Privacy Policy

1. Introduction

Your privacy is important to us. This Privacy Policy explains how MGECS, acting as the data controller, collects, uses, stores, and protects your personal data when you use the Vitals simulation platform and application. We are committed to complying with applicable data protection laws, including the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

2. Data We Collect

We only collect data necessary to provide and improve the Service:

• Account Information: When you register, we collect your email address and name. You authentication credentials are secured and processed by Google.
• Simulation Data: We store the clinical scenarios you build, including custom patient parameters, saved phases, and active session states.
• Payment Information: Payment details are collected directly by our payment processor, Stripe. We only store your subscription status and tier level; we do not store your credit/debit card number or bank details.
• Usage Data: We collect anonymised telemetry regarding how you interact with the app (e.g., active session duration, feature usage) to optimise our real-time database performance and improve the user experience.

3. How We Use Your Data

Your data is used strictly for the following purposes:

• To authenticate your login and secure your account.
• To synchronise simulation data in real-time between your instructor controller and candidate monitors.
• To persist your authored scenarios and custom folders.
• To process payments and manage your subscription tier access.
• To enforce concurrent session limits associated with your tier.

4. Data Storage and Sub-Processors

To provide high-frequency, low-latency synchronisation, MGECS utilises Google Cloud Platform (specifically Firebase Authentication, Firestore, and Firebase Realtime Database) as our primary infrastructure provider. Data is encrypted in transit and at rest on Google's secure servers.

We also share necessary billing identifiers with Stripe to manage your subscription. We do not sell your personal data to advertisers or third-party data brokers.

5. Organisational Data Sharing

If your account is linked to an Organisational ID (e.g., a hospital or university trust), be aware that:

• Scenarios you actively save to "Organisational Folders" will be visible and editable by other members of your organisation.
• Organisation administrators may have visibility over your account status and usage as part of the organisational licence.

6. Cookies and Tracking

We use essential cookies and local storage mechanisms (such as JWT tokens) solely to maintain your active session, keep you logged in, and remember local UI preferences (e.g., Light/Dark mode). We do not use intrusive tracking or advertising cookies.

7. Your Data Rights & Retention

Under the UK GDPR, you have the right to access, rectify, or request the erasure of your personal data. You may delete your scenarios at any time via the scenario builder interface. Please note that Vitals does not offer an accessible free tier. If you cancel your subscription or if it lapses due to non-payment, your account and all associated data (including all saved scenarios) will be deleted immediately and permanently upon the conclusion of your final billing period. If you wish to permanently delete your account immediately, please contact our support team at enquiries@mgecs.co.uk.