Privacy Policy

GetBleeped is an independent job-alert service for people seeking NHS roles in the UK, operated in the United Kingdom. We are not affiliated with the NHS, NHS Jobs, or NHS Business Services Authority.

For any privacy-related queries, contact us at hello@getbleeped.co.uk.

• Email address — required to send you job alerts and manage your subscription.
• Role label preferences — the specialties, grades, and alert categories you select so we can filter relevant jobs for you.
• Subscription status — whether you are on the free or paid tier, managed via Stripe. We do not store full payment card details; those are held by Stripe.
• Stripe customer and subscription identifiers — used to manage paid subscriptions and link your account to Stripe records. We do not store full card details.
• Confirmation and activity timestamps — when you confirmed your email and when alerts were sent, used to operate the service reliably.
• Server logs — standard web server access logs (IP address, user-agent, timestamp) retained for up to 30 days for security and debugging purposes.

We use your data only to operate GetBleeped:

• Sending you email alerts for NHS job postings matching your selected labels
• Confirming your email address and authenticating unsubscribe/manage requests
• Processing and managing your subscription via Stripe
• Improving the service, including understanding which role labels are most used, monitoring deliverability, debugging errors, and reducing irrelevant alerts

We do not sell your data, share it with advertisers, or use it for any purpose other than operating this service.

Under UK GDPR, we rely on the following legal bases:

• Contract performance — to provide job alerts, manage your subscription, process paid access, and respond to support requests.
• Legitimate interests — to secure the service, prevent abuse, maintain logs, improve reliability, and understand aggregate usage. Where we rely on legitimate interests, you have the right to object to that processing.
• Consent — for optional marketing communications beyond service alerts, where required.

We use the following sub-processors, each bound by data processing agreements:

• Supabase — database hosting. Stores your email, preferences, and subscription status.
• Resend — transactional email delivery. Receives your email address to send alerts.
• Stripe — payment processing (US). Handles all card data for paid subscriptions under their own Privacy Policy and Data Processing Agreement. UK-to-US transfers are covered by Standard Contractual Clauses.
• Vercel — application hosting (US/EU edge). Processes requests and serves pages; standard access logs apply.

Some processors may process data outside the UK. Where this happens, we rely on appropriate safeguards, such as adequacy arrangements or contractual protections provided by the processor.

• Active subscribers — data retained for the duration of your subscription.
• After unsubscription or cancellation — your account is deactivated and no further alerts are sent. Non-founding-member accounts are automatically deleted within 30 days of deactivation. Founding member accounts are retained solely to honour the lifetime pricing commitment made at signup; founding members may request deletion at any time by emailing hello@getbleeped.co.uk, which permanently waives the lifetime rate. We may retain limited records where required for legal, accounting, or dispute-resolution purposes.
• Payment records — Stripe retains transaction history as required by applicable financial regulations.
• Server logs — deleted after 30 days.

You have the right to:

• Access — request a copy of the data we hold about you.
• Rectification — correct any inaccurate data.
• Erasure — request deletion of your data (“right to be forgotten”).
• Restriction — request we pause processing your data.
• Portability — receive your data in a machine-readable format.
• Object — object to processing based on legitimate interests.

To exercise any right, email hello@getbleeped.co.uk. We will respond within 30 days. You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO) at ico.org.uk.

GetBleeped does not currently use tracking cookies, advertising cookies, or third-party analytics cookies. The site may use minimal strictly necessary cookies or local storage required for security, session management, or core functionality. If we introduce analytics or marketing cookies in future, we will update this policy and request consent where required.

We may update this policy as the service evolves. Material changes will be communicated by email to active subscribers. Continued use of the service after changes constitutes acceptance.