Privacy Policy

Privacy Policy

Effective Date: March 13, 2026
Last Updated: March 21, 2026

Med Preps LLC (“we,” “us,” or “our”) operates medpreps.com. This Privacy Policy describes how we collect, use, and protect your personal information when you use our website and services.

1. Information We Collect

Information You Provide

  • Account information: When you register, we collect your name, email address, and username.
  • Payment information: When you purchase access, payment is processed by Stripe. We do not store your credit card number, CVV, or full card details on our servers. Stripe handles payment data in accordance with PCI-DSS standards.
  • Contact information: If you contact us via our contact form, we collect your name, email, and message content.

Information Collected Automatically

  • Usage data: We collect information about how you interact with our site, including pages visited, quizzes taken, scores, and time spent on the site.
  • Device and browser information: We collect your IP address, browser type, operating system, and device type.
  • Cookies: We use cookies to maintain your login session, remember your preferences, and analyze site usage. You can control cookies through your browser settings, but disabling them may affect site functionality.
  • Session recordings and heatmaps: We use Microsoft Clarity to record anonymized user sessions, including mouse movements, clicks, scrolls, and page interactions. These recordings help us understand how visitors use the site and identify usability issues. Clarity automatically masks sensitive input fields such as passwords. No keystrokes in password or payment fields are captured.

2. How We Use Your Information

We use your information to:

  • Provide and maintain your account and access to the service
  • Process your payment
  • Track your quiz progress and scores
  • Respond to your questions and support requests
  • Send important service-related communications (account confirmation, purchase receipt, policy changes)
  • Improve our content, features, and user experience
  • Detect and prevent unauthorized access or account sharing

We do not sell your personal information to third parties. We do not send marketing emails unless you have opted in.

3. Third-Party Services

We use the following third-party services that may receive your data:

  • Stripe (payment processing): Processes your payment securely. See Stripe’s Privacy Policy.
  • Google Analytics (site analytics): Collects anonymized usage data to help us improve the site. See Google’s Privacy Policy.
  • Microsoft Clarity (session recording and heatmap analytics): Records anonymized visitor sessions including mouse movements, clicks, scrolls, and page interactions to help us understand user behavior and improve site usability. Clarity masks sensitive input fields automatically. Session data is processed by Microsoft Corporation and may be used by Microsoft to improve its products and services. See Microsoft’s Privacy Statement.
  • Web hosting provider: Our hosting provider stores site data on servers located in the United States.

4. Data Security

We take reasonable measures to protect your personal information, including encrypted connections (HTTPS/SSL), secure password storage, and limited access to personal data. However, no method of electronic transmission or storage is 100% secure, and we cannot guarantee absolute security.

5. Data Retention

We retain your account information and quiz progress for as long as your account is active. If you request account deletion, we will remove your personal information within 30 days, except where we are required by law to retain certain records (such as payment transaction records).

6. Your Rights

Depending on your location, you may have certain rights regarding your personal data:

  • Access: You can request a copy of the personal data we hold about you.
  • Correction: You can request that we correct inaccurate information.
  • Deletion: You can request that we delete your account and personal data.
  • Opt-out: You can opt out of marketing communications at any time.

To exercise any of these rights, please contact us through our contact page. We will respond within 30 days.

7. California Residents (CCPA)

If you are a California resident, you have the right to know what personal information we collect, request deletion of your data, and opt out of the sale of your personal information. We do not sell personal information. To make a request, contact us through our contact page.

8. Children’s Privacy

Med Preps is intended for use by adults preparing for professional certification exams. We do not knowingly collect personal information from children under the age of 13. If we learn that we have collected data from a child under 13, we will delete it promptly.

9. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will revise the “Last Updated” date at the top of this page. We encourage you to review this page periodically. Continued use of the site after changes are posted constitutes your acceptance of the updated policy.

10. Contact

If you have questions or concerns about this Privacy Policy or our data practices, please contact us through our contact page.

Mobile Applications

We offer mobile applications for iOS (and later Android). When you use the app we may collect:

  • Account information — email address and a session token, the same data as the web sign-in.
  • Practice progress — which questions you have seen, answered correctly or incorrectly, flagged for review, and your last attempt on each. Stored locally on your device and synced to our servers under your account.
  • Device information — device model, OS version, and app version, for diagnostics.
  • Apple In-App Purchase receipts — product identifier, purchase date, and expiration timestamp. Received from Apple when you make an in-app purchase.

We do not collect: precise location, contacts, photos, microphone audio, camera video, calendar, health, or any data unrelated to test preparation. We do not use third-party advertising SDKs in the app. We do not perform cross-app tracking.

