Cookies — needed for sign-in and preferences. Notice · Privacy

Sign in

This legal text is fixed platform wording and cannot be edited from the application.

Privacy policy

ApexMedix (“we”, “us”) provides Nexus, a login-only, multi-tenant web application used by tenant organisations and their authorised users. This policy describes what Nexus is, what categories of information the software is designed to process, and how ApexMedix and tenant organisations fit into data protection law. Read it together with your organisation’s own privacy notices.

Contact: dpo@apexmedix.net

What Nexus is

Nexus is a staff and operations workspace for a single tenant organisation per hostname (or slug in development). Typical capabilities in the product include:

  • Staff directory and profiles (contact details, address, role, grade, compliance flags, professional reference codes such as HCPC/HPAC where your organisation uses them)
  • Onboarding invited users, password and optional two-factor authentication (authenticator app and/or email codes)
  • Events and rostering, expressions of interest in shifts, and related attendance or status fields
  • Staff qualifications and uploaded proof documents (files stored for the tenant organisation)
  • DVLA-related driving checks and submissions your organisation configures
  • Medicine management and stock records where that module is in use
  • Invoices or payment requests your organisation submits through the app, including uploaded files and reviewer notes
  • Tenant organisation branding and site settings, company updates, roles and permissions, audit logs, and optional API keys for integrations

Your tenant organisation decides which features are used and what business purpose applies. ApexMedix supplies the software and hosting stack; your organisation is responsible for what it enters and for telling its staff how their data is used.

What the system collects and stores

The following reflects data types the application is built to handle. Your tenant organisation may not use every module; unused tables or fields may simply stay empty.

  • Account and profile — Email address, password (stored only as a secure hash), name, phone, postal address, profile image reference, active/disabled and staff-roster flags, role and grade links, permission overrides where configured, onboarding flags (for example must change password).
  • Security and access — Sign-in sessions (including expiry), client IP address, browser user-agent string, and last-seen timestamps; optional two-factor secrets or short-lived challenge codes for login verification; password-reset codes when a user requests a reset; signed authentication cookies for the web app.
  • Operational and HR-style records your tenant organisation enters — Compliance status, driver flag, employment start date, organisation-defined “extras”, qualification titles and dates, DVLA request and review notes and any licence fields your workflow collects, shift and event participation records, invoice amounts and status, medicine stock movements and related records, free-text messages on invoices, and similar operational content tied to user accounts or partitioned under your tenant organisation in the database.
  • Files and uploads — Documents users attach (for example qualification proofs or invoice PDFs) and avatar images; these are stored for the tenant organisation in connected object storage and referenced from the database.
  • Tenant organisation configuration — Organisation display name, branding assets, welcome email templates, subscription or billing metadata your agreement uses, API key material for server-to-server access, and other settings tables your tenant organisation maintains.
  • Audit and support visibility — Audit log entries can include who acted, what category of action occurred, a short summary, optional JSON metadata, request path, HTTP status, duration, IP address, and user agent, for security and accountability inside the tenant organisation’s environment.
  • External API (if your tenant organisation enables it) — An API key scoped to your tenant organisation and short-lived user access tokens issued only after your organisation’s configured authentication steps; those calls carry the same classes of profile and operational data exposed by the API surface your tenant organisation uses.

Where your tenant organisation uses monthly contractor invoices, staff may save a UK bank sort code and account number in Nexus so that finance can pay approved amounts; those details are stored as operational payment instructions under your organisation’s instructions. National Insurance numbers and full payroll processing datasets are not built into Nexus as standard schema items. Other sensitive information may appear as ordinary text or files your tenant organisation chooses to upload, which your organisation must justify under law.

How data gets into Nexus

Primarily through people using the application: administrators for your tenant organisation and staff enter or upload data, approve workflows, and use integrated features. Email delivery (for example welcome, two-factor, or reset messages) uses your tenant organisation’s configured mail settings and addresses messages to the recipients your users supply.

Roles: controller and processor

For personal data about your organisation’s staff and clients that is entered into Nexus, the tenant organisation is usually the data controller (it decides why and how the data is used). ApexMedix acts as a data processor when operating the platform on the tenant organisation’s instructions, and as a controller only for a narrow set of its own records (for example account queries sent to the DPO email, or security metadata needed to run the service safely).

We do not sell personal data. We use subprocessors such as infrastructure and email delivery providers as needed to host and operate the service.

Where data is stored and security

Databases and file storage for the service rely on third-party infrastructure (for example DigitalOcean for PostgreSQL and object storage in the deployment described to tenant organisations). We apply access controls, authentication, permissioning, and logging appropriate to a business application. No method of transmission over the internet is perfectly secure; tenant organisations should use strong passwords, optional two-factor authentication, and protect API keys.

Cookies

The site uses cookies that are strictly necessary to keep you signed in and to protect forms. See the cookie notice for more detail.

Staff mobile application

Where your organisation provides a branded staff app (for example Mediqas), it connects to the same tenant API as this portal using your organisation’s credentials. The app may process:

  • Sign-in credentials and short-lived access tokens stored securely on the device when you choose stay signed in
  • Profile, roster, shift offers, compliance forms, and HR documents your role can access in Nexus
  • Device location (latitude, longitude, and accuracy) when you clock in or out of a shift, so managers can verify attendance location in the event register
  • Local notification preferences and reminder state on the device; the app may poll for server-generated alerts you have enabled
  • Biometric unlock using your device’s operating system only — biometric templates are not sent to ApexMedix

Clock-in without granting location permission may still be possible; coordinates are omitted when permission is denied or unavailable. Your organisation’s attendance rules still apply.

Request deletion of your data (Mediqas Staff Hub)

Mediqas Staff Hub is a staff mobile app for existing Nexus users. Accounts are created by your employer — the app does not offer public sign-up or in-app account deletion.

How to request deletion

  1. Contact your employer first (for example HR or your line manager) and ask to remove your Nexus staff access and/or erase employment data held about you.
  2. Your organisation, as data controller, processes the request in its Nexus portal and decides what must be kept for legal, payroll, or safety reasons.
  3. Sign out of Mediqas Staff Hub on your device to end your local session. You can do this in the app under Account.
  4. If your organisation needs platform assistance, it may contact ApexMedix at dpo@apexmedix.net.

What is deleted

  • Staff profile, roster participation, clock-in/out records, compliance form entries, and HR documents linked to your account — when your organisation deletes or disables your account in Nexus.
  • Session tokens and preferences stored on your phone when you sign out or uninstall the app.

What may be kept

  • Records your organisation must retain by law (for example tax, payroll, health and safety, or dispute evidence).
  • Anonymised or aggregated operational data that no longer identifies you.
  • Security and audit logs for a limited period where needed to protect the service.

Retention periods depend on your organisation’s policies and legal obligations. Ask your employer for its specific retention schedule.

Your rights

Under UK GDPR and related law you may have rights of access, correction, erasure, restriction, objection, and data portability where they apply. Contact your organisation first if the data is held in your tenant organisation’s Nexus workspace; ApexMedix will assist your tenant organisation where we are legally or contractually required to do so.

Changes

This text is maintained as standard platform wording. It may be updated to stay accurate when the product changes; the current version is always shown on this page.