GinsengLabs
GinsengLabs
Legal · 02

Privacy Policy.

Effective 26 May 2026 Version 1.1 UK GDPR · England & Wales

We collect as little as we can get away with. This page tells you exactly what data we touch, why, who sees it, and how to get a copy or delete it.

01 Who we are

The data controller for personal data processed through GinsengLabs products (currently the Symptoms iOS app) and the website at ginsenglabs.dev is:

We have not formally designated a Data Protection Officer under Article 37 UK GDPR — our processing does not meet the triggers in that Article. For all privacy matters — including data-subject requests, complaints, and questions about this policy — please use the dedicated mailbox privacy@ginsenglabs.dev. It is monitored by a named member of our team and we aim to acknowledge requests within five working days.

02 What this policy covers

This policy applies to personal data collected through GinsengLabs products and services, currently:

  • this website (ginsenglabs.dev);
  • the Symptoms iOS application (the “App”); and
  • any direct correspondence you have with us (email, support, press).

We'll update this policy when we publish additional products.

It does not apply to third-party services we link to (such as the App Store) or to clinical workflows of any employer or institution you use the App in connection with.

The data categories described below correspond to the App Privacy label shown on our App Store listing. If you spot a discrepancy between this policy and what Apple displays, please tell us at privacy@ginsenglabs.dev — both should match.

03 Data we collect

We are deliberately minimal with data collection. Here's the complete list:

Email address
In the App: provided automatically by Apple (Sign in with Apple, including Apple's private-relay address if you choose to hide your email) or Google (Sign in with Google) when you create your account, and stored alongside your other account data in our Firebase-hosted database.

On the website: if you join the Symptoms waitlist or the GinsengLabs newsletter via a signup form, your email is stored in our subscriber list (Cloudflare D1) alongside which list you joined, the page URL you signed up from, and the country your request came from (derived from the network connection — the IP address itself is not stored in the subscriber list, though see the IP-address row below for short-lived security logging).
Name
Provided by Apple or Google when you first sign in to the App. With Sign in with Apple you can choose to share or hide your name; we only store what you choose to share. Used to personalise your in-app experience and address you in any correspondence.
IP address
May be processed by our infrastructure (Cloudflare for the website, and our App's backend) to deliver responses, apply rate limits, and detect and mitigate abuse including DDoS attacks. Held only in short-lived security logs and then deleted; never used for advertising or product analytics.
Bot-protection signals
When you submit a signup form on this website, Cloudflare Turnstile runs a brief background bot-check. Cloudflare may process network and browser signals from your request to score the likelihood you're a human; this happens on Cloudflare's infrastructure and we receive only a pass/fail token. No raw signals are stored by us.
Speciality
Self-declared from a drop-down list (e.g. “Internal Medicine”, “Medical Student”). Optional. This is a content-preference setting used to surface puzzles of professional interest. It identifies your occupational interest, not your health — we do not treat it as data concerning health under Article 9 UK GDPR, and we do not infer anything about your own medical conditions or treatment from it.
Game play data
Cases played, guesses submitted, current and longest streak, win rate, distribution. Stored on-device and synced to our Firebase-hosted database as part of your account.
Device & technical data
iOS version, device model, app version, locale, time zone, anonymous installation ID. Used to debug crashes and understand which devices we need to support.
Crash logs
If the app crashes, a stack trace and the immediately preceding actions are sent to Google Firebase Crashlytics. We do not include any of your case answers in these logs.
Advertising identifier (IDFA)
Only if you allow tracking via the iOS App Tracking Transparency prompt. Shared with Google AdMob to deliver personalised clinical ads.
Product analytics
Anonymous event data (e.g. “onboarding completed”, “case won in 4”) sent to Amplitude. We use a randomly-generated install ID; this is not linked to your email address.
Payment data
None. All payments are handled by Apple via the App Store. We see only whether your subscription is active, never your card details.
What we never collect: we do not collect your real address, phone number, health records, location (GPS), contacts, photos, microphone, fitness data, biometric data, prescription history, diagnoses, symptoms about you, or any identifiers from clinical systems (NHS number; GMC number unless you explicitly enter it in support correspondence).
Symptoms is a puzzle game. Case content is fictional. We do not collect, infer, or track your own health status. Game-play data tells us which puzzles you've played and your score — it does not tell us anything about your own medical conditions, treatments, or healthcare. If you are a Washington (US) resident, we do not collect "consumer health data" as defined by the Washington My Health My Data Act (RCW chapter 19.373).

