Privacy Policy

The MGM Psychology Ltd (formerly known as MGM DoodleSoft Ltd) (“we” or “us” or “company”) is passionate about you, your health, and your privacy and security. As part of our commitment to you, below is our Privacy Policy (“Policy”) that ensures the information that you enter in the Just In Case app (“the App”), always belongs to you and is kept as safe and secure as reasonably possible. You control your information and how we interact with you – and that is what makes us different.


By using the Just In Case app, you agree to this Policy. We will also highlight this during the initial sign-up or account creation process, and you will be expressly asked to agree. Once agreed, this Policy is legally binding on both parties.


Occasionally we may need to change this Policy. We will make you aware of any changes in advance, and tell you the date when those changes apply. By continuing to use the Just In Case app after that date, you agree to the revised Policy. Otherwise, you are free to close your Just In Case account (see “Closing your Account” below).


Personally identifiable information such as your name, email address, telephone number, and payment information, and your health information such as any information about a medical condition or other information submitted by you and persons authorized by you and from third party data sources approved by you in your Just In Case account, (“Your Data”) is completely controlled by and belong to you. Except as provided in this Policy, we will never use Your Data for any purpose without your express permission.

General Just In Case user information includes data such as (i) profile data (e.g. date of birth, gender or country data), (ii) technology data (e.g. device & browser type), (iii) user behaviour data such as how often owners login and for how long, how, what features are used and how often, etc. We use general user information to improve our product, services and overall user experience.

Anonymized and aggregated data includes Your Data which has been de-identified and aggregated with other Just In Case users and, in some cases, non- Just In Case user data. We use anonymized and aggregated to learn more about our Just In Case users’ needs and interests, to identify how we can improve the Just In Case to better serve our users, and to determine what third party products and services may be most useful and valuable to them. We reserve the right to disclose anonymized and aggregated data publicly without restriction.

You may keep Your Data completely private or share everything with one or more people or organizations through the settings in your Just In Case account. Once you share Your Data, a permitted user can then view the PDF version, save outside your Just In Case, and may even share Your Data with others. They may also have re-published Your Data on the internet or other locations and could continue to share Your Data without your permission. Once Your Data is shared with others, or is out on the internet, it is nearly impossible to have it completely erased. You are responsible for what happens to Your Data after you share it. When you share Your Data, you are authorizing us to use, distribute, and otherwise make available Your Data as you instruct or permit. Where you have chosen to give access to Your Data to any third parties (including, but not limited to, medical providers, family members, insurers, and other Just In Case users) for medical diagnosis, care delivery, payments, support, analysis, and other purposes in either or both anonymous and personally identified formats with that party’s requirement that some or all of Your Data will not be deleted in the future (in connection, for example, with their copy of your medical records, and billing and legal needs), then Your Data will continue to be stored, shared and used as you have agreed. We do not limit or control with whom you share Your Data. Parties with whom you share Your Data may have very different privacy policies and terms of use from ours. You understand and accept that it is your responsibility, prior to sharing Your Data, to review and choose to accept the privacy policy and terms and conditions of any parties with whom you share Your Data and the implications of such sharing. You agree not to hold us responsible for any use or publication of Your Data which you have chosen to share from your Just In Case account.

Except as we state in this Policy, we will not make Your Data available to anyone with whom you have not instructed or permitted us to distribute or share Your Data. Where we believe in good faith that we have a legal obligation to make that data available to the authorities, or if the threat of physical harm or other damage exists to you, our company, or someone else, we reserve the right to provide any information to the proper authorities and as needed to protect those parties from harm.

Prior to us stopping business for any reason, we will notify you where we can, in advance, and allow you to export or delete Your Data. If we are acquired, purchased, merged or operated by another company, that company could change this Policy or our Terms of Use, including provisions governing how it treats Your Data. You must be notified of any changes to this Policy and, if changes are objectionable to you, your options include the export of Your Data, closing your account and deletion of its contents (as described below).


We are a UK company. You agree to have your information stored and processed in the United Kingdom or other countries as determined by us in our sole and absolute discretion.

If you are a non UK user of the app, by providing us with information, you acknowledge and agree that your Personal Information may be processed for the purposes identified in the Privacy Policy. In addition, your Personal Information may be processed in the country in which it was collected and in other countries, including the United Kingdom, where laws regarding processing of Personal Information may be less stringent than the laws in your country. By providing your information, you consent to such transfer.


By setting up a Just In Case account, you represent that you have either reached the age of “majority” where you live or have valid parent or legal guardian consent to be bound by these Terms, and that you are not barred from setting up an account, using a Just In Case under applicable laws. If you do not know whether you have reached the age of majority where you live or do not understand this section, please ask your parent or legal guardian for help before you create an account. If you as a parent or guardian create an account for a minor or you are the parent or guardian of a minor who sets up an account, you accept these Terms on the minor’s behalf, and are responsible for all use of the Just In Case account.

