Last updated June 2026
This policy explains how Monj, operated by Medstack Limited (“we”, “us”), collects, uses and protects your personal information when you use the Monj app. We are the data controller for your information and are committed to handling it lawfully, fairly and transparently under the UK GDPR and the Data Protection Act 2018.
Monj is provided by Medstack Limited. Monj is a companion and self-management tool. It is not a pharmacy, not a prescriber, and not a medical or diagnostic service.
We collect information you give us during onboarding and while using the app, including:
We rely on your consent to process your health information, which you give during onboarding and can withdraw at any time. For special-category (health) data we also rely on the condition in Article 9(2)(a) UK GDPR (explicit consent). We rely on legitimate interests and the performance of our contract with you to operate and secure the app. Marketing messages, if any, are sent only with your separate opt-in.
We do not sell your personal information, and we do not use your health data to advertise to you.
Your data is stored using our infrastructure provider (Supabase) on servers operated on our behalf. Access is restricted, and your records are protected by row-level security so that you can only access your own data.
We keep your information for as long as your account is active. If you delete your account, we mark it for deletion and permanently erase your data after a 30-day recovery window, unless we are required to keep certain records longer by law.
You have the right to access, correct, delete, restrict or object to our use of your data, to data portability, and to withdraw consent at any time. You can delete your account from within the app. You also have the right to complain to the Information Commissioner’s Office (ICO) at ico.org.uk.
For any privacy question or to exercise your rights, contact Medstack Limited using the details on monj.co.uk. We will respond within the timeframes required by law.