SleepNav CDSS – Privacy Notice for Pharmacist Users. Last updated: 16 March 2026.
SleepNav is a clinical decision support system for community pharmacy sleep services. It was designed from inception to operate without patient-identifiable data. Patients complete a screening on a pharmacy tablet; the app generates a short alphanumeric code that encodes their clinical responses. The pharmacist enters the code into the SleepNav CDSS, which provides an evidence-based recommendation. At no point does any patient name, date of birth, address, NHS number, or other personal identifier enter the system.
This is not a limitation or a gap in development. It is a deliberate architectural decision that implements the data minimisation principle of UK GDPR Article 5(1)(c): the system achieves its clinical purpose without personal data, so none is collected. As a result, SleepNav does not require a Data Protection Impact Assessment for patient data, does not require a Data Processing Agreement between Snorer.com Ltd and your pharmacy, does not require NHS Information Governance approval, and cannot be subject to a Subject Access Request, court order, or law enforcement enquiry for patient-identifiable information – because none exists.
This Privacy Notice therefore addresses only the personal data of pharmacist users of the CDSS. It is short because the data processing is simple: one data controller (Snorer.com Ltd), one category of data subject (pharmacists), and no patient data.
Snorer.com Limited is the data controller for the personal data you provide when using the SleepNav Clinical Decision Support System (CDSS). Our contact details are:
Snorer.com Limited
4 Waterford Lane, Cherry Willingham, Lincoln, LN3 4AL
Email: contact@sleepnav.com
Company registration: 08144806
ICO registration: Z3279480
When you register for and use the SleepNav CDSS, we collect and process:
SleepNav does not collect, store, or process any patient-identifiable data. No patient names, dates of birth, addresses, NHS numbers, or other personal identifiers enter the system at any point. Screening codes encode clinical variables only – they cannot be linked to any identified or identifiable patient by Snorer.com Ltd or by anyone with access to the CDSS.
This means that, unlike health technology platforms that hold patient records, SleepNav:
The clinical record of care – including the patient’s identity and the decisions you make – belongs in your pharmacy’s Patient Medication Record (PMR), where it is protected by your existing professional obligations and governance arrangements.
We process your personal data on the following legal bases:
Contract (Article 6(1)(b)): Processing your account data, consultation records, and billing information is necessary for the performance of the contract between Snorer.com Ltd and your subscribing pharmacy premises.
Legitimate interests (Article 6(1)(f)): Processing login activity, session data, and usage analytics for service security, quality improvement, and abuse prevention. Our legitimate interest is maintaining a secure and reliable clinical decision support service. This does not override your rights – the data processed is limited to what is necessary for service operation.
Legal obligation (Article 6(1)(c)): Retaining billing records as required by HMRC (6 years).
eeZed Ltd (company number 07907333): Billing administrator. Processes subscription and screening charges via Stripe on behalf of Snorer.com Ltd.
Stripe: Payment processor. Handles card details and payment transactions. Snorer.com Ltd does not store your card details. Stripe’s privacy policy applies to payment data.
Voyage AI: Knowledge Navigator queries are processed using Voyage AI’s embedding API to retrieve relevant clinical guidance. Query text is sent to Voyage AI for embedding generation. No patient data is included in queries. Voyage AI’s data processing terms apply.
Anthropic: Knowledge Navigator responses are generated using Anthropic’s API. Query text and retrieved clinical guidance are sent to Anthropic to generate the pharmacist-facing response. No patient data is included. Anthropic’s data processing terms apply.
We do not sell your personal data. We do not share your data with any other third parties except as required by law.
Your account data and consultation records are stored on servers in the London region (DigitalOcean, London data centre). Billing data is processed by Stripe (data centres in the EU/UK). Voyage AI and Anthropic API calls may be processed on servers outside the UK; appropriate safeguards (Standard Contractual Clauses or UK adequacy decisions) apply.
Under UK GDPR, you have the right to: access your personal data; rectify inaccurate data; request erasure (subject to our retention obligations); restrict processing; data portability; and object to processing based on legitimate interests. To exercise any of these rights, contact contact@sleepnav.com.
You also have the right to complain to Snorer.com Limited if you believe we have processed your personal data in a way that breaches data protection law (Data Protection Act 2018, section 164A, as inserted by the Data (Use and Access) Act 2025). We have a documented complaints procedure: see Data Protection Complaints for full details, including how to lodge a complaint and how we will handle it. We will acknowledge complaints within 30 days and respond without undue delay.
If you are not satisfied with how we have handled your complaint, you also have the right to lodge a complaint directly with the Information Commissioner’s Office (ICO): https://ico.org.uk/make-a-complaint/
Zone 2 (cdss.sleepnav.com) uses essential session cookies required for authentication. No analytics cookies, advertising cookies, or third-party tracking cookies are used. No cookie consent banner is required because only strictly necessary cookies are set.
Zone 1 (app.sleepnav.com) sets no cookies of any kind.
We may update this Privacy Notice from time to time. Updates will be posted at cdss.sleepnav.com and the “Last updated” date will be revised. Material changes will be notified to registered users by email.