How we handle your data.

The short version

• You sign in with your Apple ID. We never see your password.
• During mock exams, your microphone audio is streamed to OpenAI in real time so the AI examiner can hear you and respond. Audio is not stored after the session ends — only the text transcript and grade are saved.
• We store your exam transcripts, grades, and basic usage telemetry in our Supabase database to power your study history and stats.
• Your purchases go through Apple's in-app purchase system. We never see your payment details.
• We don't sell your data, don't run ads, and don't share with marketers.
• You can email us to delete your account at any time.

The detailed sections below control if there is any inconsistency between this summary and the rest of this page.

1. Who we are

Med Oral Boards (the "App") is operated by {{LEGAL_ENTITY_NAME}} ("we," "us," "our"), a {{ENTITY_TYPE}} located at {{LEGAL_ENTITY_ADDRESS}}, United States. You can reach us at support@medoralboards.com.

2. What we collect

Account information

When you sign in, Apple shares with us either your real Apple ID email or a private relay email (if you choose Apple's "Hide My Email"), and optionally your name. We use this to create your account, identify you across sessions, and contact you about your account. We never receive your Apple ID password.

Voice audio during mock exams

When you start a mock oral exam, the App accesses your microphone (with your permission via iOS) and streams your audio in real time to OpenAI's Realtime API, which generates the AI examiner's voice responses. We do not store the audio recording itself — once the exam session ends, the audio stream is gone. What we save is the text transcript of what you and the examiner said, and the grade the AI produced.

Exam transcripts and grades

For each exam you take, we store the text transcript (your words + the examiner's words), the case scenario, the grade rubric, and timestamps. This is what powers your history, stats, and the ability to review past sessions.

Purchase information

Apple processes all in-app purchases. We receive a notification from RevenueCat (our subscription-management partner) confirming which product you bought (3-month or 6-month plan), the date, and Apple's transaction identifier. We never see your credit card, debit card, or bank details.

Usage telemetry

We log anonymous events about how you use the App — screen views, button taps, errors, exam start/end times, study mode toggles. This helps us fix bugs and improve the product. Each event is tied to your account so we can debug issues you specifically report.

Device information

Standard technical information your device sends with network requests: iOS version, app version, device model, language, time zone. We don't use any cross-app advertising identifiers, don't fingerprint your device, and don't track you across other apps or websites.

What we don't collect

We do not collect your contacts, photos, location, browsing history, health data, or any information about anyone other than you. The App does not use the camera. The App does not track you across other apps or websites. We do not buy data from data brokers.

3. How we use your information

• To run the mock oral exam (route audio to the AI, return the examiner's voice, record the transcript and grade)
• To show you your exam history, stats, and progress
• To verify your purchase and grant or revoke your access
• To respond to support emails you send us
• To verify Pass Guarantee claims (see our Pass Guarantee policy)
• To detect and prevent fraud, abuse, or violations of our Terms of Service
• To debug and improve the App
• To comply with legal obligations

We do not use your data to train AI models. We do not sell your data. We do not run advertising.

4. Who we share your data with

We share data only with the service providers needed to run the App. Each provider listed below has its own privacy policy, which governs how they handle data we send them:

• Apple (App Store, Apple Sign-In, in-app purchases, push notifications) — Apple Privacy Policy
• Supabase (database hosting in the US for your account, transcripts, grades, telemetry) — Supabase Privacy Policy
• OpenAI (real-time AI examiner — receives your microphone audio during mock exams) — OpenAI Privacy Policy. OpenAI's Realtime API does not retain audio after the session, and OpenAI's enterprise terms specify that data submitted via the API is not used to train their models.
• RevenueCat (purchase verification and entitlement tracking) — RevenueCat Privacy Policy

We may also share data when legally required (lawful subpoena, court order, regulatory request) or in connection with a sale of the business to a successor entity, in which case the successor will be bound by this policy or notify you of changes.

We do not sell or rent your personal information to third parties for any purpose. For California residents, see Section 8.

5. Where your data is stored, and for how long

Our database is hosted on Supabase's US infrastructure. OpenAI processes audio in real time on its US servers. Apple and RevenueCat may store data on infrastructure in multiple regions per their respective policies.

We keep your account data, exam transcripts, grades, and telemetry for as long as your account is active. If you ask us to delete your account, we permanently delete your account data within 30 days, except where we are legally required to retain certain records (for example, financial records of purchases for tax purposes — which we keep for 7 years per US tax law, but stripped of all data not needed for that purpose).

Telemetry events older than 12 months are automatically deleted. Mock exam audio is never stored — only the text transcript.

6. Your rights

Regardless of where you live, you can:

• Access your data. Email us and we'll send you a copy of your account data within 30 days.
• Correct your data. Email us if anything is wrong.
• Delete your account. Email us with the subject line "Delete my account" and we'll erase your account and associated data within 30 days.
• Withdraw consent for our data practices, by deleting your account.
• Lodge a complaint with your local data-protection authority if you believe we're not handling your data properly.

To exercise any of these, email support@medoralboards.com from the email address associated with your account, or include enough information that we can identify you.

7. Children's privacy

The App is intended for medical residents, fellows, and physicians preparing for the ABA Standardized Oral Examination — adults. We do not knowingly collect data from anyone under 13 years of age. If you believe we have collected data from a child under 13, contact us and we will delete it. The App is not directed at children, and we do not market it to children.

8. California residents (CCPA / CPRA)

If you live in California, the California Consumer Privacy Act and California Privacy Rights Act give you specific rights:

• The right to know what personal information we collect, use, and share (Section 2 above lists every category).
• The right to request deletion of your personal information (Section 6 explains how).
• The right to correct inaccurate personal information.
• The right to opt out of the "sale" or "sharing" of personal information. We do not sell or share your personal information for cross-context behavioral advertising, so this right is automatically honored.
• The right to limit our use of "sensitive personal information" — we do not use sensitive personal information for any purpose beyond the ones disclosed in Section 3.
• The right to non-discrimination — we will not deny service, charge a different price, or provide a lower-quality service because you exercised these rights.

To exercise any California right, email support@medoralboards.com.

9. International users

The App is operated from the United States. If you access it from outside the US, your data will be transferred to and processed in the US. By using the App, you consent to this transfer. The Pass Guarantee specifically is offered only to US residents at this time; see our Pass Guarantee policy for details.

10. Security

We use HTTPS for all network traffic, encrypt your auth session at rest on your device, rely on Supabase's row-level security to ensure you can only read your own data, and limit the number of people on our team who have administrative access (currently: just the founder). No system is perfectly secure, but we take reasonable steps to protect your data.

11. Changes to this policy

We may update this policy as the App evolves. If the changes are material, we'll notify you in the App or by email. The "last updated" date at the bottom of this page reflects the most recent version. Your continued use after a change means you accept the updated policy.

12. Contact

Questions, requests, or complaints: support@medoralboards.com