PharmospherePharmosphere
← Home

Privacy policy

Last updated 15 June 2026

Draft — pending professional review

This is a plain-English first draft to describe our actual practices. It should be reviewed by a solicitor before launch.

1. Who we are

Pharmosphere (“we”, “us”) provides tools, data and community for UK pharmacists. We are the data controller for the personal data described here. Contact: privacy@pharmosphere.co.uk (live once our domain is set up).

2. What we collect

  • Account: email address, your name, and your GPhC registration number.
  • Your records: shifts you log (pharmacy, date, rate, hours, mileage, notes), invoices and payment status, and saved pharmacy contacts.
  • Community: posts you choose to publish.
  • Technical: strictly-necessary cookies to keep you signed in, and standard server logs.

3. How we use it, and our lawful bases

  • To provide the service (accounts, shifts, invoices, community) — contract.
  • To verify your GPhC registration for trust features — legitimate interests.
  • To keep the platform secure and working — legitimate interests.

4. The anonymised pay benchmark

When you log a shift, the hourly rate may be added to an anonymised dataset to help build fair-pay transparency. These records carry no link to you — only the pharmacy, region, rate and month — and figures are only ever shown as aggregates once enough pharmacists have reported. The lawful basis is legitimate interests, and because the data is genuinely anonymised it falls outside data-protection law. You can turn this off any time in Settings.

5. Who we share data with

We never sell your data, and we never hold or move money between pharmacies and pharmacists. We use trusted processors to run the service:

  • Supabase — database & authentication (data hosted in London, UK).
  • Vercel — application hosting.
  • Resend — sending sign-in and account emails.

6. International transfers

Your data is stored in the UK. Some processors are US-based; where data is transferred outside the UK we rely on the UK International Data Transfer Agreement / Addendum and appropriate safeguards.

7. Retention

We keep your account data while your account is active. If you delete your account, your personal data and records are removed. Anonymised rate data is not personal data and is retained for the benchmark.

8. Your rights

You have the right to access, correct, delete, restrict or object to our use of your data, and to data portability. You can delete your account and data from Settings, or contact us. You can also complain to the UK Information Commissioner’s Office (ico.org.uk).

9. Cookies

We only use strictly-necessary cookies to keep you signed in. We do not use advertising or tracking cookies.

10. Open data

Pharmacy statistics use NHSBSA and NHS Digital data, and location data from postcodes.io / Office for National Statistics, all under the Open Government Licence v3.0. Contains public sector information licensed under the Open Government Licence v3.0.

11. Changes

We’ll update this policy as the service evolves and note the date above. See also our Terms of Service.