04 Why we collect it

Each piece of data has a specific job:

  • Provide the Service — store your progress, sync across your devices, give you stats and streaks.
  • Improve the Service — understand which cases are too easy or hard, which features get used, where users drop off.
  • Customer support — respond to your questions and resolve bugs.
  • Show advertising — fund the free tier of the App with relevant clinical ads.
  • Security & fraud prevention — detect abuse, bot activity, or attempts to circumvent paywalls.
  • Legal compliance — comply with our obligations under UK law, including responding to lawful requests from authorities.

05 Lawful bases (UK GDPR)

We rely on the following lawful bases under Article 6 of the UK GDPR:

  • Contract (Art. 6(1)(b)) — to deliver the Service you've signed up for, including processing your subscription via Apple.
  • Legitimate interests (Art. 6(1)(f)) — for security, fraud prevention, anonymous analytics, and serving non-personalised ads. We have weighed these interests against your rights and concluded that the processing is proportionate.
  • Consent (Art. 6(1)(a)) — for advertising and for marketing emails. For advertising, consent is captured through our own in-app consent screen (see section 6) before any advertising SDK is loaded; we record the choice with a timestamp and the version of the consent prompt. For marketing emails, consent is captured at the point of sign-up and recorded the same way. You can withdraw consent at any time without affecting the lawfulness of processing carried out before withdrawal.
  • Legal obligation (Art. 6(1)(c)) — where we are required by law to retain or disclose data.

06 Tracking & advertising

Advertising in Symptoms is opt-in. Two separate consent steps apply to free-tier users. Paid-tier users (£0.49/month ad-free, £4.99/year ad-free, or any Symptoms+ subscription) see no advertising and skip both steps; no advertising SDK is loaded on their device at all.

Step 1 — Our own consent screen (UK GDPR / EU GDPR / PECR)

Before the AdMob advertising SDK is loaded on your device, we show you a consent screen of our own design with Accept and Reject buttons of equal visual prominence. This screen exists because UK and EU law (UK GDPR Articles 4(11), 6(1)(a), and 7; the Privacy and Electronic Communications (EC Directive) Regulations 2003 regulation 6; and the Court of Justice's judgment in Planet49 GmbH Case C-673/17) require us to obtain your freely-given, informed, specific, and unambiguous consent before any third-party SDK accesses your device or sets identifiers — whether or not those identifiers are personally identifying. If you reject, we do not load AdMob at all and you will not see any advertising for that session; the App remains fully functional. We record your choice with a timestamp and the version of the consent prompt.

Step 2 — Apple's App Tracking Transparency (ATT) prompt

If you accepted advertising at Step 1, iOS then shows Apple's standard App Tracking Transparency prompt. ATT is a separate, system-level confirmation specific to your iOS Advertising Identifier (IDFA).

  • If you allow tracking at the ATT prompt, your IDFA is shared with Google AdMob to deliver personalised ads.
  • If you don't allow tracking at the ATT prompt, no IDFA is shared — iOS returns a zeroed value — and you will see non-personalised, contextual ads instead.

Changing your mind

You can change your Step 1 choice at any time in Symptoms → Settings → Privacy. You can change your ATT choice at any time in iOS Settings → Privacy & Security → Tracking. Rejecting at either step stops the corresponding flow immediately.

Ad partners

Our only advertising partner is Google AdMob. AdMob's processing of your data is governed by Google's Privacy Policy. We do not work with Meta Audience Network or any other ad network at this time. Where you have given Step 1 consent, our integration uses Google Consent Mode v2 to communicate your choice to AdMob.

