Last updated: 23 February 2026
Privacy Policy
This policy explains what data Mederti collects, why, and how you can control it. Mederti is operated as a global pharmaceutical shortage intelligence platform.
1. Who we are
Mederti provides real-time pharmaceutical shortage intelligence aggregated from regulatory bodies worldwide. For GDPR purposes, Mederti acts as the data controller for personal data collected through this website. Contact:
privacy@mederti.com.
2. Data we collect
Email address — if you subscribe to shortage alerts or create an account, we store your email address to send you relevant notifications.
Authentication data — if you create an account, Supabase stores a hashed password and session tokens. We never see your plaintext password.
Watchlist preferences — drugs you add to your watchlist are stored against your user account to trigger shortage alerts.
Usage data — standard server logs (IP address, browser type, pages visited) may be retained for up to 90 days for security and performance purposes. We do not use third-party analytics trackers.
Cookies — we use a single session cookie to maintain your login state. No advertising or tracking cookies are used.
3. How we use your data
- Send shortage alert emails for drugs on your watchlist
- Send a welcome email when you subscribe (you can unsubscribe at any time)
- Maintain your login session
- Detect and prevent abuse or security incidents
We do not sell, rent, or share your personal data with third parties for marketing purposes.
4. Legal basis (GDPR)
For users in the European Economic Area, we process personal data under the following legal bases:
Consent — email subscriptions (you can withdraw at any time).
Contract — account creation and watchlist features (needed to provide the service).
Legitimate interests — security logging and abuse prevention.
5. Data retention
Email subscribers: retained until you unsubscribe or request deletion.
Account data: retained while your account is active and for 30 days after deletion.
Server logs: retained for up to 90 days.
6. Third-party services
Supabase — database and authentication (EU data hosting available). Privacy policy: supabase.com/privacy
Resend — transactional email delivery. Privacy policy: resend.com/privacy
Vercel — website hosting. Privacy policy: vercel.com/legal/privacy-policy
Shortage data is sourced from public regulatory databases (FDA, TGA, EMA, etc.) and contains no personal data.
7. Your rights
If you are in the EEA or UK, you have the right to:
- Access the personal data we hold about you
- Correct inaccurate data
- Delete your data ("right to be forgotten")
- Object to processing based on legitimate interests
- Portability — receive your data in a machine-readable format
To exercise any of these rights, email
privacy@mederti.com. We will respond within 30 days.
8. Security
All data is encrypted in transit (TLS) and at rest. Database access is controlled via row-level security policies. We do not store payment information.
9. Changes to this policy
We may update this policy. Material changes will be notified via email to registered users. The "Last updated" date at the top of this page reflects the most recent revision.