In-App Purchases

The iOS app offers in-app purchases for time-tiered access to the question bank (Cram, Study, and Unlimited tiers). Purchases are processed entirely by Apple via the App Store — we never see your credit card details. Apple sends us a receipt containing the product identifier, purchase date, and expiration timestamp, which we use to grant access to the corresponding exam content across both your mobile app and the website.

In-app purchases do not auto-renew. Each purchase grants a fixed period of access. You may add additional time at any point by initiating a new purchase.

Apple’s Privacy Policy governs the App Store transaction itself: https://www.apple.com/legal/privacy/.

Account Deletion (Mobile)

The mobile app includes an in-app account deletion option, located under Settings → Delete account. Deleting your account permanently removes your user record, practice progress, and any remaining purchased access. You may also request deletion via our contact page. We retain anonymized aggregate usage statistics (no personally identifiable information) for product improvement.

Authentication and Email

When you sign in to the iOS app, we generate a 6-digit code and a magic-link token, send them to your email via Postmark, and verify the code or token when you enter it in the app. The code is single-use and expires after 15 minutes. Sign-in codes are transactional messages required to access your account; they are not marketing.

Subprocessors

We use the following third-party services to operate the Service. Each is contractually bound to handle your data only on our instructions:

  • Apple Inc.: App Store payment processing and receipt verification. Receives purchase receipts, product identifiers, transaction IDs.
  • Stripe, Inc.: Web payment processing. Receives email, last 4 of card, billing zip (Stripe handles card data directly).
  • Postmark (ActiveCampaign): Transactional email delivery (sign-in codes, receipts). Receives email address and message content.
  • Sentry (Functional Software, Inc.): Crash and error diagnostics. Receives stack traces, app version, OS version, user ID (your email).
  • PostHog, Inc.: Product analytics. Receives anonymized event names, screen names, user ID (your email).
  • Amazon Web Services: Backend hosting. Holds all account data, encrypted at rest.

Standard Contractual Clauses are in place for processors that transfer data outside the European Economic Area.

Information collected by our mobile apps

When you use our iOS app (MedPreps), we collect:

  • Contact information. Your email address, used as your account identifier.
  • User-generated content. Your practice progress: which questions you have seen, your answer to each, whether each was correct, and which you have flagged for review. Synced to our servers under your account so you can continue on any device.
  • Purchase history. When you make an in-app purchase, Apple sends us a receipt containing the product identifier, purchase date, and (for timed tiers) the expiration timestamp. We use this to verify and activate your access. We do not receive your credit-card number from Apple.
  • Identifiers. A user ID (your email address) linked across our backend, Sentry, and PostHog so we can correlate your account with diagnostics and product-analytics events.
  • Diagnostics. App version, device model, OS version, crash stack traces, and slow-frame reports. Used for debugging and reliability improvements.
  • Usage data. Anonymized event names tied to your user ID: screens visited, features used, time spent. Used to understand which parts of the app are working and where users get stuck.

We do not collect the Apple IDFA (Identifier for Advertisers). We do not perform App Tracking Transparency tracking. We do not use third-party advertising SDKs. We do not share your data with data brokers.

Apple Privacy Nutrition Labels

For our iOS apps, we declare the following categories of data collection to Apple:

  • Contact Info → Email Address (linked to identity, used for app functionality)
  • Identifiers → User ID (linked to identity, used for app functionality and analytics)
  • Purchases → Purchase History (linked to identity, used for app functionality)
  • User Content → Other User Content: your practice progress (linked to identity, used for app functionality)
  • Diagnostics → Crash Data, Performance Data (linked to identity, used for app functionality)
  • Usage Data → Product Interaction (linked to identity, used for analytics)

None of these categories are used for tracking, advertising, or sale to data brokers.

In-App Account Deletion

You may delete your account at any time from within the iOS app: Settings → Account → Delete account. You may also request deletion by emailing support@medpreps.com from the address on the account.

Deletion is irreversible and removes your user record on our backend, your practice progress, any remaining purchased access tied to the account, and your Sentry and PostHog user identity (anonymized). Apple retains its own copy of your App Store purchase history per Apple’s terms; we cannot remove data Apple holds. Stripe retains payment records for tax and accounting purposes per its terms.

International Data Transfers

Apple, Postmark, Sentry, PostHog, Stripe, and AWS act as data processors under Article 28 of the GDPR. Standard Contractual Clauses (SCCs) are in place where data is transferred outside the European Economic Area. You may request a copy of the relevant SCC by emailing support@medpreps.com.