baeyMDT's
[ legal / policy ]

Privacy Policy

Last updated · 17 May 2026

This Privacy Policy explains how baeyMDT's ("we", "us", "our") collects, uses and protects information when you use our website and the MDT platform (together, the "Service"). The Service is a fictional roleplay environment and is not affiliated with NHS England.

1. Who we are

baeyMDT's is operated as a community project based in the United Kingdom. For any privacy questions you can reach us at privacy@baeymdt.com.

2. Information we collect

  • Account information — display name, email, Discord ID and (where provided) FiveM identifiers.
  • In-platform records — roleplay characters, callsigns, incidents, patient encounters and reports you create.
  • Operational logs — IP address, device, browser and time of access for security and abuse prevention.
  • Optional content — avatars, signatures and any free-text you submit.

3. How we use information

We use information to operate the Service, authenticate you, prevent abuse, maintain audit logs, communicate service updates and improve features. We do not sell personal data to third parties.

4. Legal basis (UK GDPR)

We process data on the basis of (a) performance of a contract with you, (b) our legitimate interest in running a secure community platform, and (c) your consent where required (e.g. optional marketing emails).

5. Sharing

We share data only with processors required to deliver the Service — hosting, error monitoring and email delivery providers — under written data-processing agreements. We may disclose information when required by law.

6. Retention

Account data is retained for the lifetime of your account and for up to 30 days after deletion. Audit logs are retained for up to 24 months for security and integrity purposes.

7. Your rights

Under UK GDPR you have the right to access, rectify, erase, restrict or object to processing of your personal data, and the right to data portability. To exercise these rights email privacy@baeymdt.com.

8. Security

Data is encrypted in transit (TLS 1.2+) and at rest. Access to production systems is restricted, logged and reviewed regularly. No system is ever 100% secure — we work to maintain industry-standard safeguards.

9. Cookies

We use a small number of strictly necessary cookies to keep you signed in and to remember your preferences. We do not use advertising cookies.

10. Children

The Service is not intended for users under 13. If you believe a child has provided us personal data, please contact us so we can remove it.

11. Changes

We may update this policy from time to time. Material changes will be highlighted in-app or by email before they take effect.