Privacy policy

Email content you send us. If you email our editorial inbox, we process the email address you sent it from and the content of your message so we can reply, log a correction and keep an audit trail.

Approximate location, only if you grant it. If you tap ‘Use my location’ on the home page or /near-me, your browser asks for permission. If you grant it, we use the latitude/longitude one time to rank the nearest A&E departments. We do not store it on our servers.

Postcodes you type. If you type a UK postcode into a search box, we send it to the public postcodes.io API to convert it into an approximate centroid. We do not log the postcode against you.

Standard server logs. Our hosting provider (Vercel) keeps short-lived request logs containing IP address, user-agent, requested URL and timestamp, used solely for security, abuse prevention and operational debugging. Retention is short (see §09).

Anonymous analytics events. We measure aggregate page-view counts and Core Web Vitals to keep the site fast. The analytics product we use does not set persistent cookies and does not build a profile of you (see §06).

No accounts. There is no sign-up. We do not collect names, passwords or profile information.

No advertising trackers. We run no third-party advertising and embed no advertising trackers.

No social-media tracking pixels. We do not embed Facebook Pixel, X/Twitter pixel, LinkedIn Insight Tag or any equivalent.

No health information about you. We do not ask you to tell us about a condition, symptom, hospital visit or anything else clinical — and we discard anything sensitive that arrives by email after dealing with the enquiry.

Consent (Article 6(1)(a)). When you grant browser geolocation, you have actively consented to a one-off use of your approximate location.

Legitimate interests (Article 6(1)(f)). Server logs and aggregate analytics are processed to keep the site secure, fast and online. We have weighed our interest against your privacy rights and consider the impact minimal.

Performance of editorial duty (Article 6(1)(f)). If you email us, we process your message to reply, investigate corrections and keep an audit trail of what was changed and why.

Hosting — Vercel Inc. (USA). Serves the website and stores short-lived request logs. Vercel is certified under the EU-US Data Privacy Framework and the UK extension.

Postcode lookup — postcodes.io. Used to translate UK postcodes into approximate coordinates. Data stays in the UK.

NHS publications & trust dashboards. We fetch wait-time data from public NHS publications and named trust dashboards. Those endpoints do not see any of your data — only ours.

Email — the editor’s inbox provider. Emails you send to us are processed by the editor’s mail provider for delivery and storage of replies. UK GDPR rights still apply to those messages.

Server request logs. Retained for up to 30 days, then automatically deleted.

Aggregate analytics. Stored indefinitely in fully anonymised, aggregate form (no individual identifier).

Email correspondence. Kept for as long as needed to action the enquiry and for an additional 24 months as an audit trail of corrections, then deleted.

Approximate geolocation & postcode lookups. Used in-browser only and not stored on our servers.

Be informed. About what data we process and why — that is what this page is for.

Access. Request a copy of any personal data we hold about you.

Rectify. Correct inaccurate personal data.

Erase. Ask us to delete personal data, where we have no overriding lawful reason to keep it.

Restrict processing. Limit how we use personal data while a query is being resolved.

Object. Object to processing based on our legitimate interests.

Data portability. Receive personal data in a structured, machine-readable format.

Withdraw consent. Where we rely on consent, you can withdraw it at any time.