Privacy & Cookie Policy
Last Updated: October 2025
MGECS ("we", "us", or "our") is committed to protecting and respecting your privacy. This policy explains how we collect, use, and protect your personal data when you use the Vitals application and website.
For the purposes of the Data Protection Act 2018 and the UK General Data Protection Regulation (UK GDPR), the data controller is MGECS, based in the United Kingdom.
1. Information We Collect
We collect and process the following data about you:
- Identity Data: Includes your name and email address when you register for an account.
- Technical Data: Includes your IP address, browser type and version, time zone setting, and operating system.
- Usage Data: Information about how you use our application, including simulation sessions.
- Transaction Data: If you purchase a subscription, payment processing is handled securely by Stripe. We do not store or have access to your card details.
2. How We Use Your Information
We use your data to:
- Provide and maintain the Vitals service.
- Manage your account and subscription.
- Prevent fraud and abuse of our services (e.g., enforcing demo session limits).
- Respond to your enquiries and support requests.
We do not use your data for marketing purposes or sell your data to third parties.
3. Cookies and Local Storage
We use cookies and local storage technologies to ensure our website functions correctly. We do not use cookies for analytics or advertising tracking.
Essential Cookies & Storage
These are necessary for the website to function and cannot be switched off.
- Authentication: Used by Google Firebase to keep you logged in securely.
- Security: Used by Stripe to ensure secure payment transactions.
- Demo Limits (Local Storage): We store a timestamp of your recent demo sessions in your browser's local storage. This allows us to limit unregistered usage.
4. Third-Party Services
We use third-party service providers to help us run our application:
- Google Firebase: Provides hosting, authentication, and database services. Data may be processed on servers globally but is protected by standard contractual clauses.
- Stripe: Processes payments. Their privacy policy applies to payment data you provide directly to them.
5. Data Security & Retention
We have implemented appropriate security measures to prevent your personal data from being accidentally lost, used, or accessed in an unauthorised way. We retain your personal data only for as long as necessary to fulfill the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
6. Your Legal Rights
Under the UK GDPR, you have rights including:
- Access: Request a copy of the personal data we hold about you.
- Correction: Request correction of inaccurate data.
- Erasure: Request deletion of your personal data ("right to be forgotten").
- Restriction: Request restriction of processing your personal data.
To exercise any of these rights, please contact us at enquiries@mgecs.co.uk.
7. Contact Us
If you have any questions about this privacy policy or our privacy practices, please contact us at:
Email: enquiries@mgecs.co.uk