Privacy Policy

1. Information We Collect

Account Information: When you register, we collect your email address, display name, and password (stored in hashed form). We do not collect your real name, medical school affiliation, or any protected health information.

Performance Data: We collect your answers to questions, study session activity, flashcard review history, self-assessment scores, and AI conversation content. This data is used exclusively to power your personalized learning experience, including analytics, readiness predictions, and AI tutoring.

Behavioral Signals: The Platform collects anonymized behavioral data including time spent on questions, keyword interactions, session duration, and focus patterns. These signals are used to improve your learning profile and are never shared with third parties.

Technical Data: We automatically collect standard technical information including IP address, browser type, device type, and usage timestamps for security and service optimization.

2. How We Use Your Information

We use your information exclusively to provide and improve the Platform. Specifically, we use your data to: generate personalized study recommendations and analytics; power the AI tutoring system with your performance context; calculate exam readiness predictions; deliver weekly progress reports via email; improve the quality of questions, explanations, and AI responses; and ensure the security and integrity of the Platform.

We do not use your data for advertising. We do not sell your data. We do not share your individual performance data with any third party, including medical schools, residency programs, or employers.

3. AI Data Processing

When you interact with AI features, your messages and relevant performance context are sent to Anthropic's Claude API for processing. Anthropic processes this data under their data processing agreement and does not use your inputs to train their models. We do not send your email address, real name, or account credentials to AI service providers.

4. Data Storage and Security

Your data is stored on secure cloud infrastructure provided by Supabase (PostgreSQL database), Render (application hosting), and Vercel (frontend hosting). All data is encrypted in transit via TLS. Database access is restricted to authenticated application services only. We implement industry standard security practices including parameterized queries, JWT authentication, and role based access controls.

5. Data Retention

We retain your account data and performance history for as long as your account is active. If you delete your account, we will delete your personal data within 30 days. Anonymized, aggregated data that cannot be linked back to you may be retained indefinitely for platform improvement purposes.

6. Your Rights

You have the right to: access the personal data we hold about you; request correction of inaccurate data; request deletion of your account and associated data; export your performance data in a portable format; and opt out of weekly email communications.

To exercise any of these rights, contact us at the email address below.

7. Cookies and Tracking

The Platform uses essential cookies for authentication (JWT session tokens) and does not use third party advertising or tracking cookies. We use Sentry for error monitoring, which may collect anonymized technical data to help us identify and fix bugs.

8. Children's Privacy

The Platform is not intended for individuals under 18 years of age without parental consent. We do not knowingly collect personal information from children under 13. If we become aware that we have collected data from a child under 13 without parental consent, we will delete that information promptly.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or through a notice on the Platform. Your continued use of the Platform after such notification constitutes acceptance of the updated policy.

10. Contact

For questions about this Privacy Policy or to exercise your data rights, contact us at fxmedus+medboardpro@gmail.com.