Privacy Policy

Last updated: February 2026

1. Introduction

Welcome to Umbil ("we," "our," or "us"). We are committed to protecting your privacy and ensuring the security of your professional learning data. This policy outlines how we collect, use, and safeguard your information when you use our clinical workflow and learning platform.

By using Umbil, you agree to the collection and use of information in accordance with this policy. Our services are designed for UK-based healthcare professionals.

2. IMPORTANT: Patient Data Policy

Umbil is a learning and workflow tool, NOT a patient record system.

  • Do not upload real patient names, NHS numbers, or identifiable data.
  • We employ automated server-side filters to detect and redact potential personal identifiers before data is processed by our AI models.
  • User Responsibility: You are responsible for ensuring that any content you input into Umbil is appropriately anonymised and does not contain patient-identifiable information.

3. Data We Collect

  • Account Information: When you sign up, we collect your email address and authentication credentials (managed securely via Supabase).
  • Usage Data: We store the reflections, PDP goals, and clinical questions you generate to build your personal learning portfolio. This content is visible only to you unless you choose to export or share it.
  • Technical Data: We collect standard log information (IP address, browser type) for security monitoring and fraud prevention.

4. How We Use Your Data

We use your data solely to:

  • Provide and maintain the Umbil service.
  • Generate AI-driven reflections and clinical summaries requested by you.
  • Maintain your persistent CPD (Continuing Professional Development) logs.
  • Improve our algorithms and user experience.
  • AI Processing: User inputs may be processed by third-party AI providers (such as OpenAI or Anthropic) solely to generate responses, under strict contractual confidentiality obligations. We do not use your inputs to train public AI models.

5. Security & Storage

Your data is encrypted at rest and in transit. We partner with industry-leading infrastructure providers located in the UK/EU or operating under appropriate data protection safeguards:

  • Supabase: For authentication and database hosting (Enterprise-grade security).
  • Vercel: For secure application deployment.

6. Cookies

We use cookies to enhance your experience. You can manage your preferences via our Cookie Banner.

  • Essential Cookies: Required for login sessions and security (e.g., Supabase Auth). You cannot opt out of these.
  • Performance & Analytics: We may use anonymous analytics tools (such as Vercel Analytics) to understand how the platform is used. You can accept or reject these cookies at any time.

7. Data Retention

We retain your data for as long as your account remains active to provide your CPD history.

You may delete your account and all associated data instantly via the Settings page. Once deleted, this data cannot be recovered.

8. Your Rights (GDPR)

Under the UK Data Protection Act 2018, you have the right to:

  • Access: Request a copy of all data we hold about you.
  • Correction: Request correction of inaccurate personal data.
  • Deletion: Delete your account and all associated data.
  • Portability: Export your CPD logs and reflections for your appraisal.

9. Contact Us

If you have questions about this privacy policy, please contact us via the Feedback button in the navigation menu or email us at masteringmedicineltd@gmail.com.

← Back to Home