You can create a Just In Case for others only where you are the authorized individual-representative (a parent, guardian, or legal representative establishing a subscription for a Just In Case). By setting up such an account you automatically certify and agree that (i) you have this authority, (ii) we are entitled to rely of your certification as true, and (iii) you will hold us harmless from any claim by such others that you did not have authority to create a Just In Case for them. Subject to an agreement with our company, we will permit organizations (including not-for-profit entities) and individuals to create Just In Case account, set up accounts for others and encourage them to use a Just In Case. Whether you set up your own Just In Case account or one is set up for you and you agree to become a Just In Case user, these Terms shall apply to you and govern your relationship with us.

We reserve the right to restrict in our sole discretion who is eligible to use the Just In Case app, or set up an account, and to reject a request to create a Just In Case account or close an account at any time without liability. We will only do this where we believe we have a reasonable concern or issue.


We take security very seriously and use multiple methods of encryption and security to ensure that Your Data is protected when it is in your Just In Case app. However, we cannot and do not guarantee that a breach will never occur or that Your Data will be 100% secure and will never be misused, and you acknowledge and agree that we cannot be held responsible for any breach or unauthorized access to or use of Your Data.

We provide you with an option to share Your Data via email, which will not encrypt or protect Your Data during transmission. You agree that when you share Your Data using tools which do not provide the necessary encryption and other appropriate protections, that you do so knowingly, at your own risk; and we cannot be held responsible for any breach, hack, or unauthorized access to or use of Your Data.

To prevent access to your Just In Case account by people with malicious intent, we strongly encourage you to follow best practices for a safe password, identity and personal health information management, and to not share your Just In Case account credentials or Your Data with anyone with whom you do not have a high level of trust.


From time to time, we may establish business relationships with other businesses whom we believe are trustworthy, and who have confirmed that their privacy practices are consistent with ours (“Service Providers”). This may include certain services, such as hosting and maintenance, and data storage and management. We only provide our Service Providers with the information necessary for them to perform these services for us or carry out a service or transaction requested by you. Each Service Provider must agree to use reasonable security procedures and practices, appropriate to the nature of the information involved, in order to protect Your Data from unauthorized access, use, or disclosure. Service Providers are prohibited from using Your Data other than in compliance with our privacy policy and as specified by us.


Your Just In Case account and all of its content belong to you. You have control over your Just In Case account and how much of Your Data you share with others. You are solely responsible for verifying the identity of those you have shared your Just In Case data with, organizations which have created and invited you to use a Just In Case app, and monitoring the access to and use of your Just In Case by those whom you, authorized others and/or organizations have invited to your Just In Case. We are not responsible nor liable for anyone you allow to access your Just In Case app or use Your Data.


Once you establish a Just In Case account it will continue to exist until closed by you or us. You can stop using your Just In Case app and close your account with us at any time. You simply need to notify us by email at

We can suspend or close your account for lack of use, violation of this Privacy Policy or our Terms of Use, or other reasons which we deem sufficient in our discretion. We will notify you in advance of suspending or closing your account and allow you a right of appeal to us to be reinstated. The form of the appeal and final decision shall be in our sole and absolute discretion.

When your account is closed, we will provide you, by a means to be determined by us in our discretion, with a PDF format of Your Data as it then exists in your Just In Case account. Except where you have agreed to share Your Data as set out below, we will delete all of Your Data within a reasonable period (around 60-90 days). Note that once Your Data is deleted it cannot be retrieved. We will retain system logs in relation to your Just In Case tracking the deletion, but not retaining Your Data.

Where you have chosen to give access to Your Data to any third parties (including other Just In Case users) for analytical and other purposes in both anonymous and/or personally identified formats with the requirement that some or all of Your Data will not be deleted in the future, then Your Data will continue to be stored, shared and used as you have agreed.


We use analytical tools to monitor aggregate usage of our Just In Case app by our population of users for internal purposes to help us deliver and improve our app to you. This may include cookie information, anonymized IP address information, location information, and usage or platform access information.

You agree that we may collect and use this information (and share it with our Service Providers) to assist us in our internal business operations.


We use cookies (a small text file placed on your computer to identify your computer and web browser) and may use anonymous identifiers (a random string of characters that is used for the same purposes as a cookie). We use cookies and other anonymous identifiers to analyse use of and improve the Just In Case app. We do not use cookies to collect personally identifiable information. Most web browsers are initially set up to accept cookies. You can reset your web browser to refuse all cookies or to indicate when a cookie is being sent; however, certain features of the Just In Case app may not work if you delete or disable cookies. Some of our Service Providers may use their own cookies, anonymous identifiers, or other tracking technology in connection with the services they perform on our behalf.

