Privacy Policy

1. Who We Are

ScaleMedTech is operated by Navix Medical. We are the data controller for personal data processed through the ScaleMedTech platform. If you have questions about this policy, contact us at privacy@scalemedtech.com.

2. Data We Collect

We collect data in two categories:

Account data — name, business email address, company name, and role, provided when your account is created by your organisation or by us.

Usage data — pages visited, features used, search queries submitted within the Platform, and browser/device information collected automatically via server logs and analytics.

Intelligence data — the Platform processes publicly available professional information about healthcare professionals, executives, and organisations (KOLs, distributors, regulatory contacts) to build its intelligence outputs. This data is sourced from public registries, publications, conference records, and regulatory filings.

3. How We Use Your Data

We use personal data to: provide and maintain the Platform; manage your account and subscription; send service-related communications; improve Platform features and data quality; and comply with legal obligations. We do not use your data to train third-party AI models, nor do we sell your data to third parties.

4. Legal Basis for Processing

We process your data on the following legal bases under UK GDPR and EU GDPR: performance of a contract (to deliver the Platform services you or your organisation has contracted); legitimate interests (for usage analytics and service improvement); and legal obligation (where required by law). For intelligence data about third parties, we rely on legitimate interests, given the professional and public-record nature of that data.

5. Data Sharing

We share data only with: infrastructure and cloud service providers necessary to operate the Platform (processors acting on our behalf under data processing agreements); professional advisers under confidentiality obligations; and regulatory authorities where required by law. We do not share your personal data with third-party advertisers or data brokers.

6. Data Retention

Account data is retained for the duration of your subscription and for up to 24 months thereafter for contractual and audit purposes. Usage logs are retained for 12 months. Intelligence data is retained and refreshed on a rolling basis as part of the Platform’s live data layer. You may request deletion of your account data at any time (see Section 8).

7. International Transfers

Our infrastructure is operated within the UK and EU. Where data is transferred outside these regions, we rely on adequacy decisions or Standard Contractual Clauses to ensure equivalent protection.

8. Your Rights

Subject to applicable law, you have the right to: access the personal data we hold about you; request correction of inaccurate data; request erasure where we have no legitimate basis to retain it; object to or restrict certain processing; and request a portable copy of your data. To exercise any of these rights, contact privacy@scalemedtech.com. We will respond within 30 days.

9. Cookies

The Platform uses essential session cookies required for authentication and to maintain your logged-in state. We do not use advertising or cross-site tracking cookies. You can configure your browser to refuse cookies, but this will prevent you from logging in to the Platform.

10. Security

We implement technical and organisational measures appropriate to the risk, including encryption in transit (TLS), access controls, and row-level security at the database layer. No system is entirely secure; please report any suspected security issues to security@scalemedtech.com.

11. Changes to This Policy

We may update this Privacy Policy periodically. We will notify contracted subscribers of material changes via email. The date of the most recent revision appears at the bottom of this page.

Last updated: April 2026