Staying safe online
Last updated: 10.10.25
Security at Medicspot
Your privacy and safety are essential to us. We apply appropriate technical and organisational measures under UK GDPR Article 32 to keep your personal data secure. This page outlines how we protect your information and how you can help keep your account secure. For full details about what data we collect and how we use it, see our Privacy Policy.
How we protect your data
We use encryption, role-based access controls, audit logs, and regular security reviews to keep your information safe and confidential.
- Access controls based on job role and least privilege
- Audit trails of data access
- Backups and disaster recovery procedures
Medical confidentiality
Clinical data are accessed only by authorised clinicians within The Independent Pharmacy (“TIP”) (ABSM Healthcare Ltd, GPhC 9011543) and limited Medicspot support staff where necessary to coordinate your programme. Both organisations act as independent data controllers and comply with the UK common-law duty of confidentiality and UK GDPR.
We never sell your data and share it only for your care, patient safety monitoring, or where required by law.
Payment security
Payments are processed securely by Stripe, a PCI DSS–compliant payment provider used by millions of businesses worldwide. Medicspot never sees or stores your full card details – they are encrypted and handled directly by Stripe.
Your account security
Help keep your account secure by following these steps:
- Use a strong, unique password that you don’t reuse on other websites – include upper and lower case letters, numbers, and symbols
- Enable two-factor authentication (2FA) where available
- Keep your phone, computer, and web browser updated so you have the latest security protections
- Be cautious when sharing personal details online (e.g. birthdays, addresses) that could be used to guess passwords
- Only use trusted, secure Wi-Fi networks for logging into your Medicspot account
- Never share your login details or allow others to access your account
- Always log out after using Medicspot on a shared or public device
If your device or account is lost, stolen, or you suspect unauthorised access, please change your password immediately and contact help@medicspot.co.uk so we can secure your account.
Phishing and suspicious messages
Scammers sometimes send fake messages pretending to be trusted companies. Always check links carefully before clicking — look for spelling mistakes or suspicious senders. If in doubt, don’t click and contact us directly.
If you receive a suspicious message claiming to be from Medicspot, forward it to help@medicspot.co.uk so we can investigate.
Official Medicspot communications will only come from verified domains ending in “@medicspot.co.uk” or our verified WhatsApp Business account. We will never ask you for payment or personal data via links to external sites.
Check the site is secure
When entering sensitive information online, make sure the website address begins with “https://” and look for the padlock icon in your browser bar.
Please note that a padlock or “https” indicates a secure connection but does not by itself confirm that the website is genuine; always verify you are on our official domain (www.medicspot.co.uk).
Reporting a security issue
If you spot a vulnerability or suspicious activity, report it to us with as much detail as possible so we can investigate promptly.
Please email security@medicspot.co.uk with the subject “Security Issue”. We aim to acknowledge reports within 72 hours.
If you are reporting a potential vulnerability, please follow responsible disclosure principles: do not exploit, modify, or publicly disclose the issue. Medicspot provides a safe-harbour policy to protect good-faith security researchers acting responsibly within defined scope.
Your rights and data retention
You can exercise your data rights and read more about how long we keep your data in our Privacy Policy.
Contact us
For security or privacy queries, email help@medicspot.co.uk with the subject “Data protection / Security”.