Legal

Privacy Policy

How Medicexum Ltd collects, uses, and protects your personal data on GlobalReg. Last updated 28 April 2026.

Medicexum Ltd ("Medicexum", "we", "us") operates GlobalReg (the "Service") and is the data controller for personal data processed in connection with the Service.

1. Data we collect

  • Account data: name, email address, hashed password, organisation (optional).
  • Usage data: features used, queries submitted to the AI assistant, country profiles viewed, comparisons run.
  • Technical data: IP address, device and browser identifiers, log files, cookies.
  • Support data: messages you send us and metadata about those interactions.
  • Billing data: handled by Paddle (see "Sharing" below); we receive subscription status and limited transaction metadata, not card numbers.

2. Why we use it (purposes and legal basis)

  • To create and operate your account and provide the Service — performance of a contract.
  • To secure the Service, prevent fraud, and enforce our Terms — legitimate interests.
  • To improve features and reliability, including aggregated analytics — legitimate interests.
  • To send service announcements and transactional emails — performance of a contract.
  • To send marketing emails, where applicable — consent (you can withdraw at any time).
  • To comply with legal obligations — legal obligation.

3. Sharing

We share personal data with:

  • Paddle, our Merchant of Record, for sale of subscriptions, billing, tax compliance, refunds, and invoicing.
  • Hosting and infrastructure providers that store and serve data on our behalf.
  • AI model providers that process queries you submit to the AI assistant under data-processing agreements.
  • Email and analytics providers that help us deliver and measure the Service.
  • Professional advisers (legal, accounting) and authorities where required by law.

4. International transfers

Some recipients are located outside the UK/EEA. Where this is the case, we rely on appropriate safeguards such as the UK International Data Transfer Agreement, EU Standard Contractual Clauses, or adequacy decisions.

5. Retention

We keep account data for as long as your account is active and for a reasonable period after closure to comply with legal, accounting, and dispute-resolution obligations. Usage and log data is typically retained for up to 24 months. Backups are deleted on rolling cycles.

6. Your rights

Subject to applicable law, you have the right to access, rectify, erase, restrict, or object to the processing of your personal data; to portability; and to withdraw consent. UK/EEA users have the right to lodge a complaint with the UK Information Commissioner's Office (ICO) or their local supervisory authority. We respond within one month.

7. Security

We use appropriate technical and organisational measures including encryption in transit, encryption at rest, access controls, and audit logging.

8. Cookies

We use essential cookies to keep you signed in and to operate the Service, and limited analytics cookies to understand usage. You can manage cookies in your browser settings. Disabling essential cookies will break sign-in.

9. Contact

Medicexum Ltd — privacy@globalreg.app