07 Who we share data with

We share data only with the small number of service providers we need to run the App, and only what they need to do their job:

Cloudflare
Provides the infrastructure for this website (Cloudflare Workers + static assets), stores your subscriber data when you sign up to the newsletter or waitlist (Cloudflare D1), and runs the bot-check on signup forms (Cloudflare Turnstile). Their privacy policy at cloudflare.com/privacypolicy.
Apple
App distribution, payments, subscription management, and Sign in with Apple. Receives whatever the App Store handles directly (your Apple ID purchase record), and passes us the email and (if you choose to share it) name associated with your Apple ID when you sign in.
Google (Sign in)
Provides Sign in with Google for App authentication. We receive the name and email address associated with your Google account when you sign in.
RevenueCat
Subscription management and entitlement validation across Apple's billing system. Receives an anonymous user ID generated by the App and Apple's purchase receipt; never your payment-card details. Their privacy policy at revenuecat.com/privacy.
Google Firebase
Hosts the App's database — your account record (email, name, subscription state) and your synced game-play data. Also receives crash reports via Firebase Crashlytics (stack trace, device model, OS version, app version, anonymous install ID).
Google AdMob
Advertising identifier (IDFA, only if you allow tracking), device data, ad interaction data.
Amplitude
Anonymous product-analytics events keyed to a random install ID. Not linked to your email.
Resend
Transactional and marketing email delivery (newsletter, waitlist, account-related notifications). Receives your email address and the message content. Their privacy policy at resend.com/legal/privacy-policy. Direct correspondence (replies to your emails) is sent from our regular mailbox and does not pass through Resend.

We do not sell your personal data to anyone. We do not share data with brokers, employers, insurers, regulators (except where compelled by law), or any third-party clinical-data systems.

We may disclose data if required to do so by law, a valid court order, or to protect the rights, property, or safety of GinsengLabs LTD, our users, or others.

08 International transfers

Some of our service providers (Cloudflare, Google, Amplitude, RevenueCat, Resend) are headquartered in the United States and may process your data across multiple regions. When we transfer your personal data outside the United Kingdom we rely on appropriate safeguards under UK GDPR, including the UK International Data Transfer Addendum to the EU Standard Contractual Clauses, or the equivalent under each provider's certifications.

You can request a copy of the relevant safeguards by emailing privacy@ginsenglabs.dev.

09 How long we keep it

  • Account data — kept while your account is active. Deleted within 30 days of an account-deletion request, except where we are required to retain limited records for legal or accounting purposes.
  • Game play data on-device — kept until you uninstall the App.
  • Crash reports — retained by Google Firebase for up to 90 days.
  • IP-address security logs — kept only as long as needed for rate-limiting and abuse detection (typically a few days at most) and then deleted.
  • Analytics events — retained by Amplitude for up to 24 months.
  • Email correspondence — kept while it is reasonably useful to do so, then deleted, typically within 24 months of the last reply.
  • Newsletter address — kept until you unsubscribe.

10 Your rights

You have rights over the personal data we hold about you. The specific rights depend on where you live; the contact point is the same for everyone:

Please send the request from the email address associated with your account so we can verify identity. We do not charge a fee for reasonable requests. We may decline manifestly unfounded or excessive requests, or charge a reasonable fee, and will explain why if we do (Art. 12(5) UK GDPR).

United Kingdom (UK GDPR + Data Protection Act 2018)

You have the right to:

  • Access — a copy of the personal data we hold about you;
  • Rectification — correction of inaccurate or incomplete data;
  • Erasure — deletion of your personal data (the “right to be forgotten”), subject to limited exceptions;
  • Restriction — pause processing while a dispute is resolved;
  • Portability — a machine-readable copy of data you've provided to us;
  • Object — to processing based on legitimate interests, including direct marketing;
  • Withdraw consent — at any time, without affecting the lawfulness of processing carried out before withdrawal;
  • Not be subject to solely-automated decision-making (Art. 22 UK GDPR) — we do not currently make any solely-automated decisions about you that produce legal or similarly significant effects;
  • Lodge a complaint with the UK Information Commissioner's Office (see section 14).

We respond within one calendar month (Art. 12(3) UK GDPR), extendable by a further two months where the request is complex.

European Union / EEA (EU GDPR)

If you are in the EU or EEA you have the same set of rights as UK residents, under the equivalent provisions of the EU GDPR (Regulation (EU) 2016/679, Articles 15–22). You also have the right to lodge a complaint with the supervisory authority in your member state of habitual residence, place of work, or place of alleged infringement (Art. 77 EU GDPR). A list of EU supervisory authorities is published by the European Data Protection Board at edpb.europa.eu/members.

