Medceptor

Privacy Policy · v1.1

Medceptor Privacy Policy

Effective Date: May 24, 2026

Entity: IDK Studios, Inc., a Texas corporation (operating as Medceptor)

Registered Office: 262 Fawn Trail, Lake Jackson, TX 77566

Contact: admin@medceptor.com

1. Information We Collect

When you register and use Medceptor (the "Services"), we collect:

  • Account information: name, email, display name, optional phone number, optional avatar, self-reported certification track (EMR / EMT / AEMT / Paramedic / Nurse / Medical Student).
  • Educational data: scenario attempts, in-scenario chat transcripts, grading results, scenario state, learning progress, per-attempt timing.
  • Payment information: processed securely via Stripe; we store only the Stripe customer ID, the subscription state, and the last four digits of your payment method.
  • Technical information: log data, browser and device information, IP addresses, session metadata, and session recordings of your interactions with the Services (with the form inputs you type and account identifiers such as your name and email masked) — see Section 7.

Important — Do Not Enter Real Patient Information. Medceptor is an educational training tool, not a clinical system. Do not enter real patient information of any kind into the Services, including names, dates of birth, addresses, medical record numbers, or any other Protected Health Information ("PHI") as defined under HIPAA. All Medceptor scenarios are synthetic. We are not a HIPAA covered entity or business associate, and we do not sign Business Associate Agreements. Accounts found entering real PHI may be suspended and the data deleted.

2. How We Use Information

We use collected data to:

  • Provide and operate the Services.
  • Process payments and manage subscriptions.
  • Improve training quality and product performance.
  • Conduct analytics on anonymized, aggregated rubric and timing data to enhance educational outcomes.
  • Send transactional emails (account, billing, security). Marketing emails require explicit opt-in; the default is off.
  • Publish anonymized, aggregated metrics (such as rubric pass rates and average attempt length) in marketing or research materials to demonstrate educational effectiveness.

3. AI Processing

Your scenario chat transcripts and attempt responses are sent to third-party large-language-model providers — Google Gemini by default, with Anthropic Claude and OpenAI GPT available as configured fallbacks — solely to produce in-scenario responses and grading feedback. Providers are contractually bound under their commercial-tier API terms not to train on user data. Providers may retain inputs for up to 30 days for abuse monitoring before deletion, in accordance with those terms.

Medceptor itself does not train AI models on identifiable user data. We may use de-identified, aggregated metrics derived from scenario performance (such as rubric-item pass rates and average attempt length) for product improvement and educational research; no identifiable student transcript is used as training data.

4. Data Storage and Sub-Processors

We rely on the following sub-processors, each under a data-processing agreement:

  • Supabase (Postgres, Auth, Storage) — primary application database, hosted in the United States.
  • Stripe — payment processing.
  • Vercel — application hosting and edge runtime.
  • Inngest — durable function execution for the grader pipeline.
  • Langfuse — LLM-call tracing and observability.
  • PostHog — product analytics, session recording, error monitoring, and feature-flag / experiment delivery, hosted in the United States.
  • LLM providers (Google, Anthropic, OpenAI) — scenario inference, as described in Section 3.

Data retention. We retain personal data only as long as necessary for the purposes for which it was collected and as required by applicable law:

Data typeRetention period
Account profileLife of account, plus 30 days after deletion
Chat transcripts24 months from creation, then deleted from hot storage
Grading attemptsLife of account
Payment records (via Stripe)7 years (IRS / tax compliance)
Server and authentication logs90 days
Session recordings30 days from creation, then deleted
Support tickets3 years
Aggregated, de-identified analyticsIndefinite
Hashed deleted-account identifierIndefinite (to prevent re-creation abuse)

On account deletion, identifying fields are tombstoned and removed from active use according to the schedule above.

5. Data Sharing

  • We do not sell personal data to third parties.
  • We share personal data only with the trusted sub-processors listed in Section 4 to operate and maintain the Services.
  • If you are enrolled through an institutional plan, we may share relevant training data (such as performance, progress, and account information) with that institution for educational purposes.
  • We do not share private user information with schools or instructors outside of institutional plans, and never without explicit consent.

6. Your Rights

Depending on your jurisdiction (including California, Texas, Virginia, Colorado, Connecticut, Utah, Oregon, Montana, Iowa, Tennessee, Indiana, Florida, Delaware, EU/EEA, and UK), you may have rights to:

  • Access a copy of your personal information.
  • Correct inaccurate or incomplete information.
  • Delete your personal information.
  • Receive your data in a portable format.
  • Object to certain processing.
  • Opt out of the sale or sharing of personal information, targeted advertising, or profiling for decisions that produce significant effects.
  • Appeal any denial of these rights.

To exercise these rights, contact admin@medceptor.com. We will respond within 45 days (extendable by an additional 45 days where permitted by law). We do not discriminate against users who exercise these rights.

