Donate
Donate
Privacy Policy

Effective date: November 13, 2025

This Privacy Policy describes how Sadler Studios Ltd ("Sadler Studios", "we", "us" or "our") collects, uses and shares personal information when you use our revision services, including the ReviseMD mobile application, our website (https://revisemd.uk), any other site or application that links to this notice, and when you engage with us via sales, marketing or events (collectively, the "Services"). This Privacy Policy is intended to be compliant with applicable laws, including the General Data Protection Regulation (GDPR), the UK GDPR, US state privacy laws, the Privacy Act 1988 (Australia), the Privacy Act 2020 (New Zealand), the Protection of Personal Information Act (POPIA) in South Africa and other relevant data-protection laws.

1. Who We Are

Sadler Studios Ltd is a company registered in England and Wales. We operate the ReviseMD medical revision apps and the revisemd.uk website. We are the controller of personal information described in this policy (unless otherwise stated). Our contact details appear in Section 13.

2. Information We Collect

2.1 Information You Provide

  • Contact details. If you contact us via email, web forms or sign up for newsletters, we may collect your name, email address and any other information you choose to provide. We use this information to respond to your queries, provide customer support and send you requested information.

  • Payment information. If you make a donation, the payment is processed by a third‑party payment provider (PayPal). We may receive a transaction ID and confirmation of payment, but we do not receive or store full payment card details. For details of how your payment information is processed, please refer to the PayPal privacy notice. When you purchase the ad-free upgrade as an in-app product, the payment is processed by Google Play (Google Play Billing), and we receive only a confirmation of purchase (such as a purchase token or order ID) and no full payment card details; your use of Google Play is governed by Google’s terms and privacy policy.

2.2 Information Collected Automatically in the App

ReviseMD does not require you to create an account and the core study features work offline. However, the app integrates advertising, analytics, crash reporting and remote configuration tools that may collect device and usage data automatically.

2.2.1 Advertising (ironSource LevelPlay and AdMob)

  • ironSource/LevelPlay. The ironSource/LevelPlay SDK collects identifiers such as your device’s advertising ID, IP address and unique identifiers for the app, along with general technical information (time zone, free memory, app version, battery status, operating system, language, mobile carrier and internet connection type). It may also record whether an ad was viewed or clicked and, if an ad leads to an install, actions performed in the advertiser’s app. ironSource uses this information to deliver ads, report to publishers and advertisers, optimise campaigns (for example, limiting the number of times you see the same advertisement), detect and prevent fraud and to run its ad marketplace. Personal data collected by ironSource is retained for up to six months from first storage or three months from the last appearance of the relevant identifier.

  • Google AdMob (Google Mobile Ads SDK). The Google Mobile Ads SDK automatically collects and shares the device’s IP address, user interaction data (app launch, taps and video views), diagnostic information (crash logs, app launch time, hang rate, energy usage) and identifiers such as the advertising ID and app set ID. This information is used for advertising, analytics and fraud prevention and is encrypted in transit. On Android, you can reset or disable the collection of the advertising ID via device settings.

Both ironSource/LevelPlay and AdMob may use the collected device identifiers and technical information to personalise ads (if you consent), measure ad performance and identify fraudulent activity. Please review the ironSource and Google privacy policies for further details.

2.2.2 Analytics

  • Firebase Analytics. We use Google Analytics for Firebase to understand how the app is used. Firebase Analytics automatically collects aggregated, non‑identifiable information such as device identifiers, app version, country and events representing user actions (for example, screen views or button presses). This data helps us analyse usage patterns, measure the effectiveness of features and improve the app. Data collected by Firebase Analytics is aggregated and does not personally identify you. Google processes this information as our processor and may use it to provide and improve the service.

2.2.3 Crash Reporting and Diagnostics

  • Firebase Crashlytics. Crashlytics collects crash stack traces, Crashlytics installation UUIDs, Firebase installation IDs, crash logs and technical data such as device model, OS version, memory/disk state, whether the device was rooted, CPU architecture and the timestamp of the crash. It may also collect minidump files for NDK (native) crashes. Crash data is used to detect, prioritise and fix stability issues and is not used for marketing. Crashlytics retains crash data and associated identifiers for 90 days before starting the removal process.

2.2.4 Remote Configuration

  • Firebase Remote Config. Remote Config uses Firebase installation IDs and device metadata (for example, country, language and app version) to decide which configuration values to send to your device. This allows us to change the app’s behaviour or appearance without forcing users to download an update. Data collected through Remote Config does not personally identify you and is retained until we delete the Firebase installation ID.

