Privacy Policy — Medical Education Questions

1. Information We Collect

We collect the following categories of information:

Information you provide directly: Name, email address, password (hashed), username, and payment information (processed by Stripe — we do not store credit card numbers). When using Google OAuth, we receive your Google profile information (email, name, Google ID).

Automatically collected information: Session data, login timestamps, IP addresses, browser type, device information, and platform usage patterns. We use session cookies to maintain your authentication state.

Generation data: Question generation requests (category, difficulty, topic), generated question content, and delivery status. Generated questions and purchase history are stored securely and associated with your account.

2. How We Use Your Information

We use the information we collect to: (a) provide, operate, maintain, and improve the Platform; (b) process your question generation requests through our AI pipeline; (c) deliver generated questions via email and dashboard; (d) process payments securely via Stripe; (e) verify your identity and email address; (f) send you notifications about completed generations and delivery status; (g) protect against fraud, abuse, and violations of our Terms of Use; (h) comply with legal obligations.

3. AI and Third-Party Data Processing

Your generation requests (category, difficulty, topic) are processed by AI systems, including third-party AI services, to generate questions. This processing includes question generation, multi-model validation, explanation creation, and infographic generation.

Important disclosures about AI processing: (a) Your generation request data is transmitted to third-party AI service providers for processing, and is subject to those providers' own terms of service and privacy policies; (b) AI processing may result in inaccurate or incomplete outputs; (c) we cannot guarantee how third-party AI providers store, process, or retain the data transmitted to them; (d) third-party AI providers may update their systems at any time, which may affect the quality of generated outputs. By using the Platform, you consent to this processing and acknowledge these risks.

4. Information Sharing and Disclosure

We share your information in the following circumstances: (a) your email address and generation request data are transmitted to our AI processing pipeline for question generation; (b) your email address is used by SendGrid to deliver generated questions; (c) your payment information is processed by Stripe; (d) we may disclose information when required by law, legal process, subpoena, court order, or government request; (e) we may disclose information to protect our rights, property, or safety, or the rights, property, or safety of our users or others; (f) in the event of a merger, acquisition, bankruptcy, or sale of assets, your information may be transferred to the acquiring entity.

We do not sell your personal information to third parties. We do not share your generated questions with other users or make them publicly accessible.

5. Data Storage and Security

We store your data in SQLite databases with your account information. Passwords are hashed using industry-standard algorithms. We implement technical and organizational security measures designed to protect your personal data against unauthorized access, alteration, disclosure, or destruction.

Security limitations: DESPITE OUR SECURITY MEASURES, NO METHOD OF ELECTRONIC TRANSMISSION OR STORAGE IS 100% SECURE. We cannot guarantee absolute security of your data. You acknowledge these inherent risks and agree that you transmit your personal information at your own risk. We are not liable for any unauthorized access to, or alteration, theft, or destruction of, your data through accident, misuse, or unauthorized means.

6. Data Retention

We retain your personal data for as long as your account is active or as needed to provide you with our services. Generated questions and purchase history are retained alongside the associated user data. If you delete your account, we will make reasonable efforts to delete your personal data within 30 days, except where we are required to retain certain information for legal, regulatory, or compliance purposes, or where data has already been transmitted to third-party services and is outside our ability to delete.

7. Your Rights

Depending on your jurisdiction, you may have certain rights regarding your personal data, including the right to: (a) access and receive a copy of your personal data; (b) correct inaccurate personal data; (c) request deletion of your personal data (subject to certain exceptions); (d) object to or restrict certain processing of your data; (e) data portability; (f) opt out of certain data processing activities. To exercise these rights, please contact us at support@endlessmedical.academy.

8. Cookies and Session Management

We use session cookies to maintain your login state and provide Platform functionality. These are essential cookies necessary for the Platform to operate. We do not currently use third-party tracking cookies, advertising cookies, or analytics cookies.

9. Email Communications

We send you email notifications about: completed question generations with attached deliverables, account verification, and important platform updates. Email delivery relies on third-party email service providers (SendGrid) whose availability and delivery are outside our control. We are not responsible for emails that are delayed, lost, filtered by spam systems, or undelivered.

10. Children's Privacy

The Platform is not intended for individuals under the age of 18. We do not knowingly collect personal information from children under 18. If we learn that we have collected personal information from a child under 18, we will take steps to delete such information promptly.

11. International Users

Your data will be transferred to, stored, and processed in the United States, which may have different data protection laws than your country of residence. By using the Platform, you consent to such transfer, storage, and processing.

12. California Privacy Rights (CCPA)

If you are a California resident, you may have additional rights under the California Consumer Privacy Act (CCPA), including the right to: (a) know what personal information we collect and how we use it; (b) request deletion of your personal information; (c) opt out of the sale of your personal information (we do not sell personal information); (d) non-discrimination for exercising your privacy rights.

13. Data Breach Notification

In the event of a data breach that compromises the security, confidentiality, or integrity of your personal information, we will notify affected users and relevant authorities in accordance with applicable law. We disclaim any liability for damages arising from a data breach, to the maximum extent permitted by law.

14. Changes to This Policy

We may update this Privacy Policy at any time in our sole discretion. We will update the "Last updated" date at the top of this page. Material changes may be communicated through the Platform or via email. Continued use of the Platform after any modifications constitutes your acceptance of the updated Privacy Policy.

15. Operating Entity

AllMeducators is operated by EndlessMedical LLC, located at 5000 Thayer Center, Oakland, MD 21550 US.

16. Contact Us

If you have questions, concerns, or complaints about this Privacy Policy or wish to exercise your privacy rights, please contact us at support@endlessmedical.academy.