Surgical Minds Logo

Privacy Policy

Effective date: 1 July 2024

This Privacy Policy explains how Surgical Minds (operated by Sorena Afshar) (Surgical Minds, we, us) collects, uses, shares and protects personal data when you use our website at surgicalminds.com, any sub-domains, and any related mobile or desktop applications (together, the Service). It also explains your privacy rights under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

Our Service is designed for healthcare professionals and students. It is for educational use only and is not for patient care or the submission of patient information.

1) Who we are (data controller)

  • Controller: Surgical Minds (operated by Sorena Afshar)
  • Email: admin@surgicalminds.com
  • Postal: 32a Front Street, Winlaton, Blaydon-On-Tyne, NE21 6DD, United Kingdom

If we appoint an EU representative for GDPR Article 27 purposes, we will publish their details here.

2) Scope and eligibility

This Policy applies to visitors and registered users aged 18+ who access the Service. Do not use the Service if you are under 18.

3) Personal data we collect

  • Account & profile data: name, email address, password (hashed), role/specialty, institution (optional).
  • Purchase & billing data: plan purchased, transaction identifiers, billing address, VAT/tax information (processed by our payment providers; we do not store full card numbers).
  • Learning activity: questions attempted, model answers shown, your text/audio submissions, transcripts, scores/feedback, timestamps and session metadata.
  • Support & communications: messages you send to us (email, web forms), survey responses, referral information.
  • Technical/usage data: IP address, device identifiers, browser type/version, operating system, pages viewed, session duration, crash/diagnostic logs and similar telemetry.
  • Cookies/SDKs: identifiers and preferences used for essential functions, analytics, performance and (where permitted) marketing. See our Cookies Policy for details and controls.

4) Special category data and prohibited content

Do not submit personal data about patients or other third parties, and do not include special category data about yourself (e.g., health data) in free-text answers or uploads. We do not intentionally collect such data; if we become aware of it, we will delete it where feasible.

5) How we use personal data (purposes and lawful bases)

Provide and administer the Service (account creation, access management, content delivery, assessments and certificates).

Lawful basis: Contract.

Process payments, prevent fraud and keep accounting records.

Lawful basis: Contract; Legal obligation; Legitimate interests (fraud prevention).

Deliver AI-assisted features (speech recognition, transcripts, automated feedback and scoring) and personalise your learning experience.

Lawful basis: Contract; Legitimate interests (service functionality and quality).

Provide user support and communicate service updates.

Lawful basis: Contract; Legitimate interests (customer service).

Improve the Service, content quality, safety and performance (including analytics, A/B testing and model evaluation using pseudonymised or aggregated data where possible).

Lawful basis: Legitimate interests (product improvement and security).

Marketing communications (news, features, offers).

Lawful basis: Consent (for new subscribers) or soft opt-in under PECR for existing customers purchasing similar products; you can opt out at any time.

Legal compliance and enforcement of our Terms.

Lawful basis: Legal obligation; Legitimate interests.

Where we rely on legitimate interests, we balance our interests against your rights and expectations; details of this assessment are available on request.

You may withdraw consent for marketing at any time via unsubscribe links or by emailing admin@surgicalminds.com.

6) AI processing and profiling

We use automated tools to transcribe your answers (speech-to-text) and to generate formative feedback by comparing your responses with model answers. This may be considered profiling, but it is used only to provide educational feedback and does not produce legal or similarly significant effects about you.

You may request to disable AI features (some functionality will be limited). Where we use external AI vendors, we apply contractual and technical safeguards and, where possible, prevent use of your data to train their general models.

7) Sharing your data

We do not sell personal data. We share data only as necessary for the purposes above:

  • Payment processors (e.g., card processors, PayPal) for purchases and refunds.
  • Cloud hosting, storage/CDN, email and communications providers.
  • Analytics and error-monitoring tools to understand usage and improve stability.
  • AI service providers for speech-to-text, text analysis and text-to-speech.
  • Customer support platforms.
  • Institutional or team administrators where your access is provided by an organisation (licence management and necessary usage information).
  • Professional advisers, insurers and authorities where required by law or to protect rights, security and safety.

We require processors to protect personal data and to act only on our instructions. A current list of processor categories is available on request at admin@surgicalminds.com.

8) International transfers

Your data may be processed outside the UK, including in the EEA and the United States. Where we transfer data internationally, we rely on lawful safeguards such as UK adequacy regulations, the UK International Data Transfer Agreement (IDTA) and/or the UK Addendum to the EU Standard Contractual Clauses, together with appropriate technical and organisational measures.

9) Data retention

We keep personal data only as long as necessary for the purposes set out above:

  • Account data: for your active account, then typically up to 24 months after closure, unless we need to retain for legal claims or requests.
  • Learning submissions (text/audio/transcripts, scores/feedback): typically up to 24 months from creation to support progress tracking and product improvement, unless you delete them sooner within your account (where available) or request deletion.
  • Transaction records and invoices: 6 years from the end of the financial year (tax and accounting).
  • Customer support records: up to 24 months after resolution.
  • Logs and analytics data: typically 12–24 months.

We may retain minimal information to respect opt-out requests and to meet legal obligations.

10) Security

We implement appropriate technical and organisational measures to protect personal data, including encryption in transit, access controls, audit logging, regular backups and vendor due diligence. No system is perfectly secure; you are responsible for keeping your password confidential and using up-to-date devices and software.

11) Your rights

Under UK GDPR you may have the rights to:

  • Access your personal data and receive a copy.
  • Rectify inaccurate or incomplete data.
  • Erase your data in certain circumstances.
  • Restrict or object to certain processing, including direct marketing.
  • Data portability where processing is based on consent or contract and carried out by automated means.
  • Not be subject to decisions based solely on automated processing that have legal or similarly significant effects.

To exercise these rights, contact admin@surgicalminds.com. We may need to verify your identity. We aim to respond within one month.

If we rely on consent, you can withdraw it at any time. Withdrawing consent does not affect processing carried out before withdrawal.

12) Cookies and similar technologies

We use cookies and similar technologies for essential site functions, analytics, performance and (where permitted) marketing. For details of specific cookies, retention periods and how to manage preferences, please see our Cookies Policy. You can manage non-essential cookies via our cookie banner and most browsers.

13) Children

The Service is for users aged 18 and over. We do not knowingly collect personal data from children. If you believe a child has provided personal data, contact us and we will take appropriate steps to delete it.

14) Third-party websites and apps

The Service may link to third-party websites, app stores and embedded players. We are not responsible for their privacy practices. Review their policies before providing personal data.

15) Changes to this Policy

We may update this Policy from time to time to reflect legal, technical or business changes. If changes are material, we will provide notice (for example, by email or within the Service). The updated Policy applies from the effective date stated at the top.

16) Questions, concerns and complaints

If you have questions about this Policy or how we handle your data, contact admin@surgicalminds.com.

You also have the right to lodge a complaint with the UK Information Commissioner's Office (ICO): ico.org.uk | 0303 123 1113 | Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF.

Last updated: 1 August 2025

© 2025 Surgical Minds. All rights reserved.

Privacy Policy|Cookie Policy|Terms of Use