When you request deletion, we will delete your personal data within 45 days, except where retention is required by law or legitimate business need: (a) payment and transaction records (retained 7 years for tax compliance); (b) records necessary to defend legal claims, resolve disputes, or enforce agreements; (c) de-identified, aggregated analytics that cannot be linked to you; and (d) a hashed identifier to prevent account-recreation abuse and to honor your opt-out.

7. Cookies, Analytics, and Session Recording

Authentication uses strictly necessary cookies for session management. We do not use advertising or cross-site tracking cookies.

Product analytics and session recording. We use PostHog (a sub-processor listed in Section 4, acting on our behalf under a data-processing agreement) to understand how the Services are used, to diagnose errors, and to deliver feature experiments. This includes:

  • Usage analytics — pages viewed, features used, and product events such as starting or completing a scenario, associated with your account.
  • Session recordings — a replay of your interactions with the Services (such as mouse movement, clicks, scrolling, navigation, and on-screen content) used to diagnose usability problems and errors. The text you type into form fields is masked and not recorded, and we mask account identifiers such as your name and email in recordings.
  • Error monitoring — automatic capture of application errors and diagnostic context.

This data is processed by PostHog on our behalf and is not used for cross-site advertising. It is retained per the schedule in Section 4.

Your choices. We honor the Global Privacy Control ("GPC") and browser "Do Not Track" signals: when your browser sends either signal, we do not load analytics or session recording for your session. Many privacy-focused browsers and extensions can send these signals on your behalf. You may also request deletion of analytics data associated with you by contacting admin@medceptor.com (see Section 6).

8. Security

We protect user data with encryption in transit and at rest, access controls, and regular security review. No system is completely secure, and we cannot guarantee absolute security of your data.

Breach notification. In the event of a confirmed personal data breach affecting your information, we will notify you without undue delay and in any event within 60 days of confirmation, or sooner where required by law (for example, within 72 hours to EU supervisory authorities under GDPR Article 33). Notice will describe the nature of the breach, the categories of data involved, the likely consequences, and the remediation steps taken.

9. Children's Privacy

The Services are intended for adults aged 18 and older. We do not knowingly collect personal information from anyone under 18. If we discover we have inadvertently collected data from a user under 18, we will delete it within 30 days. Instructors are encouraged to supervise students using the Services in classroom settings.

10. International Transfers

The Services are operated in the United States and are intended for users located in the United States. We do not actively offer the Services to users in the European Economic Area, the United Kingdom, or Switzerland, and the signup flow may restrict access from those regions. If you nonetheless access the Services from outside the United States, your information will be transferred to and processed in the United States.

For any transfers from the EEA, UK, or Switzerland that may occur, we rely on appropriate safeguards, including the European Commission's 2021 Standard Contractual Clauses (Module 2, controller-to-processor), the UK International Data Transfer Addendum, or other lawful transfer mechanisms.

11. California Residents (CCPA / CPRA)

This section applies to California residents and supplements the rest of this Privacy Policy.

Categories of personal information we collect (under the CCPA's classifications):

  • Identifiers (name, email, phone, IP address, account ID)
  • Customer records (account profile, certification track)
  • Commercial information (subscription state, payment history)
  • Internet or network activity (log data, session metadata, session recordings)
  • Geolocation data (coarse location inferred from IP)
  • Professional information (self-reported certification track)
  • Education information (scenario attempts, grading results)
  • Inferences (learning progress derived from rubric performance)

Categories of sources: directly from you, automatically from your device, and from your institutional administrator if you are enrolled through an institutional plan.

Business purposes: providing and operating the Services, processing payments, security and fraud prevention, analytics, session recording for diagnostics, and AI grading.

Categories of third parties with whom we share personal information: the sub-processors listed in Section 4.

Do Not Sell or Share. We do not sell or share personal information as those terms are defined under the CCPA/CPRA, including for cross-context behavioral advertising. We have not done so in the preceding 12 months. We honor opt-out preference signals, including the Global Privacy Control, as described in Section 7.

Sensitive personal information. We do not collect or process sensitive personal information for the purpose of inferring characteristics about consumers.

Verifiable consumer requests. To exercise your CCPA rights (access, deletion, correction, portability, opt-out, limit use of sensitive PI, no retaliation), email admin@medceptor.com. We will verify your identity using your account credentials and respond within 45 days. You may also designate an authorized agent to make requests on your behalf, subject to verification.

Non-discrimination. We do not discriminate against consumers who exercise their CCPA rights. We do not offer financial incentives in exchange for personal information.

12. Texas Residents (TDPSA)

This section applies to Texas residents and supplements the rest of this Privacy Policy.

We do not sell sensitive personal data or biometric personal data.

To exercise your rights under the Texas Data Privacy and Security Act (access, correction, deletion, portability, opt-out of sale, opt-out of targeted advertising, opt-out of profiling), email admin@medceptor.com. We will respond within 45 days and provide an appeal mechanism if any request is denied.

13. Changes to This Policy

Material changes trigger a re-acceptance flow; continued use after a non-material revision does not constitute acceptance of the new policy.

14. Contact

For questions about this Privacy Policy, contact admin@medceptor.com.