Privacy Policy

Last updated: 20 April 2026

PharmProfessionals Education & Training Specialists Ltd ("PPets", "we", "us", "our") is committed to protecting your personal data. This Privacy Policy explains how we collect, use, store, and share your information when you use the PPets Pharmacy Counter Training Simulation ("the Service").

We are the data controller for your personal data. Our contact details are:

• Email: ddicker@ppets.co.uk
• Company: PharmProfessionals Education & Training Specialists Ltd

1. What Data We Collect

Account Data

When you create an account, we collect:

• Email address
• Display name (if provided)
• Authentication method (email/password or Google sign-in)
• Account creation date

Payment Data

When you subscribe to PPets Pro, payment processing is handled entirely by Stripe. We do not store your full card number, CVV, or bank details on our servers. Stripe may share with us:

• Last four digits of your card
• Card brand (e.g. Visa, Mastercard)
• Billing email address
• Subscription status and plan type
• Payment dates and amounts

Stripe processes your payment data under their own privacy policy, available at stripe.com/privacy.

Usage Data

When you use the Service, we may collect:

• Scenarios completed and scores
• Learning Hub progress and quiz results
• Achievement badges earned
• XP, levels, and streak data
• Time spent in the application

This data is currently stored locally on your device using browser local storage. It is not transmitted to our servers unless you use the progress export feature.

Technical Data

We may automatically collect:

• IP address
• Browser type and version
• Device type (mobile or desktop)
• Operating system
• Pages visited and time spent

2. How We Use Your Data

We use your personal data for the following purposes:

• To create and manage your account
• To provide and maintain the Service
• To process subscription payments
• To send you important service updates (e.g. changes to terms, security notices)
• To respond to your enquiries and support requests
• To improve and develop the Service
• To comply with legal obligations

We will not send you marketing emails unless you have explicitly opted in. You can unsubscribe at any time.

3. Legal Basis for Processing

Under UK GDPR, we process your data on the following legal bases:

• Contract: Processing your account and payment data is necessary to provide the Service you have signed up for.
• Legitimate interests: Analysing usage patterns to improve the Service, provided this does not override your rights.
• Consent: Where you have given us specific consent, such as opting into marketing communications.
• Legal obligation: Where we are required to process data to comply with the law (e.g. financial records).

4. Data Sharing

We do not sell your personal data. We share your data only with the following third parties, and only as necessary to provide the Service:

• Firebase (Google): Authentication and hosting. Google processes data under their Data Processing Terms. See Firebase Privacy.
• Stripe: Payment processing. See Stripe Privacy Policy.
• Google Analytics: If enabled, anonymous usage statistics to help us understand how the Service is used. See Google Privacy Policy.

If your employer or organisation has purchased a team account, your administrator may have access to your progress data and reports.

5. Data Storage and Security

Your account data is stored securely using Firebase Authentication, which uses industry-standard encryption. Payment data is processed and stored by Stripe in PCI-DSS compliant systems.

Usage and progress data is stored locally on your device. We use HTTPS encryption for all data transmitted between your device and our servers.

While we take reasonable measures to protect your data, no method of transmission over the internet is completely secure. We cannot guarantee absolute security.

6. Data Retention

• Account data: Retained for as long as your account is active. If you delete your account, we will delete your data within 30 days, except where we are legally required to retain it.
• Payment records: Retained for 7 years as required by UK tax law.
• Usage data: Stored locally on your device. Cleared when you clear your browser data or delete your account.

7. Your Rights

Under UK GDPR, you have the following rights:

• Right of access: Request a copy of the personal data we hold about you.
• Right to rectification: Request correction of inaccurate or incomplete data.
• Right to erasure: Request deletion of your personal data ("right to be forgotten").
• Right to restrict processing: Request that we limit how we use your data.
• Right to data portability: Request your data in a structured, commonly used format.
• Right to object: Object to processing based on legitimate interests or for marketing purposes.
• Right to withdraw consent: Where processing is based on consent, you can withdraw it at any time.

To exercise any of these rights, email us at ddicker@ppets.co.uk. We will respond within one month.

8. Cookies

We use cookies and similar technologies. For full details, please see our Cookie Policy.

9. Children

The Service is designed for pharmacy professionals and is not intended for children under 16. We do not knowingly collect data from children under 16. If you believe a child has provided us with personal data, please contact us and we will delete it promptly.

10. International Transfers

Some of our third-party providers (Firebase, Stripe) may process data outside the UK. Where this happens, appropriate safeguards are in place, including Standard Contractual Clauses or adequacy decisions, to ensure your data receives equivalent protection.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by email or by posting a notice on the Service. The "last updated" date at the top of this page shows when the policy was last revised.

12. Complaints

If you are unhappy with how we have handled your data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):

• Website: ico.org.uk
• Helpline: 0303 123 1113

We would appreciate the chance to address your concerns before you contact the ICO, so please reach out to us first at ddicker@ppets.co.uk.