Privacy Policy
1. Introduction
This Privacy Policy explains how Standard Medicine AB processes your personal data, what rights you have, and how you may exercise them under the General Data Protection Regulation (GDPR).
"Process" means any operation performed on personal data, such as collection, storage, organisation, transmission, or deletion. "Your data" means any information that directly or indirectly identifies you (e.g., name, profession, telephone number, email address).
Please read this Privacy Policy when you use our services or visit our website. For information about our services, see our Terms of Use.
2. We are responsible for your personal data
Standard Medicine AB (organisation number 559549-3403) is the controller of your personal data. Our registered office is located in Stockholm, Sweden.
3. Questions? We are here to help
If you have questions about how we process your personal data, please contact us at privacy@standardmedicine.com or by post to Standard Medicine AB, Skeppargatan 5, 114 52 Stockholm, Sweden.
Please direct any privacy questions or rights requests to privacy@standardmedicine.com.
4. Why and how do we use your personal data?
We process certain personal data to operate our business and to provide and improve our services. Below is an overview of what data we process, where it comes from, why we process it, how long we keep it (or the criteria used to determine that period), and the lawful basis relied upon.
Our service is not intended to process special categories of personal data (Article 9 GDPR). Users are instructed not to enter patient-identifiable information, and we employ measures designed to detect and reduce such data. As queries are free-text, we cannot fully prevent it.
5. Our use of your data
5.1 To operate the search service
Data processed:
- Submitted search queries and generated results
Note: Queries must be anonymous and devoid of patient identifiers (see sections 4 and 8).
Source: You.
Legal basis:
- Performance of a contract (Article 6(1)(b) GDPR).
- Legitimate interests (Article 6(1)(f) GDPR): to secure and optimise the service.
Storage period: Queries are held in pseudonymised form and retained only as long as necessary to operate and improve the service.
5.2 To provide our service to you
Data processed:
- Name
- Contact information (e.g., email, phone number)
- Usage data related to your use of our service (including technical/device information)
- Profession/confirmation of professional/student status
- Place of work
Source: You; technical service partners.
Legal basis:
- Performance of a contract with you (Article 6(1)(b) GDPR).
- Legitimate interests (Article 6(1)(f) GDPR): to maintain, secure, and improve our service. You may contact us to obtain a copy of our balancing test.
- Consent (Article 6(1)(a) GDPR), where applicable.
Storage period: For as long as necessary to deliver the service to you. For service development, for as long as necessary to obtain the information needed; we pseudonymise or anonymise the data as soon as practicable. For newsletters, until you withdraw your consent.
5.3 To market our services to you based on your interests
Data processed:
- Name
- Profession
- Place of work
- Contact information (e.g., email, phone number)
Source: You; analysis of user activity.
Legal basis: Consent (Article 6(1)(a) GDPR).
Storage period: For as long as necessary to provide the service and/or until you withdraw your consent.
5.4 To provide customer support
Data processed:
- Your queries and our responses regarding the service
- Contact information
Source: You; technical service partners.
Legal basis: Performance of a contract (Article 6(1)(b) GDPR).
Storage period: Until your request has been resolved.
6. Your rights
You may exercise any of your rights by emailing privacy@standardmedicine.com. We strive to enable you to exercise your rights efficiently.
Right to information (Art. 13)
Know how and why we process your data. This Privacy Policy fulfils that obligation.
Right of access (Art. 15)
Request a copy of the personal data we hold about you.
Right to rectification (Art. 16)
Have inaccurate or incomplete data corrected.
Right to erasure (Art. 17)
Request deletion where the data is no longer needed for its original purpose or another legal ground applies.
Right to restriction (Art. 18)
Ask us to restrict processing in certain circumstances.
Right to data portability (Art. 20)
Receive data you provided in a structured, commonly used, machine-readable format and transmit it to another controller.
Right to withdraw consent (Art. 7(3))
Withdraw consent at any time. Withdrawal affects future processing only.
Right to object (Art. 21)
Object to processing based on legitimate interests; we will stop unless we demonstrate compelling grounds. You always have the right to object to marketing.
No solely automated decision-making (Art. 22)
Not be subject to decisions based solely on automated processing, including profiling, that produce legal or similarly significant effects.
7. Sharing your personal data
We share data with external partners acting as processors or controllers; a current list is available on request.
Newsletters
An EU email provider receives your name, email, profession, and workplace. Basis: consent.
AI and search
Language-model and ranking providers process your queries and chat history to generate results. Some processing occurs outside the EEA under Standard Contractual Clauses.
Hosting
Cloud and database providers store account details and chat history; the search index stays in the EU, and any transfers outside the EEA use Standard Contractual Clauses.
8. Our security measures
We are committed to protecting your personal data and have implemented appropriate technical and organisational measures to safeguard it. Please also keep your password confidential and secure, and protect your devices.
Our service is intended for clinical questions only. Guidance at the query interface instructs users not to enter patient-identifiable information, and we employ filtering measures designed to detect and reduce such data.
9. Cookies and similar technologies
Cookies are small text files stored in your browser. We may also use similar technologies (e.g., local storage and pixels).
Categories
- Necessary: required for the website to function (e.g., session management, security).
- Preferences: remember choices such as language and settings.
- Statistics/Analytics: measure usage to improve the service.
- Marketing: deliver relevant advertising and measure effectiveness.
Legal basis and consent
Necessary cookies are permitted without consent under the EU ePrivacy rules. Preferences, Analytics, and Marketing cookies are used only with your consent (Article 6(1)(a) GDPR). We do not set non-essential cookies until you have made a choice, and you may withdraw consent at any time without affecting the lawfulness of prior processing.
Consent management
We display a cookie banner on first visit offering "Accept all", "Reject non-essential", and "Customise" with equal prominence. Non-essential cookies and scripts are blocked until you choose. A persistent "Cookie settings" link in the footer lets you change or withdraw consent at any time.
Third parties
We use Google Analytics (Google LLC) for statistical purposes, set only after you consent. Our core systems are hosted in the EU/EEA; Google Analytics may transfer anonymised data to the USA with appropriate safeguards. Google's privacy policy: https://policies.google.com/privacy
Cookie register
| Name | Provider | Category | Purpose | Retention |
|---|---|---|---|---|
| sm.session_token | Standard Medicine | Necessary | Authentication and session management, including anonymous sessions | Until logout or session expiry |
| locale | Standard Medicine | Preferences | Remember language preference | 400 days |
| theme | Standard Medicine | Preferences | Remember display theme (dark, light, or system) | 1 year |
| ph_*_posthog | PostHog (EU Cloud) | Statistics/Analytics | Visitor analytics, session tracking, and product usage measurement | 1 year |
We keep this register updated as our use of cookies changes. You can also block or delete cookies via your browser settings, though this may affect website functionality.
10. If we do not keep our promise
If you have concerns about how we process your data, please contact privacy@standardmedicine.com. You may also lodge a complaint with the Swedish Authority for Privacy Protection (Integritetsskyddsmyndigheten, IMY): imy@imy.se, or Integritetsskyddsmyndigheten, Box 8114, 104 20 Stockholm. Further information: https://www.imy.se/
11. Changes to this Privacy Policy
We may update this Policy from time to time. Where changes affect our obligations or your rights, we will inform you in advance.
Last updated: 8 June 2026
Standard Medicine AB · Org. nr 559549-3403 · Stockholm, Sweden