Privacy Policy

Last updated: 2026-05-19

1. Who We Are

NorMed (normed.app, "we", "us") is an educational health information reference tool serving UK adults aged 18+. We are the Data Controller for any personal data processed through this service. We organise publicly available NHS and ONS health information into a structured interactive reference. We are not a medical service and do not provide diagnosis, treatment, or medical advice.

2. Data We Collect

We collect the minimum data required to deliver our service:

  • Symptom inputs — age, gender, region, body areas, symptom details, duration, severity. Held in your browser's session storage and discarded when you close or refresh your browser. We do not retain a server-side copy.
  • Email address — only when you purchase a premium reference report. Collected by our payment processor (Polar) for the receipt.
  • Anonymised usage events — page views and interaction events, with no personally identifiable information attached. Used to improve the product.

3. Cookies and Tracking

We use minimal cookies and similar technologies:

  • Essential session-state cookies — required for the symptom intake tool to function. Expire at the end of your browser session.
  • Conversion tracking — Google Ads conversion tracking measures the effectiveness of our advertising when you arrive via an ad. You can opt out via your Google Ads settings or browser cookie controls.

We do not use third-party retargeting or behavioural advertising cookies.

4. Analytics

We use PostHog to understand how the product is used. PostHog is configured to collect anonymised, aggregated behavioural data only (e.g., page views, button clicks, funnel completion). No personally identifiable information is sent to PostHog, and we do not use this data to identify individual users.

5. Third-Party Service Providers

We do not sell or share your data for marketing. The following service providers process limited data necessary to deliver our service:

  • Polar (payment processor) — when you purchase a premium report, Polar processes your payment details and email for the receipt. Polar's privacy policy: polar.sh/legal/privacy.
  • Vercel (web hosting) — hosts our website. Standard web server logs (IP, user agent, request path) are retained short-term for security and reliability.
  • Google Ads — measures ad effectiveness via cookie-based conversion attribution when you arrive via one of our ads.
  • Skimlinks — rewrites some outbound links on our site into affiliate links. Skimlinks may set its own cookies when you click an outbound link. You can disable this in your browser cookie settings.
  • PostHog — anonymous product analytics (see Section 4).

Benchmark and condition information presented in the tool is sourced from publicly available NHS, ONS, and other public datasets.

6. International Data Transfers

Our hosting and some service providers are located outside the UK (primarily in the United States and the European Economic Area). Transfers are made under standard contractual safeguards used by these providers. Symptom inputs are never transmitted off your device beyond what is needed to display your educational reference; no symptom data is persisted server-side.

7. Your Rights Under UK GDPR

Because we hold minimal data, most rights are immediate. You can clear all session data by closing your browser. Under UK GDPR you have rights to:

  • access any data we hold about you
  • rectify inaccurate data
  • request erasure
  • restrict or object to processing
  • data portability

For paid purchases, payment records are retained by Polar in line with their privacy policy and applicable financial record-keeping requirements.

You also have the right to lodge a complaint with the UK Information Commissioner's Office (ICO) at ico.org.uk.

8. Children

NorMed is intended for UK adults aged 18 and over. We do not knowingly collect data from anyone under 18.

9. Changes to This Policy

We may update this policy from time to time. The "Last updated" date at the top reflects the most recent revision. Material changes will be communicated by updating the policy and (where you have provided an email) by notifying you at the next interaction.

10. Contact

If you have questions about this privacy policy or your data, please contact us at: support@normed.app.

NorMed is the data controller. For data protection matters, please use the email above.

← Back to NorMed