2.3 Information from Cookies and Similar Technologies on Our Website

Our website (revisemd.uk) uses cookies and similar technologies to provide necessary functionality, remember your preferences, analyse traffic and deliver personalised advertising. Some cookies are placed by third parties (for example, analytics providers and ad networks). You can manage cookie preferences via your browser settings and, where required by law, we will ask for your consent before storing non‑essential cookies. For further information regarding cookies please see the terms and conditions on the contact page.

3. How We Use Your Information

We use personal information only when there is a lawful basis under applicable law. Depending on how you interact with our Services, we may use your information for the following purposes:

  1. Provide and operate our Services. We use your information to deliver the ReviseMD app, operate our website, deliver ads in the app, enable remote configuration, process payments and provide customer support.

  2. Analyse and improve. We analyse usage patterns and crash reports to improve the quality, performance and features of our Services and to understand how they are used.

  3. Communicate with you. We use your contact information to respond to enquiries, provide updates about our Services and send marketing communications consistent with your preferences.

  4. Advertising and marketing. We use advertising identifiers and certain technical data to deliver personalised or contextual ads, measure ad performance and develop marketing campaigns. We rely on consent for personalised ads and legitimate interest for contextual ads.

  5. Security and fraud prevention. We process technical data to detect and prevent fraud, secure our Services and protect against malicious activity.

  6. Legal compliance. We process information to comply with our legal obligations, regulatory requirements or lawful requests from authorities.

  7. Vital interests and public safety. We may process data when necessary to protect an individual’s vital interests or the public interest, such as preventing harm or responding to emergencies.

4. Legal Bases (EU/UK Residents)

Under the GDPR/UK GDPR, we must have a lawful basis for processing personal information. Our legal bases include:

  • Consent. We process certain information (for example, advertising identifiers for personalised ads, marketing communications) with your consent. You may withdraw consent at any time.

  • Performance of a contract. When you request Services (such as purchasing an app subscription) we process your personal data as necessary to fulfil our contractual obligations.

  • Legitimate interests. We process information for our legitimate business interests, such as analysing usage, improving our Services, delivering contextual advertising and ensuring security. We balance these interests against your rights and expectations.

  • Legal obligations. We may process your information to comply with legal obligations, such as tax or accounting requirements.

  • Vital interests. We may process information to protect your vital interests or those of another person.

5. How We Share Information

We do not sell your personal information for money. We share information only as described below and only when necessary:

  1. Service providers and processors. We engage third‑party vendors to perform services on our behalf, such as website hosting, analytics providers (Firebase Analytics), crash reporting (Crashlytics), remote configuration (Remote Config), advertising networks (ironSource/LevelPlay, Google AdMob) and payment processors (PayPal). These providers process data under our instructions and are contractually required to protect your information.

  2. Advertising partners. To serve advertisements, we may share advertising identifiers and related technical data with ad networks and bidders participating in the ironSource/LevelPlay marketplace. We also share data with Google AdMob to deliver, measure and personalise ads.

  3. Business transfers. We may share or transfer data if we undergo a business transition, such as a merger, acquisition or asset sale, provided that the receiving party agrees to honour this policy.

  4. Legal and regulatory authorities. We may disclose data if required by law, to respond to legal process, to enforce our agreements or to protect the rights and safety of Sadler Studios, our users or others.

  5. Aggregate or de‑identified data. We may share aggregate or anonymised data that cannot reasonably be used to identify you.

We do not have direct control over how third‑party ad networks or analytics providers use the data they receive. Please refer to their privacy policies (for example, ironSource’s privacy policy and Google’s privacy policy) for more information.

6. Data Retention

We retain personal information for as long as necessary for the purposes described in this policy, unless a longer period is required by law. For example, ironSource retains advertising data for up to six months or three months after the last appearance of the identifier, Crashlytics retains crash data for 90 days, and Remote Config and Performance Monitoring retain installation IDs until they are deleted. When we have no ongoing lawful basis to process your data, we will delete or anonymise it. If deletion is not possible (for example, because data is stored in backup archives), we will securely store your data and isolate it from further processing until deletion is possible.

7. Data Security

We implement appropriate technical and organisational measures designed to protect personal information. These include encryption in transit (for example, the Google Mobile Ads SDK encrypts data using TLS), access controls and regular reviews of our practices. However, no electronic transmission or storage is completely secure. While we strive to protect your information, we cannot guarantee absolute security. You are responsible for ensuring that you use our Services in a secure environment.

