Privacy Policy
Last updated: February 2026
GPFinder is committed to protecting your privacy. This policy explains what data we collect, how we use it, and your rights. The short version: we collect very little, we don't sell anything, and we don't track you across the web.
What data we collect
GPFinder is designed to work without requiring any personal information from you. Here's a complete picture of what we do and don't collect:
Information you provide directly
When you search for GP practices, you enter a postcode. This postcode is sent to our server solely to find nearby practices and calculate distances. We do not store postcodes in any database, and they are not linked to you in any way. Once your search results are returned, the postcode is discarded.
If you submit a review for a GP practice, you provide a display name and your review text. These are stored on our servers to display on the practice page. We do not require an email address or account to submit a review. Review submissions are associated with a session identifier, not with any personal identity.
If you contact us by email, we retain your email address and message solely for the purpose of responding to your enquiry. We do not add contact emails to any mailing list.
Information collected automatically
Like most websites, GPFinder automatically receives certain technical information when you visit:
- IP address — processed by our hosting provider (Vercel) for security and performance purposes, but not stored by GPFinder in any identifiable form
- Browser type and device information — collected anonymously by our analytics tools to help us understand how people use the site (e.g., mobile vs desktop)
- Pages visited and time spent — collected anonymously to help us improve the most useful parts of GPFinder
- Approximate geographic region — derived from your IP address by analytics tools (country/city level, not precise location)
Information we do NOT collect
- We do not require or offer user accounts
- We do not collect names, email addresses (except when you contact us), phone numbers, or physical addresses
- We do not collect any health or medical information
- We do not collect payment information (GPFinder is free)
- We do not use fingerprinting or cross-site tracking
- We do not collect or store the results of your searches
How we use your data
The limited data we collect is used exclusively for:
- Providing search results — your postcode is used in real time to find nearby GP practices, then discarded
- Displaying reviews — if you submit a review, it is shown publicly on the relevant practice page
- Understanding usage patterns — anonymous analytics help us know which features are most useful and where to improve
- Monitoring performance — error tracking helps us fix bugs and keep the site running smoothly
- Responding to enquiries — if you email us, we use your email to reply
We do not use your data for advertising, profiling, or any purpose other than operating and improving GPFinder.
Cookies and analytics
GPFinder uses a small number of cookies and analytics tools. Here's exactly what they are:
| Service | Purpose | Data collected | Cookie? |
|---|---|---|---|
| Google Analytics | Understanding how visitors use GPFinder | Anonymous page views, session duration, device type, approximate location | Yes (_ga, _gid) |
| Vercel Analytics | Performance monitoring (page load times, Web Vitals) | Anonymised performance metrics | No |
| Vercel Speed Insights | Real-user performance measurement | Page load metrics | No |
| Sentry | Error monitoring and crash reporting | Error details, browser info (no personal data) | No |
| Mapbox | Displaying interactive maps | Map tile requests | Session cookie |
Your cookie choices
You can disable cookies in your browser settings at any time. GPFinder will continue to work normally without cookies — you'll still be able to search, view practices, and compare. The only effect is that our analytics won't record your visit, which is perfectly fine.
We do not use advertising cookies, retargeting pixels, or social media tracking scripts.
Third-party services
GPFinder relies on a number of third-party services to function. Each is used for a specific, limited purpose:
| Service | What it does | Their privacy policy |
|---|---|---|
| Vercel | Hosts the GPFinder website | Privacy policy |
| Mapbox | Displays practice locations on interactive maps | Privacy policy |
| Postcodes.io | Converts UK postcodes to geographic coordinates | Open source, no tracking |
| Google Analytics | Anonymous usage analytics | Privacy policy |
| Sentry | Error monitoring and crash reporting | Privacy policy |
We do not share your data with any third party for advertising, marketing, or data brokerage purposes.
GP practice data
All GP practice information displayed on GPFinder — including names, addresses, CQC ratings, patient survey results, workforce statistics, and appointment data — comes from publicly available NHS and government sources published under the Open Government Licence v3.0.
This is aggregated, anonymised data about GP practices as organisations. We do not collect, store, display, or have access to any individual patient data, medical records, or personally identifiable health information.
User-submitted reviews on GPFinder are the opinions of individual contributors and do not come from NHS data sources.
User reviews
If you choose to submit a review for a GP practice, the following information is stored and displayed publicly:
- The display name you provide (this can be a pseudonym)
- Your review text
- Your star rating
- The date of submission
Reviews are moderated to remove spam, offensive content, and personally identifiable information about healthcare staff. We reserve the right to remove reviews that violate our review guidelines.
Once published, your review is visible to all visitors of the practice page. If you wish to have a review removed, please contact us at hello@gpfinder.co.uk with the practice name and approximate date of your review.
Data retention
- Postcode searches — Not stored — discarded immediately after returning results
- Analytics data — Retained by Google Analytics for 14 months, then automatically deleted
- Error logs — Retained by Sentry for 90 days
- User reviews — Retained indefinitely unless removal is requested
- Contact emails — Retained for as long as needed to resolve the enquiry, then deleted within 12 months
Children's privacy
GPFinder is a general information service about GP practices and is not directed at children. We do not knowingly collect any information from children under 13. If you believe a child has submitted personal information through our site, please contact us and we will take steps to remove it.
Your rights
Under UK data protection law (UK GDPR and the Data Protection Act 2018), you have the right to:
- Access any personal data we hold about you
- Correct any inaccurate personal data
- Delete any personal data we hold about you
- Object to processing of your personal data
- Withdraw consent for cookie-based analytics at any time (by disabling cookies in your browser)
In practice, because GPFinder collects minimal personal data, there is usually very little (if anything) to access, correct, or delete. However, we take these rights seriously. If you have any questions or requests, please email us at hello@gpfinder.co.uk.
If you are not satisfied with our response, you have the right to complain to the Information Commissioner's Office (ICO) at ico.org.uk.
Data security
GPFinder is hosted on Vercel, which provides enterprise-grade security including HTTPS encryption for all connections, DDoS protection, and SOC 2 compliance. All data transmitted between your browser and GPFinder is encrypted using TLS.
We do not store sensitive personal data, which significantly reduces our security risk profile. Our codebase is regularly updated to address known vulnerabilities in dependencies.
Changes to this policy
We may update this privacy policy from time to time. When we make significant changes, we will update the “Last updated” date at the top of this page. We encourage you to review this policy periodically.
For material changes that affect how we handle personal data, we will make reasonable efforts to notify users through a banner on the website.
Questions about privacy?
If you have any questions about this privacy policy or how GPFinder handles data, please contact us:
hello@gpfinder.co.ukWe aim to respond to all privacy-related enquiries within 14 days.