Privacy Policy

Essential Platform Functions

• Provide and maintain our medical education platform and services
• Process user registration and account management
• Handle subscription billing and payment processing
• Deliver customer support and respond to inquiries
• Ensure platform security and prevent unauthorized access

Personalized Learning

• Personalize your learning experience with AI-powered recommendations
• Track study progress and identify knowledge gaps
• Generate customized study guides and flashcard sets
• Provide adaptive question difficulty based on performance
• Deliver specialty-specific content and board exam preparation

Communication and Updates

• Send important updates about your account and our services
• Deliver educational content and study reminders (with your consent)
• Notify you about new features and platform improvements
• Share relevant medical education content and resources

Analytics and Improvement

• Analyze platform usage patterns to improve user experience
• Conduct research to enhance educational effectiveness
• Develop new features and content based on user feedback
• Optimize platform performance and loading times
• Generate anonymized reports for educational research

Essential Cookies

Required for basic platform functionality, including user authentication, security, and session management. These cannot be disabled.

Performance Cookies

Help us understand how you interact with our platform, allowing us to improve performance and user experience.

Functional Cookies

Remember your preferences, settings, and study progress to provide a personalized experience.

Analytics Cookies

Used to analyze platform usage patterns and generate anonymized usage statistics. You can opt out of these in your account settings.

Service Providers

We work with trusted third-party service providers who help us operate our platform, including providers for:

• Database and authentication services
• Payment processing and billing
• AI and machine learning functionality
• Web hosting and content delivery
• Cloud infrastructure and file storage
• Analytics and performance monitoring
• Customer support and communication tools

All service providers are bound by strict data processing agreements and confidentiality requirements. We carefully vet all third parties to ensure they meet our security and privacy standards.

Legal Requirements

• To comply with applicable laws, regulations, or legal processes
• To respond to lawful requests from government authorities
• To protect our rights, privacy, safety, or property and that of our users
• To investigate and prevent fraudulent, unauthorized, or illegal activities

Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of the transaction, subject to the same privacy protections.

Anonymized Data

We may share aggregated, anonymized data for research purposes, educational studies, or to improve medical education generally. This data cannot be used to identify individual users.

Technical Safeguards

• End-to-end encryption of data in transit using TLS 1.3
• AES-256 encryption of sensitive data at rest
• Multi-factor authentication for administrative access
• Regular automated security scanning and vulnerability assessments
• Secure API endpoints with rate limiting and authentication

Administrative Controls

• Role-based access controls limiting data access to authorized personnel
• Regular security training for all team members
• Background checks for employees with access to personal data
• Incident response procedures for security breaches
• Regular security audits by third-party security firms

Infrastructure Security

• Hosting on industry-certified cloud infrastructure with appropriate compliance certifications
• Network security controls including firewalls and intrusion detection systems
• Regular encrypted data backups with secure off-site storage
• Disaster recovery procedures with geographic redundancy
• Continuous monitoring and threat detection systems

Universal Rights

• Access: Request a copy of the personal information we hold about you
• Correction: Update or correct inaccurate or incomplete information
• Deletion: Request deletion of your account and associated personal data
• Data Portability: Export your data in a machine-readable format
• Communication Preferences: Opt out of marketing and non-essential communications

Additional EU/UK Rights (GDPR)

• Restriction: Request limitation of processing in certain circumstances
• Objection: Object to processing based on legitimate interests or direct marketing
• Consent Withdrawal: Withdraw consent for data processing at any time
• Complaint: File a complaint with your local data protection authority
• No Automated Decision-Making: Opt out of automated profiling that significantly affects you

California Rights (CCPA/CPRA)

• Know: Right to know what personal information is collected and how it's used
• Delete: Right to request deletion of personal information
• Opt-Out: Right to opt out of the sale of personal information (we don't sell data)
• Non-Discrimination: Right not to receive discriminatory treatment for exercising rights
• Correct: Right to correct inaccurate personal information