The Med School AI

Privacy Policy

Last updated: January 1, 2026

This Privacy Policy explains how The Med School AI ("we", "us") collects, uses, and safeguards your personal information when you use our website and platform (the "Service"). It is designed to comply with the General Data Protection Regulation (GDPR) for users in the EU/EEA and the Information Technology Act, 2000 (along with the Digital Personal Data Protection Act, 2023) for users in India.

1. Information We Collect

  • Account data: name, email, target exam, password (hashed).
  • Usage data: MCQs attempted, flashcard reviews, test scores, AI Tutor messages.
  • Payment metadata: subscription status and billing identifiers from our payment processor. We do not store full card details.
  • Device & log data: IP address, browser, OS, error logs for security and reliability.

2. How We Use Your Data

  • To provide and personalize the Service (analytics, spaced repetition, exam recommendations).
  • To process payments and manage subscriptions.
  • To send transactional emails (receipts, account notices).
  • To comply with legal obligations and prevent abuse.

3. Legal Basis (GDPR)

We process personal data on the basis of contract performance (delivering the Service), legitimate interest (security, product improvement), legal obligation (tax, accounting), and your consent where required.

4. AI Tutor

Messages you send to the AI Tutor are processed by our AI infrastructure to generate educational responses. We retain chat history within your account so you can review past conversations. You may delete your history at any time from Settings.

5. Sharing

We do not sell your personal data. We share data only with sub-processors required to run the Service: our cloud provider (database, authentication, file storage), our payment processor, our AI provider, and email delivery providers. All sub-processors are bound by data-processing agreements.

6. Data Retention

We retain account data while your account is active. After deletion, we keep limited billing and tax records for the period required by law (typically 7 years in India) and then delete or anonymize the data.

7. Security

Data is encrypted in transit (TLS) and at rest. Access is enforced by Row-Level Security on every user-data table, so users can only access their own rows.

8. Your Rights

Subject to applicable law, you may request access, correction, deletion, portability, restriction of processing, or object to processing of your personal data. To exercise any of these rights, email support@themedschool.app. EU/EEA users may also lodge a complaint with their local supervisory authority.

9. Children

The Service is intended for users aged 13 and above. We do not knowingly collect personal data from children under 13.

10. International Transfers

Your data may be processed outside your country of residence. We use providers with appropriate safeguards (e.g., EU Standard Contractual Clauses) where required.

11. Contact

Data Protection contact: support@themedschool.app. The Med School AI is registered in Karnataka, India.