← Back to Doctor Devify Tools

Privacy Policy

Last updated: 1 April 2026

1. Data Controller

Doctor Devify Tools (including Foundation Ranker and Before You Rank) are operated by Doctor Devify Ltd ("we", "us", "our"), which acts as the data controller for the personal data collected through these services. You can contact us at hello@doctordevify.com.

2. Personal Data We Collect

The data we collect depends on which tool you use.

2.1 Foundation Ranker

We collect and store the following categories of data in our database (hosted on Supabase in the EU):

  • Account information: Your email address and name, provided at signup or received via Google OAuth.
  • Ranking preferences: The specialty and hospital preferences, priority settings, and feature selections you make when using the ranking tool.
  • Usage data: Information about how you use the service, including interaction patterns, device information (such as screen size), and referral source.
  • Payment data: Records of whether you have purchased Complete access. We do not store your card details; payment processing is handled entirely by Stripe.
  • Newsletter: If you opt in to "The Ward Round" by Doctor Devify (tips, tools and resources for foundation doctors), we store your email address for that purpose.

2.2 Before You Rank

Before You Rank does not require an account and does not collect any personal data. No login, no forms, and no user data is stored. The only third-party services that may process limited technical data are Google Analytics and Google Fonts (see sections 5 and 6).

3. How We Use Your Data

The following applies to data collected through Foundation Ranker:

  • Providing the service: Generating your personalised rotation rankings, saving your preferences, and managing your account.
  • Processing payments: Handling Complete upgrade purchases via Stripe and delivering your bonus ebook coupon.
  • Service improvement: Analysing usage data to understand how the service is used, identify issues, and make improvements.
  • Aggregated insights: We may use aggregated, non-identifying data to produce general insights about rotation popularity. These insights are derived from collective usage patterns and do not identify individuals.
  • Newsletter: If you opted in to "The Ward Round" by Doctor Devify, we will use your email address to send you tips, tools and resources for foundation doctors. You can unsubscribe at any time.

Both tools use Google Analytics 4 to understand general site usage patterns (page views, session duration). This data is not linked to individual user accounts.

4. Legal Basis for Processing

We process your personal data under the following legal bases (UK GDPR):

  • Contract: Processing necessary to provide you with the Foundation Ranker service you have signed up for, including generating rankings, saving preferences, and processing payments.
  • Legitimate interests: Collecting usage data to improve the services and generate aggregated insights. We have assessed that this processing does not override your rights, as the data is used to improve the products you are using and aggregated insights do not identify individuals.
  • Consent: Sending you "The Ward Round" newsletter, where you have opted in. You may withdraw consent at any time by unsubscribing.

5. Third-Party Services

We use the following third-party services that may process your data:

Supabase (Foundation Ranker only)

Provides authentication and database hosting (EU region). Stores your account details, preferences, and usage data. Supabase Privacy Policy

Stripe (Foundation Ranker only)

Processes one-time payments for Complete access. Handles all payment card data directly. PCI DSS compliant. Stripe Privacy Policy

Payhip (Foundation Ranker only)

Used to generate a coupon code for a free ebook upon Complete purchase. Your email is not shared with Payhip. Payhip Privacy Policy

Google Analytics 4 (both tools)

Used on both Foundation Ranker and Before You Rank to understand general site usage. Sets cookies to distinguish users and track session data. Google Privacy Policy

Google (both tools)

Provides OAuth sign-in on Foundation Ranker (we receive your name and email). Google Fonts is used on both tools and may collect limited technical data (such as IP address) when fonts are loaded. Google Privacy Policy

6. Cookies

Foundation Ranker uses essential cookies for authentication and payment processing, plus Google Analytics 4 cookies to understand how visitors use the site. Before You Rank uses Google Analytics 4 cookies only. Neither tool uses advertising or targeted tracking cookies. For full details, see our Cookie Policy.

7. Data Retention

We retain your personal data for as long as your Foundation Ranker account is active or as needed to provide the service. If you request deletion of your account, we will delete your personal data within 30 days, except where we are required to retain it for legal or regulatory reasons. Anonymous, aggregated data that cannot identify you may be retained indefinitely for analytical purposes.

Before You Rank does not store any personal data, so there is nothing to retain or delete.

8. Data Security

We take appropriate technical and organisational measures to protect your personal data. All data is transmitted over encrypted connections (HTTPS), authentication is managed through industry-standard providers, and our database is hosted in the EU via Supabase. However, no method of transmission over the internet is completely secure, and we cannot guarantee absolute security.

9. International Data Transfers

Our primary database is hosted in the EU via Supabase. Some third-party services (such as Stripe and Google) may process data outside the United Kingdom. Where this occurs, we ensure that appropriate safeguards are in place, such as standard contractual clauses or adequacy decisions, in compliance with UK data protection law.

10. Your Rights (UK GDPR)

Under the UK General Data Protection Regulation, you have the following rights regarding your personal data:

  • Right of access: Request a copy of the personal data we hold about you.
  • Right to rectification: Request correction of inaccurate or incomplete data.
  • Right to erasure: Request deletion of your personal data.
  • Right to restrict processing: Request that we limit how we use your data.
  • Right to data portability: Receive your data in a structured, machine-readable format.
  • Right to object: Object to processing based on legitimate interests.
  • Right to withdraw consent: Where processing is based on consent (e.g. the newsletter), you may withdraw it at any time.

To exercise any of these rights, contact us at hello@doctordevify.com. We will respond within one month. You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.

11. Changes to This Policy

We may update this Privacy Policy from time to time. Any changes will be posted on this page with an updated revision date. Where changes are significant, we will make reasonable efforts to notify you (for example, via email or an in-app notice).

12. Contact Us

If you have any questions about this Privacy Policy or how we handle your data, please contact us at:

Doctor Devify Ltd
Email: hello@doctordevify.com
Website: tools.doctordevify.com

© 2026 Doctor Devify Ltd. All rights reserved.