We use Google Analytics on our website to collect usage data, to analyse how users use the website. For more information about how to opt out of having your information used by Google Analytics, visit


The Just In Case app is intended for users who are 13 years of age and older. If we become aware that we have inadvertently received information relating to a child who is younger than 13, we will promptly delete that information from our records.


a) In this clause 13, the following definitions apply:
i) Controller: as defined in the applicable Data Protection Legislation.
ii) Data Protection Legislation: up to but excluding 25 May 2018, the Data Protection Act 1998 and thereafter (i) unless and until the GDPR is no longer directly applicable in the UK, the GDPR and any national implementing laws, regulations and secondary legislation, as amended or updated from time to time, in the UK and then (ii) any successor legislation to the GDPR or the Data Protection Act 1998.
iii) GDPR: General Data Protection Regulation ((EU) 2016/679).
iv) Personal Data: as defined in the applicable Data Protection Legislation.
v) Personal Data Breach: as defined in the applicable Data Protection Legislation.
vi) processing: as defined in the applicable Data Protection Legislation (and related terms such as process have corresponding meanings).
vii) Processor: as defined in the applicable Data Protection Legislation.
viii) Transfer Safeguards: means safeguards that are recognised under the Data Protection Legislation for permitting the transfer of Personal Data outside of the European Economic Area.
b) You and MGM Psychology Ltd will comply with all applicable requirements of the Data Protection Legislation and all relevant Codes of Practice and other guidelines issued by the Office of the Information Commissioner in respect of the Personal Data which is processed via, or is caused to be processed by MGM Psychology Ltd in MGM Psychology Ltd providing its products and services. Our Privacy Notice (available at applies to our processing of Personal Data. This clause 13 is in addition to, and does not relieve, your or MGM Psychology Ltd’s obligations under the Data Protection Legislation and other guidelines issued by the Office of the Information Commissioner.
c) Without limitation to clause 13(b), it is MGM Psychology Ltd’s policy to follow the Code of Practice for information management systems set out in ISO/ICE 27001.
d) MGM Psychology Ltd may engage third-party Processors to carry out any processing activities in respect of the Personal Data that it processes as part of providing the MGM Psychology Ltd products and services, and MGM Psychology Ltd shall notify you of any such third-party Processors by posting details on MGM Psychology Ltd’s website and/or by including relevant details in the Privacy Notice. MGM Psychology Ltd confirms that it has entered into or (as the case may be) will enter into with the third-party Processor a written agreement incorporating terms which are substantially similar to those set out in this clause 13. As between the MGM Psychology Ltd and you, MGM Psychology Ltd shall remain fully liable for all acts or omissions of any third-party Processor appointed by it.
e) To the extent that MGM Psychology Ltd is ever acting as a Processor in processing the Personal Data as part of the MGM Psychology Ltd products and services on your behalf with you acting as a Controller, MGM Psychology Ltd  shall:
i) process that Personal Data only on your written instructions (and you hereby instruct MGM Psychology Ltd to process the Personal Data you supply in order to provide you with the MGM Psychology Ltd products and services) unless MGM Psychology Ltd is otherwise required by the laws of any member of the European Union or by the laws of the European Union applicable to MGM Psychology Ltd to process Personal Data (Applicable Laws). Where the MGM Psychology Ltd is relying on Applicable Laws as the basis for processing the Personal Data, MGM Psychology Ltd shall notify you of this before performing the processing required by the Applicable Laws unless those Applicable Laws prohibit MGM Psychology Ltd from so notifying you;
ii) ensure that it has in place appropriate technical and organisational measures to protect against unauthorised or unlawful processing of the Personal Data and against accidental loss or destruction of, or damage to, the Personal Data, appropriate to the harm that might result from the unauthorised or unlawful processing or accidental loss, destruction or damage and the nature of the data to be protected, having regard to the state of technological development and the cost of implementing any measures (those measures may include, where appropriate, pseudonymising and encrypting the Personal Data, ensuring confidentiality, integrity, availability and resilience of systems and services, ensuring that availability of and access to Personal Data can be restored in a timely manner after an incident, and regularly assessing and evaluating the effectiveness of the technical and organisational measures adopted);
iii) ensure that all of MGM Psychology Ltd’s personnel who have access to and/or process the Personal Data are obliged to keep the Personal Data confidential;
iv) only transfer the Personal Data to any country outside the European Economic Area if Transfer Safeguards are in place for such transfer (to the extent required by Data Protection Legislation);
v) notify you without undue delay on becoming aware of a Personal Data Breach;
vi) at your written direction, delete or return the Personal Data and copies thereof to you on termination of these Terms and Conditions unless MGM Psychology Ltd is required by Applicable Law to store the Personal Data, but MGM Psychology Ltd shall not be required under this clause to delete Personal Data (including from backup copies), which has been stored in accordance with any retention periods set out in MGM Psychology Ltd’s retention policy, where to do so would not be technically reasonable having regard to all the circumstances; and
vii) maintain, in accordance with Data Protection Legislation binding on MGM Psychology, written records of all categories of processing activities carried out by MGM Psychology Ltd on your behalf.
f) All information shared between the parties, or otherwise accessed, in relation to these Terms and Conditions shall be held confidential by the other party.


If you have any questions or concerns or complaints about our Privacy Policy or our information collection or processing practices, or if you want to report any security violations to us, please contact us at