We respond within one calendar month (Art. 12(3) EU GDPR).

California (CCPA / CPRA)

If you are a California resident, you have the right to:

  • Know what personal information we have collected about you, the sources, the purposes, and the categories of third parties we share it with (Cal. Civ. Code §§ 1798.110, 1798.115);
  • Delete personal information we have collected from you (§ 1798.105);
  • Correct inaccurate personal information (§ 1798.106);
  • Opt out of "sale" or "sharing" of personal information — see the dedicated paragraph below (§ 1798.120);
  • Limit use and disclosure of sensitive personal information (§ 1798.121) — we do not currently collect or process sensitive personal information as defined in § 1798.140(ae);
  • Non-discrimination for exercising any of these rights (§ 1798.125).

We respond within 45 days (§ 1798.130(a)(2)), extendable by a further 45 days where reasonably necessary.

Do Not Sell or Share My Personal Information. Under the CPRA, "sale" and "sharing" of personal information have specific defined meanings (Cal. Civ. Code § 1798.140(ad) and (ah)). We do not sell your personal information for money. However, if you allow tracking via Apple's ATT prompt, our sharing of your Advertising Identifier (IDFA) with Google AdMob for personalised advertising may constitute "sharing for cross-context behavioural advertising" under California law. To opt out of this sharing: deny the ATT prompt, or — if you previously allowed it — toggle it off at iOS Settings → Privacy & Security → Tracking → Symptoms. You may also email privacy@ginsenglabs.dev with the subject "Do Not Sell or Share" and we will record your choice against your account.

Other US states (Virginia, Colorado, Connecticut, Texas, Oregon, Montana, Delaware, and others)

If you live in a US state with a comprehensive privacy law, you have broadly similar rights to access, delete, correct, and opt out of targeted advertising. We respond within the applicable statutory deadline (typically 45 days). Send the request to privacy@ginsenglabs.dev indicating your state of residence.

Canada (PIPEDA + Quebec Loi 25)

You have the right to access and correct personal information about you, to withdraw consent, and to lodge a complaint with the Office of the Privacy Commissioner of Canada (priv.gc.ca) or, if you are in Quebec, the Commission d'accès à l'information du Québec (cai.gouv.qc.ca). We respond within 30 days (PIPEDA s. 8(3)).

Australia (Privacy Act 1988 + Australian Privacy Principles)

You have the right to access (APP 12) and correct (APP 13) personal information about you. You may also complain to the Office of the Australian Information Commissioner (oaic.gov.au). We respond within 30 days.

11 Security

We take security seriously and use industry-standard measures including TLS 1.2+ in transit, encryption at rest, principle of least privilege for staff access, and reputable infrastructure providers. No system is 100% secure; if we ever discover a personal-data breach that poses a risk to your rights and freedoms, we will notify the Information Commissioner's Office within 72 hours and, where required, notify affected users directly.

12 Children

The Service is intended for users aged 16 and over. We do not knowingly collect personal data from anyone under 16. If you believe a child under 16 has provided us with personal data, please contact us at privacy@ginsenglabs.dev and we will delete it promptly.

We have considered the UK Information Commissioner's Office Age-Appropriate Design Code (the Children's Code), which applies to services likely to be accessed by under-18s. Symptoms is marketed to adult clinicians and medical students; its puzzle format, professional vocabulary, and 16+ age gate make it not "likely to be accessed" by under-18s in the sense the Code contemplates. We keep this assessment under review and will adjust our practices if the audience changes.

13 Changes to this policy

We may update this Privacy Policy from time to time. The “Effective” date at the top will change accordingly. For material changes we will give reasonable advance notice in the App and (where we have your email address) by email. Continued use of the Service after the effective date constitutes acceptance of the updated policy.

14 Contact & complaints

For any privacy question, request, or concern:

If you are not satisfied with our response, you have the right to lodge a complaint with the supervisory authority in the UK:

  • Information Commissioner's Office (ICO)
  • Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF
  • Helpline: 0303 123 1113
  • Online: ico.org.uk/make-a-complaint

We'd appreciate the chance to address your concerns first — please reach out to us before escalating, where you feel able to.