⚕ MedScholar Beta

Privacy Policy

Last updated: 25 March 2026 · Governing law: England and Wales

    MedScholar takes your privacy seriously. This policy explains what personal data we collect, why we collect it, and how it is used and protected.
  

1. Who We Are (Data Controller)

MedScholar is operated by a medical student as a personal educational project. For data-related enquiries, contact us at: privacy@medscholar.co.uk.

MedScholar is not a registered company. As the operator, the individual behind MedScholar acts as data controller under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

2. What Data We Collect

When you create an account and use MedScholar, we collect the following information:

Account data: Email address, full name, country of residence, year of study, and medical school name.
Study progress data: Completed lessons, flashcard learning states (SM-2 algorithm data), question answers and accuracy, confidence ratings, flagged questions, study streaks, and last study date.
Feedback data: Ratings (thumbs up/down, star ratings) you submit on lessons and questions, along with a timestamp.
Technical data: Your browser stores study preferences (e.g. theme choice) and progress data locally using localStorage. This data is synced to our servers when you are logged in.

We do not collect payment information, location data beyond your selected country, or any data from children (our service is intended for medical students aged 18 or over).

3. Why We Collect It (Legal Basis)

We process your data on the basis of contract performance (UK GDPR Article 6(1)(b)) — it is necessary to provide the MedScholar service to you — and legitimate interest (Article 6(1)(f)) for aggregated analytics that help us improve the platform.

Account & profile data — to create and manage your account.
Study progress data — to personalise your study experience and sync it across devices.
Feedback/ratings data — to improve content quality.
Aggregate analytics — to understand how students use the platform (e.g. average accuracy, popular lessons). This is never sold or shared with advertisers.

4. Third Parties We Share Data With

We do not sell your data. We use the following third-party services to operate MedScholar:

Supabase — our database and authentication provider. Your account and progress data is stored on Supabase infrastructure (servers may be located in the EU or USA). Supabase is GDPR-compliant and provides a Data Processing Agreement. See supabase.com/privacy.
Formspree — receives rating/feedback data you submit (including your display name, the content item rated, and a timestamp). See formspree.io/legal/privacy-policy.
Google Fonts CDN — our pages load fonts from Google's servers. Your IP address is transmitted to Google when fonts are loaded. See Google's Privacy Policy.

5. International Transfers

Supabase and Formspree may transfer and store your data outside the UK. Where this occurs, it is subject to appropriate safeguards (Standard Contractual Clauses or an adequacy decision). By using MedScholar, you consent to this transfer.

6. Data Retention

We retain your account and progress data for as long as your account is active. If you delete your account, or if your account has been inactive for more than 2 years without login, your personal data will be deleted from our servers within 90 days.

Locally stored data (localStorage) remains on your device until you clear your browser data or uninstall the app.

7. Cookies and Local Storage

MedScholar does not use advertising or tracking cookies. We use your browser's localStorage to store your study progress, theme preference, and session data locally on your device. This is strictly necessary for the app to function offline and sync correctly.

Google Fonts (loaded via CDN) may set cookies or log your IP address. We have no control over this.

We do not use analytics cookies (e.g. Google Analytics).

8. Your Rights

Under UK GDPR you have the right to:

Access — request a copy of your personal data.
Rectification — request correction of inaccurate data.
Erasure ("right to be forgotten") — request deletion of your data.
Restriction — request we limit processing of your data.
Data portability — request your data in a machine-readable format.
Object — object to processing based on legitimate interest.

To exercise any right, email privacy@medscholar.co.uk. We will respond within 30 days.

You also have the right to lodge a complaint with the UK supervisory authority: Information Commissioner's Office (ICO) — ico.org.uk.

9. Minimum Age

MedScholar is intended for medical students aged 18 or over. We do not knowingly collect data from anyone under 18. If you believe a minor has created an account, please contact us at privacy@medscholar.co.uk and we will delete the account promptly.

10. Security

Passwords are securely hashed by Supabase and never stored in plain text. Data in transit is encrypted via HTTPS. While we take reasonable steps to protect your data, no online service can guarantee absolute security.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by posting a notice in the app. Continued use of MedScholar after changes constitutes acceptance of the updated policy.