Privacy Policy

Version 2.1 · Last updated 22 May 2026

This policy explains how Med Services Ltd (company number 14915054, registered office 52A Cherwell Street, Oxford, OX4 1BG) collects and uses your personal data when you use WardRun. We are the data controller for the purposes of the UK GDPR and the Data Protection Act 2018. Contact: playwardrun@gmail.com.

1. What we collect

Data	Purpose	Lawful basis
Email address, password hash	Account creation, login, account recovery	Contract
Display name, medical school, year of study	Leaderboards, school rankings, personalisation	Contract
Verification email (e.g. .ac.uk)	Confirming you are a medical student	Contract
Answers, scores, streaks, study history, question flags	Running the game, tracking your progress, adaptive learning (Leitner)	Contract
Acceptance of Terms, Medical Disclaimer, Privacy Policy (timestamp + version)	Demonstrating consent and compliance	Legal obligation, legitimate interests
Subscription status, Stripe customer ID, last 4 of card (via Stripe only — we never see full card details)	Processing payments, managing subscriptions	Contract
IP address (for security and rate limiting only — see §6), device/browser info, error logs	Security, fraud prevention, debugging, rate limiting	Legitimate interests

2. Special category data

WardRun does not intentionally collect health data about you. Please do not submit personal health information in feedback or flagged questions.

3. Cookies and analytics

We use only strictly necessary cookies (for login sessions and security). We do not use advertising cookies.

For analytics we use Plausible Analytics (EU-hosted, cookieless). Plausible records aggregate usage data only — pages visited, country, device class, referrer — and stores no personal identifiers and no cookies. Because Plausible is cookieless and does not track individuals across sites, no consent banner is required under UK GDPR / PECR. See §4 for the full processor list.

4. Who we share data with

We use the following processors, all of whom are bound by data-processing agreements:

Supabase (database, authentication, edge functions) — data stored in the EU (eu-west-1).
Stripe (payments) — processes card data directly; we never receive it. Stripe may transfer data to the US under Standard Contractual Clauses.
Resend (transactional email, e.g. student verification) — EU-hosted.
Netlify (static hosting, CDN) — global CDN.
Plausible Analytics (cookieless usage analytics) — EU-hosted (Germany).
Apple Inc. (iOS App Store purchases and push notifications, where you use the iOS app) — receives the App Store transaction identifier we use to validate your subscription, and your APNs device token if you opt in to push reminders. US-based; transfers governed by the Apple Developer Program Licence Agreement and Standard Contractual Clauses where applicable.

We do not sell your personal data. We do not use your data to train machine-learning models, and we do not share it with advertisers.

5. International transfers

Where data is transferred outside the UK/EEA (e.g. to Stripe, Apple or Google in the US), we rely on UK-approved transfer mechanisms including the UK International Data Transfer Agreement, the EU Standard Contractual Clauses with the UK Addendum, or adequacy decisions.

6. How long we keep data

Active accounts: for as long as your account is open.
Deleted accounts: you can delete your account from the in-app Settings panel at any time, or by emailing playwardrun@gmail.com. On deletion we immediately remove your profile, email, learning history, saved study schedule, flagged questions, and rate-limit records, and anonymise your run history so it can no longer be traced back to you. Anonymised, aggregated statistics (e.g. total attempts, per-question pass rates) may be retained indefinitely.
Payment records: kept for 6 years to meet UK tax and accounting requirements.
Error logs: retained for as long as needed for debugging and security (typically 30–90 days) and then deleted on a rolling basis. We do not collect your IP address in application error logs.

7. Your rights

Under UK GDPR you have the right to:

Access a copy of your data;
Correct inaccurate data;
Delete your account and associated data ("right to be forgotten");
Object to, or restrict, certain processing;
Port your data in a machine-readable format;
Withdraw consent at any time for any processing that relies on consent.

Email playwardrun@gmail.com to exercise any of these rights. We will respond within one month.

8. Complaints

If you are unhappy with how we handle your data, please contact us first so we can try to resolve it. You also have the right to complain to the UK Information Commissioner's Office (ico.org.uk, 0303 123 1113).

9. Children

WardRun is not intended for anyone under 16. We do not knowingly collect data from children under 16. If you believe a child under 16 has created an account, email us and we will delete it.

10. Security

We encrypt data in transit (TLS) and at rest (Supabase-managed encryption). Passwords are hashed (never stored in plaintext). Access to production data is limited to Med Services Ltd staff on a need-to-know basis. No system is perfectly secure; if we become aware of a breach affecting your data we will notify you and the ICO as required by law.

11. Changes to this policy

If we make a material change we will notify you by email or in-app and require you to re-accept where legally necessary.

12. Contact

Med Services Ltd
52A Cherwell Street
Oxford, OX4 1BG
playwardrun@gmail.com