Privacy Policy

1. Introduction

StudyBank Learning, Inc. (“StudyBank,” “we,” “our,” or “us”) is committed to protecting your privacy. This Privacy Policy describes how we collect, use, disclose, and safeguard your personal information when you use our adaptive medical learning platform and related services (collectively, the “Service”).

By accessing or using the Service, you consent to the practices described in this Privacy Policy. If you do not agree with this policy, please do not use the Service.

2. Information We Collect

2.1 Information You Provide

When you create an account or use the Service, you may provide us with:

• Name and email address
• Medical school or educational institution (optional)
• Year of study and academic program
• Target examination and anticipated exam date
• Profile photo (optional)
• Forum posts, study notes, and other user-generated content
• Communications with our support team

2.2 Information Collected Automatically

When you use the Service, we automatically collect certain information, including:

• Questions answered, scores, and performance metrics
• Study session duration, frequency, and patterns
• Feature usage and navigation patterns
• Device information (type, operating system, browser)
• IP address and approximate geographic location
• Cookies and similar tracking technologies (see Section 8)
• Log data (access times, pages viewed, error reports)

2.3 Payment Information

Payment processing is handled by our third-party payment processor, Stripe, Inc. We do not store your full credit or debit card number on our servers. We receive and store only the last four digits of your card number, card type, and billing address for record-keeping and fraud prevention purposes.

3. How We Use Your Information

We use the information we collect for the following purposes:

• Provide, operate, and maintain the Service
• Personalize your learning experience and generate adaptive study plans
• Track your progress and calculate mastery levels
• Enable community features such as forums and study groups
• Send account-related notifications, service updates, and security alerts
• Respond to your inquiries and support requests
• Process transactions and send billing-related communications
• Analyze usage trends to improve the Service through aggregated, de-identified analytics
• Detect, prevent, and address fraud, abuse, and security issues
• Comply with legal obligations

4. Legal Bases for Processing (GDPR)

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, we process your personal data based on the following legal grounds:

• Contract Performance: Processing necessary to provide you with the Service pursuant to our Terms of Service
• Legitimate Interests: Processing for our legitimate business interests, such as improving the Service, preventing fraud, and ensuring security, where such interests are not overridden by your rights
• Consent: Processing based on your specific consent, which you may withdraw at any time
• Legal Obligation: Processing necessary to comply with applicable laws and regulations

5. Information Sharing and Disclosure

We do not sell your personal information to third parties. We may share your information in the following circumstances:

5.1 Service Providers

We share information with third-party vendors who assist us in operating the Service, including:

• Cloud hosting and infrastructure (e.g., Amazon Web Services)
• Payment processing (Stripe, Inc.)
• Analytics services (e.g., Google Analytics, Mixpanel)
• Email and communication services
• Customer support tools

Our service providers are contractually obligated to use your information only for the purposes of providing services to us and in accordance with this Privacy Policy.

5.2 Community Features

If you participate in study groups or forums, other members may see your display name, profile photo, and content you post. You can control your visibility through your account privacy settings.

5.3 Institutional Accounts

If your educational institution has an institutional account with StudyBank, designated administrators may have access to aggregated, de-identified performance data. Individual performance data will only be shared with administrators if you have provided explicit consent.

5.4 Legal Requirements

We may disclose your information if required to do so by law or in the good faith belief that such action is necessary to: (a) comply with a legal obligation or valid legal process; (b) protect and defend the rights or property of StudyBank; (c) prevent or investigate possible wrongdoing; or (d) protect the personal safety of users or the public.

5.5 Business Transfers

In the event of a merger, acquisition, reorganization, bankruptcy, or sale of all or a portion of our assets, your personal information may be transferred as part of that transaction. We will notify you via email and/or a prominent notice on the Service of any change in ownership or uses of your personal information.

6. Data Retention

We retain your personal information for as long as your account is active or as needed to provide you with the Service. Specifically:

• Account data is retained for the duration of your account plus 30 days after deletion request
• Study performance data is retained for the duration of your account and deleted upon account deletion
• Payment records are retained for 7 years to comply with tax and financial reporting obligations
• Server logs are retained for up to 90 days
• Aggregated, de-identified data may be retained indefinitely for analytical and research purposes

When data is no longer required, we securely delete or anonymize it in accordance with industry best practices.

