What we collect

From attendees — when you scan an event QR code and submit the attendance form, we collect your name, email address, an optional registration number (such as your RACP ID), and an optional learning reflection. We create an attendance record and a certificate PDF from this information.

From organisers — when you create an account we collect your sign-in email address, the event details you enter (department, title, presenter name, CPD category, date and duration), and your subscription and billing status.

Automatically — essential cookies needed to keep you signed in, and basic server logs from our hosting provider. We do not use analytics, tracking pixels, or advertising.

How we use it

We use personal information to:

• record attendance and generate and email CPD certificates;
• let organisers manage their events and attendee lists;
• operate accounts, subscriptions and billing; and
• keep the service secure and working properly.

Who we share it with

We use a small number of trusted service providers to run MedCPD:

• Supabase — database, sign-in and certificate storage;
• Stripe — payment processing. We never see or store your card details; they are handled directly by Stripe;
• Resend — sending certificate and sign-in emails; and
• Vercel — hosting the website.

Some of these providers store information overseas, including in the United States. We only use reputable providers that maintain their own security and privacy protections. We do not sell your personal information, and we only share it where needed to provide the service or where required by law.

How long we keep it

We keep attendance records and certificates so they remain available as a CPD record and can be re-downloaded later. You can ask us to delete your personal information at any time (see Your rights below), and we will do so unless we are required to keep it.

Your rights

You have the right to ask for access to, correction of, or deletion of the personal information we hold about you. To make a request, or if you have any privacy question or concern, email us at privacy@medcpd.nz. If you are not satisfied with our response, you can contact the Office of the Privacy Commissioner (privacy.org.nz).

Cookies

We only use cookies that are essential to keep you signed in and to operate the service. We do not use cookies for tracking or advertising.

Security

We hold your information with established providers, using access controls and encryption in transit. Certificate files are kept in private storage. No system is perfectly secure, but we take reasonable steps to protect your information.

Children

MedCPD is intended for medical professionals and is not directed at children.

Changes to this policy

We may update this policy from time to time. The “Last updated” date at the top shows when it last changed.

Contact

Questions about this policy or your information? Email privacy@medcpd.nz. See also our Terms of Use.

MedCPD is an independent tool and is not affiliated with the Medical Council of New Zealand or RACP.