Privacy Policy

Last updated: February 2026

AiMedQs ("we," "us," or "our") operates the website aimedqs.com (the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you use our Service. We are committed to protecting your privacy in accordance with the Personal Information Protection and Electronic Documents Act (PIPEDA) and applicable Canadian privacy legislation.

By using AiMedQs, you consent to the practices described in this Privacy Policy. If you do not agree with this policy, please do not use the Service.

1. Information We Collect

1.1 Account Information

When you create an account, we collect:

  • Full name
  • Email address
  • Password (stored in hashed form only; we never store plaintext passwords)
  • Account preferences and settings

1.2 Usage Data

We automatically collect information about how you interact with the Service, including:

  • Practice session history, including topics attempted and scores
  • Performance analytics and progress data
  • Device information (browser type, operating system, screen resolution)
  • IP address and approximate geographic location
  • Pages visited, features used, and time spent on the platform
  • Referring URLs and navigation paths

1.3 Payment Information

When you subscribe to a paid plan, payment processing is handled entirely by Stripe, Inc. We do not store your full credit card number, CVV, or banking details on our servers. We receive and store only:

  • The last four digits of your payment method
  • Card brand (e.g., Visa, Mastercard)
  • Billing address (if provided)
  • Transaction history (dates, amounts, plan types)
  • Stripe customer and subscription identifiers

2. How We Use Your Information

We use the information we collect for the following purposes:

  • Provide and maintain the Service: To operate your account, deliver practice scenarios, grade your responses, and display your performance analytics.
  • Process payments: To manage your subscription, process billing, and handle refund requests.
  • Personalize your experience: To power our adaptive learning algorithms, spaced repetition scheduling, and personalized study recommendations.
  • Communicate with you: To send account-related notifications, subscription confirmations, billing receipts, and important service updates.
  • Improve the Service: To analyze usage patterns, diagnose technical issues, and develop new features.
  • Ensure security: To detect fraud, prevent abuse, and protect the integrity of the platform.
  • Comply with legal obligations: To fulfill our obligations under applicable Canadian law and respond to lawful requests from authorities.

3. Data Sharing and Third-Party Services

We do not sell, rent, or trade your personal information to third parties. We share data only with the following service providers, who process it on our behalf and are contractually obligated to protect it:

  • Stripe, Inc. — For secure payment processing and subscription management. Stripe's privacy policy is available at stripe.com/privacy.
  • Resend — For transactional email delivery (account verification, password resets, billing receipts, and service notifications). Resend processes only the email address and message content necessary for delivery.
  • Google (Grading Services) — For automated grading and feedback on your practice responses. Only your anonymized answer text is sent for processing; no personally identifiable information is included in automated grading requests.

We may also disclose your information if required by law, regulation, legal process, or governmental request, or to protect the rights, safety, or property of AiMedQs, our users, or the public.

4. Cookies and Tracking

We use cookies and similar technologies to:

  • Essential cookies: Maintain your authenticated session and remember your preferences. These are strictly necessary for the Service to function.
  • Analytics cookies: Understand how users interact with the platform so we can improve the experience. These collect aggregated, anonymized usage data.

We do not use advertising or third-party tracking cookies. You can configure your browser to refuse cookies, but this may limit your ability to use certain features of the Service.

5. Data Retention

We retain your personal information for as long as your account is active or as needed to provide the Service. Specifically:

  • Account data: Retained for the duration of your account. Upon account deletion, your personal data is permanently removed within 30 days.
  • Usage and performance data: Retained while your account is active. Anonymized aggregate data may be retained indefinitely for service improvement purposes.
  • Payment records: Retained for a minimum of 7 years after the last transaction to comply with Canadian tax and financial reporting obligations.
  • Communication records: Retained for up to 3 years after the last interaction for customer support purposes.

6. Your Rights Under PIPEDA

Under the Personal Information Protection and Electronic Documents Act (PIPEDA), you have the following rights regarding your personal information:

  • Right of access: You may request a copy of the personal information we hold about you.
  • Right of correction: You may request that we correct any inaccurate or incomplete personal information.
  • Right of deletion: You may request that we delete your personal information, subject to legal retention requirements.
  • Right to withdraw consent: You may withdraw your consent to the processing of your personal information at any time, subject to legal or contractual restrictions. Withdrawal of consent may result in the inability to use certain features of the Service.

To exercise any of these rights, please contact us at [email protected]. We will respond to your request within 30 days, as required by PIPEDA.

7. Data Security

We implement industry-standard security measures to protect your personal information, including:

  • Encryption of data in transit using TLS/SSL
  • Password hashing using bcrypt with appropriate cost factors
  • HttpOnly, Secure, and SameSite cookies for session management
  • Rate limiting and CSRF protection on all sensitive endpoints
  • Regular security audits and vulnerability assessments

While we strive to protect your personal information, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security.

8. Children's Privacy

AiMedQs is not directed at individuals under the age of 18. We do not knowingly collect personal information from children. If you are a parent or guardian and believe your child has provided us with personal information, please contact us at [email protected], and we will promptly delete such information.

9. International Data Transfers

Your personal information may be processed by our third-party service providers in jurisdictions outside of Canada, including the United States. When data is transferred internationally, we ensure that appropriate safeguards are in place to protect your information in accordance with PIPEDA requirements.

10. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. When we make material changes, we will:

  • Update the "Last updated" date at the top of this page
  • Notify you via email or a prominent notice on the Service prior to the change becoming effective

Your continued use of the Service after any changes to this Privacy Policy constitutes your acceptance of the updated policy.

11. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:

AiMedQs

Email: [email protected]

Website: aimedqs.com

If you are not satisfied with our response to your privacy concern, you have the right to file a complaint with the Office of the Privacy Commissioner of Canada at www.priv.gc.ca.