Privacy Policy
Last updated: 4 August 2025
1. Who We Are
ExamFlip ("ExamFlip", "we", "our") provides AI‑powered medical‑exam preparation services. The data controller is [Exirsoft Technology Inc. (DBA:ExamFlip.com), 3902 Los Olivos Ln, La Crescenta, CA 91214, USA]. Questions? Email privacy@examflip.com.
2. Scope
This Policy applies to www.examflip.com, our mobile apps, and any other services that link to it (collectively, the "Services").
3. Information We Collect
| Category | Typical examples | How we obtain it |
|---|---|---|
| Basic identifiers | Full name, email address, professional title (e.g., "Student Doctor", "Faculty") | You provide at sign‑up |
| Account credentials | Username, encrypted password | You provide |
| Service‑usage data | Question attempts, scores, study‑session timestamps, feature clicks | Collected automatically |
| Technical data | IP address, browser/OS, device type | Collected automatically |
| Payment‑success signals | Subscription status (e.g., "active", "canceled"), Stripe customer/subscription ID | Received from Stripe webhooks; no card details or billing address ever touch our servers |
What we don’t collect: We never ask for government IDs, date or place of birth, Social Security/National ID numbers, health data, race/ethnicity, or biometric identifiers.
4. How We Use Your Information
- Provide & maintain the Services —create your account, display your personal performance dashboard, etc.
- Personalize learning via our AI engine.
- Improve and secure the platform, including debugging and preventing fraud.
- Verify payments —we receive a yes/no confirmation plus a subscription ID from Stripe webhooks to grant or revoke access. We do not store card numbers, billing addresses, or other payment details.
- Communicate with you about updates or—if you opt‑in—marketing.
- Comply with legal obligations and enforce our Terms.
AI usage: Interaction data may be anonymized and used to fine‑tune internal AI models. We never feed identifiable data into publicly available AI systems.
5. Where We Store & Process Data
| Environment | Purpose |
|---|---|
| Amazon Web Services (AWS) | Primary application servers & databases |
| Microsoft Azure | Scalable compute for AI workloads |
| Google Cloud Platform (GCP) | Off‑site encrypted backups |
| Stripe, Inc. | External PCI‑DSS–certified processor; holds all payment data. We keep only minimal subscription metadata (no card/billing info). |
6. Cookies & Similar Technologies
We do not currently set cookies or similar tracking technologies. However, we reserve the right to introduce them in the future to improve functionality or analytics. If we do, this Policy will be updated and you will be notified with clear choices to accept or reject non‑essential cookies.
7. Your Controls & Choices
- Dashboard deletion: A self‑service "Delete My Data" option lets you wipe your study history and activity logs at any time.
- Full account deletion: Close your account through in‑app settings or by contacting support; all personal data is erased, subject to legal retention requirements.
- Other rights: Depending on where you live, you may access, correct, port, object to, or restrict processing of your data, and opt‑out of marketing.
8. Data Retention
| Data type | Retention period | Deletion method |
|---|---|---|
| Study activity & performance | Until you delete it or close your account | Immediate, irreversible purge |
| Account profile (name, email, title) | Life of the account + 2 yrs for audit | Secure deletion |
| Stripe subscription metadata (status, ID) | Subscription life + 2 yrs for reconciliation | Secure deletion (card data never stored) |
9. Security
- Encryption in transit and at rest across AWS, Azure, and GCP.
- Passwords hashed and salted with industry‑standard algorithms.
- Multi‑cloud key management; each provider stores keys separately.
- Annual third‑party penetration tests.
10. Sharing & Disclosure
| Recipient | Reason |
|---|---|
| Cloud & IT providers (AWS, Azure, GCP) | Hosting, performance, security |
| Payment processor – Stripe | Handles the entire payment flow; stores all card data |
| AI processors (e.g., OpenAI, Anthropic) | Generate chat responses; bound by DPAs |
| Advisors / acquirers | Business transfers, mergers |
| Authorities | Where required by law or court order |
We do not sell your personal data.
11. Your Rights
Depending on your jurisdiction, you may have rights to access, rectify, delete, or port your data; to object to or restrict certain processing; and to opt‑out of marketing or data "sharing" under CCPA/CPRA. We respond within one month (or 45 days for CCPA).
12. Children
The Services are intended for users 16 years or older (or the age of digital consent in your country). We do not knowingly collect data from children.
13. Changes to This Policy
Material changes (e.g., introducing cookies) will be announced at least 14 days in advance via email or in‑app notice. Continued use after the effective date constitutes acceptance.
14. Contact
| Role | Details |
|---|---|
| Data Protection Officer | privacy@examflip.com |