8. Children

We do not knowingly collect, use, sell or share personal information from children. If we learn that a child has provided us with personal information, we will take steps to delete such data, may disable the associated account and will not use the information for any commercial purpose. Parents or guardians who become aware of data collected from a child should contact us (see Section 13) so that we can delete the data.

9. Your Rights and Choices

Your rights may vary depending on your location. We will honour the rights provided under applicable law.

9.1 European Economic Area, United Kingdom and Switzerland

If you are located in the EEA, UK or Switzerland, you have the right to:

  • Access. Request access to your personal information.

  • Rectification. Request correction of inaccurate or incomplete personal information.

  • Erasure. Request deletion of your personal information (the “right to be forgotten”).

  • Restriction. Request that we restrict processing of your data under certain circumstances.

  • Object. Object to processing based on legitimate interests or direct marketing.

  • Portability. Request a copy of your data in a structured, commonly used format.

  • Withdraw consent. Withdraw any consent you previously provided at any time (this does not affect the lawfulness of processing before withdrawal).

  • Lodge a complaint. Contact your local data protection authority if you believe our processing is unlawful.

To exercise these rights, please contact us (see Section 13). We may request additional information to verify your identity before fulfilling your request.

9.2 United States

Residents of certain US states (including California, Colorado, Connecticut, Delaware, Florida, Indiana, Iowa, Kentucky, Maryland, Minnesota, Montana, Nebraska, New Hampshire, New Jersey, Oregon, Rhode Island, Tennessee, Texas, Utah and Virginia) have rights regarding their personal data. These may include the right to:

  • Know whether we process your personal data and obtain details about how it is processed;

  • Access or obtain a copy of your personal data;

  • Correct inaccuracies in your personal data;

  • Request deletion of your personal data;

  • Opt out of targeted advertising, the sale of personal data or profiling that has legal or similarly significant effects;

  • Non‑discrimination for exercising your privacy rights.

To exercise these rights, you may contact us via the methods listed in Section 13 or by visiting the preferences link in the app or our website. We will respond as required by law. You may also designate an authorised agent to make a request on your behalf; we may require proof of authorisation.

9.3 Other Regions (Canada, Australia, New Zealand, South Africa and beyond)

Depending on your jurisdiction, you may have additional rights, such as the right to request access to or correction of personal information, to object to processing, or to complain to a regulatory authority. Please consult your local laws and contact us to exercise your rights.

10. Do‑Not‑Track and Global Privacy Control

Some browsers offer "Do Not Track" (DNT) signals or Global Privacy Control (GPC) signals. There is no industry standard for recognising or honouring these signals. Therefore, we do not currently respond to DNT signals. Where supported by our consent tools and required by law, we will honour Global Privacy Control (GPC) signals. You can opt out of personalised ads by adjusting your device settings (see Section 2.2.1) or using the cookie preferences tools on our website.

11. International Data Transfers

Sadler Studios is based in the United Kingdom. Many of our service providers (including Google LLC and ironSource) are located in countries outside your own. When we transfer personal data outside of the UK/EEA, we rely on lawful transfer mechanisms such as adequacy decisions (Israel is considered to provide adequate protection), Standard Contractual Clauses or other approved safeguards.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal obligations. The "Effective date" at the top of this policy indicates when it was last revised. If we make material changes, we may notify you by posting a notice on our website or within our app or by sending you a direct notification. We encourage you to review this policy periodically.

13. Contact Us

If you have any questions or concerns about this Privacy Policy or our data‑handling practices, please contact us:

Email: contact@sadlerstudios.uk
Post: Sadler Studios Ltd, 167‑169 Great Portland Street, 5th Floor, London W1W 5PF, United Kingdom

You may also contact our representative:
Matthew Sadler (Data Protection Representative)
Email: contact@sadlerstudios.uk
Address: 167‑169 Great Portland Street, 5th Floor, London W1W 5PF, England

14. How to Review, Update or Delete Your Data

To exercise your rights regarding personal data, please visit https://revisemd.uk/contact or email us at contact@sadlerstudios.uk. We will respond to requests as required by applicable law. Please note that we may not have access to data collected by third‑party processors (for example, ironSource or Google). In those cases, you may need to contact the third‑party provider directly.

Contact

Get in touch for inquiries and support.

feedback@revisemd.uk

© 2025. All rights reserved.

Privacy Policy