
Local Referral Pathways: Details of GP surgeries you add or edit (name, address, ODS code, official NHS email, service type, privacy status).
Referral Hints & Tips: The content of referral hints you submit, including text and any images you upload.
Ethical & Admin Hints: The title, content, and tags of ethical and administrative hints you submit.
Contact Form Submissions: When you use the "Contact Us" form, we collect your Name, Email Address, the Subject, and the Message you send.
b) Information We Collect Automatically:
Usage Data: We use Firebase services that may automatically collect anonymous data about your interactions with the App, such as features used and time spent in the app, to help us improve our services.
Device Information: We collect your Firebase Cloud Messaging (FCM) token to send you push notifications if you subscribe to them.
We use the information we collect for the following purposes:
To Provide and Maintain the Service: To create and manage your account, provide you with access to the App's features, and display content.
To Personalize Your Experience: To show you content relevant to your role, display your contributions, and manage your list of favourited and subscribed items.
For Community and Moderation: To display your name next to content you contribute ("Added by..."), to manage user roles and permissions, and to facilitate the content verification and approval workflows.
To Communicate With You: To send you essential service-related notifications (e.g., subscription approvals, new hint alerts for managers) and to respond to your inquiries via the contact form.
To Improve the App: To understand how users interact with the App, to identify areas for improvement, and to fix bugs.
Under UK GDPR, our legal basis for collecting and using your personal information is as follows:
Performance of a Contract: We process your data to provide the services you have requested by creating an account and using the App.
Consent: For features like push notifications and submitting user-generated content, we process your data based on your consent. You can withdraw this consent at any time (e.g., by unsubscribing from a surgery).
Legitimate Interests: We process some data for our legitimate interests, such as for app improvement and security, provided these interests are not overridden by your data protection rights.
We do not sell your personal data. We may share your information with the following third-party service providers who help us operate the App:
Google Firebase: Provides our backend services, including Authentication, Firestore (database), Cloud Functions, and Firebase Cloud Messaging. Your data is stored on their secure servers.
Mailjet (or SendGrid): Used to send transactional emails for the contact form and surgery verification.
Ko-fi: If you choose to donate, you will be directed to their website, and their privacy policy will apply to the transaction.
You have the following rights regarding your personal data:
The right to access: You can request a copy of the personal data we hold about you.
The right to rectification: You can request that we correct any inaccurate or incomplete data.
The right to erasure: You can request that we delete your personal data under certain conditions.
The right to restrict processing: You can request that we restrict the processing of your personal data.
The right to data portability: You can request that we transfer the data we have collected to another organization, or directly to you.
The right to object to processing: You can object to our processing of your personal data.
To exercise any of these rights, please contact us at [support@accipe.co.uk]. You also have the right to lodge a complaint with the UK's data protection authority, the Information Commissioner's Office (ICO).
We rely on the robust security measures of Google Cloud and Firebase to protect your data. We retain your personal data for as long as your account is active. If you delete your account, your personal information will be removed in accordance with our data retention policies. User-generated content you have contributed may be retained anonymously.
We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new policy on this page and updating the "Last Updated" date.
If you have any questions about this Privacy Policy, please contact us at: [support@accipe.co.ukl].