Privacy Policy

Effective Date: January 1, 2025

1. Introduction

We respect your privacy and are committed to protecting your personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our USMLE Study Tools and Apps, including Basic Science Crammer, VignetteForge, and any future applications (“Services”).

2. Information We Collect

2.1 Personal Information You Provide

We collect information you provide directly to us, including:

• Account information (name, email address, password)
• Payment information (processed securely through Stripe)
• Profile information (medical school, graduation year)
• Communication preferences

2.2 Information Collected Automatically

When you use our Services, we automatically collect:

• Usage data (study patterns, feature usage, performance metrics)
• Device information (browser type, operating system, IP address)
• Log data (access times, pages viewed, app crashes)
• Cookies and similar tracking technologies

2.3 Study Performance Data

We collect data about your learning activities, including:

• Quiz and test responses
• Study session duration and frequency
• Progress tracking and performance analytics
• Content preferences and difficulty settings

3. How We Use Your Information

We use the collected information to:

• Provide, maintain, and improve our Services
• Process transactions and send related information
• Personalize your learning experience
• Track and analyze your study progress
• Send administrative information and updates
• Respond to your comments and questions
• Send marketing communications (with your consent)
• Detect and prevent fraud or abuse
• Comply with legal obligations

4. Information Sharing and Disclosure

4.1 Service Providers

We share information with trusted third-party service providers who help us operate our Services:

4.2 Legal Requirements

We may disclose information if required by law or in response to valid legal requests from public authorities.

4.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred to the successor entity.

4.4 Aggregated Data

We may share aggregated, non-personally identifiable information for research or marketing purposes.

5. Data Security

We implement appropriate technical and organizational measures to protect your personal information, including:

• Encryption of data in transit (SSL/TLS) and at rest
• Regular security audits and vulnerability assessments
• Limited access to personal information on a need-to-know basis
• Secure authentication protocols with password hashing
• Regular backups and disaster recovery procedures
• PCI-compliant payment processing through Stripe

6. Your Rights and Choices

6.1 Access and Update

You can access and update your personal information through your account settings at any time.

6.2 Delete Account

You may request deletion of your account and associated data by contacting us at integratedusmleprep@gmail.com. We will process your request within 30 days.

6.3 Marketing Communications

You can opt-out of marketing emails by:

• Clicking the unsubscribe link in any marketing email
• Updating your preferences in account settings
• Contacting us directly

6.4 Cookies

You can control cookies through your browser settings. Note that disabling cookies may limit functionality of our Services.

7. Data Retention

We retain your personal information for as long as necessary to:

• Provide our Services to you
• Comply with legal obligations (typically 7 years for financial records)
• Resolve disputes and enforce agreements
• Maintain business records for legitimate purposes

Study performance data is retained to provide long-term progress tracking unless you request deletion.

8. Children’s Privacy

Our Services are not intended for children under 18. We do not knowingly collect information from children under 18. If you believe we have collected information from a child under 18, please contact us immediately.

9. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. We ensure appropriate safeguards are in place for such transfers in accordance with applicable data protection laws.

10. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

• Right to Know: Request information about personal data we collect, use, and share
• Right to Delete: Request deletion of your personal information
• Right to Opt-Out: We do not sell personal information
• Right to Non-Discrimination: Equal service regardless of privacy choices

11. European Privacy Rights (GDPR)

If you are in the European Economic Area (EEA), you have rights under the General Data Protection Regulation (GDPR):

• Right to Access: Obtain a copy of your personal data
• Right to Rectification: Correct inaccurate personal data
• Right to Erasure: Request deletion (“right to be forgotten”)
• Right to Restrict Processing: Limit how we use your data
• Right to Data Portability: Receive your data in a portable format
• Right to Object: Object to certain processing activities

12. Cookie Policy

We use the following types of cookies:

13. Updates to This Policy

We may update this Privacy Policy periodically. We will notify you of material changes by:

• Posting the updated policy with a new effective date
• Sending an email notification for significant changes
• Displaying a prominent notice in our Services

Continued use of our Services after changes indicates acceptance of the updated policy.