7. Data Security

We implement industry-standard technical and organizational measures to protect your personal information, including:

• Encryption of data in transit using TLS/SSL protocols
• Encryption of data at rest using AES-256 encryption
• Secure password hashing using bcrypt
• Regular security audits and vulnerability assessments
• Role-based access controls and multi-factor authentication for staff
• SOC 2 Type II compliant infrastructure
• Regular employee security training

While we take reasonable measures to protect your information, no method of transmission or storage is 100% secure. We cannot guarantee absolute security of your data.

8. Cookies and Tracking Technologies

8.1 Types of Cookies We Use

• Essential Cookies: Required for the Service to function, such as maintaining your login session and remembering your preferences
• Analytics Cookies: Help us understand how users interact with the Service so we can improve functionality and user experience
• Performance Cookies: Monitor and optimize the performance and speed of the Service

8.2 Managing Cookies

You can control cookies through your browser settings. Disabling certain cookies may limit your ability to use some features of the Service. We honor Do Not Track (DNT) signals from your browser.

9. Your Rights and Choices

9.1 All Users

Regardless of your location, you have the right to:

• Access: Request a copy of the personal data we hold about you
• Correction: Request correction of inaccurate or incomplete personal data
• Deletion: Request deletion of your account and associated personal data
• Data Portability: Download your study data in a commonly used, machine-readable format
• Opt-Out: Unsubscribe from marketing emails at any time using the unsubscribe link in any marketing email

9.2 California Residents (CCPA/CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA):

• Right to Know: You may request that we disclose the categories and specific pieces of personal information we have collected, the categories of sources, the purposes for collection, and the categories of third parties with whom we share information
• Right to Delete: You may request deletion of personal information we have collected, subject to certain exceptions
• Right to Correct: You may request correction of inaccurate personal information
• Right to Opt-Out of Sale/Sharing: We do not sell your personal information. We do not share your personal information for cross-context behavioral advertising
• Right to Non-Discrimination: We will not discriminate against you for exercising your CCPA/CPRA rights

To submit a request, contact us at support@studybank.ai. We will verify your identity before processing your request. You may also designate an authorized agent to make requests on your behalf.

9.3 EEA, UK, and Swiss Residents (GDPR)

If you are located in the European Economic Area, United Kingdom, or Switzerland, you have additional rights under the General Data Protection Regulation (GDPR):

• Right to Restrict Processing: You may request that we restrict the processing of your personal data in certain circumstances
• Right to Object: You may object to our processing of your personal data based on our legitimate interests
• Right to Withdraw Consent: Where processing is based on consent, you may withdraw consent at any time
• Right to Lodge a Complaint: You have the right to lodge a complaint with your local data protection authority

To exercise these rights, contact our Data Protection Officer at support@studybank.ai.

10. International Data Transfers

StudyBank is based in the United States. If you access the Service from outside the United States, your information may be transferred to and processed in the United States. We take appropriate safeguards to ensure that your personal data receives an adequate level of protection, including:

• Standard Contractual Clauses (SCCs) approved by the European Commission
• Data processing agreements with all service providers
• Compliance with applicable data transfer frameworks

11. Children’s Privacy

The Service is designed for adult learners and is not intended for individuals under the age of 18. We do not knowingly collect personal information from anyone under 18 years of age. If we become aware that we have collected personal information from a person under 18, we will take steps to delete that information promptly. If you believe that a minor has provided us with personal information, please contact us at support@studybank.ai.

12. Third-Party Links and Services

The Service may contain links to third-party websites or services that are not owned or controlled by StudyBank. We are not responsible for the privacy practices of these third parties. We encourage you to review the privacy policies of any third-party services you access through the Service.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or applicable law. We will notify you of material changes by sending an email to the address associated with your account and/or by posting a prominent notice within the Service at least 30 days before the changes take effect. Your continued use of the Service after the effective date of the revised policy constitutes your acceptance of the changes.