Last Updated: January 6, 2026
NowYouKnowMed ("we", "our", or "us") operates the NowYouKnowMed QBank platform (the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.
We are committed to protecting your privacy and complying with the General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA), and other applicable data protection laws.
The data controller responsible for your personal data is:
NowYouKnowMed
Email: hello@nowyouknowmed.com
Account Information: Username, email address, password (encrypted)
Profile Information: Display name, preferences, exam selections
Payment Information: Processed by third-party payment processors (Stripe/PayPal)
Communication: Support messages, feedback, and correspondence
Device Information: Device type, operating system, browser type
IP Address: Hashed and stored for security purposes
Session Data: Login times, activity timestamps, session duration
Usage Data: Quiz attempts, scores, study patterns, question interactions
Location Data: Approximate location (country/city) based on IP address
We use essential cookies to:
Authenticate your account and maintain your session
Remember your preferences (theme, hotkeys, exam selection)
Ensure security and prevent fraud
We process your personal data under the following legal bases:
Contract Performance: To provide the Service you subscribed to
Legitimate Interest: To improve our Service, prevent fraud, and ensure security
Consent: When you opt-in to marketing communications or non-essential features
Legal Obligation: To comply with tax, accounting, and legal requirements
Provide, maintain, and improve the Service
Authenticate your account and maintain security
Track your quiz progress and provide personalized recommendations
Send administrative emails (password resets, account updates)
Respond to support requests and communications
Detect and prevent fraud, abuse, and security incidents
Comply with legal obligations
We retain your data for as long as necessary to provide the Service and comply with legal obligations:
Active Accounts: Data retained while your account is active
Deleted Accounts: Most data deleted within 30 days of account deletion
Session Data: Automatically anonymized after 90 days
Financial Records: Retained for 7 years for tax/legal compliance
Backup Data: May persist in backups for up to 90 days
We do not sell your personal data.
We may share your data with:
Service Providers: AWS (hosting), Supabase (database), Stripe/PayPal (payments)
Legal Requirements: When required by law, court order, or government request
Business Transfers: In case of merger, acquisition, or sale of assets
With Your Consent: When you explicitly authorize data sharing
Your data may be transferred to and processed in the United States and other countries where our service providers operate. We ensure adequate safeguards through:
Standard Contractual Clauses (SCCs) approved by the European Commission
Data Processing Agreements with all third-party processors
Compliance with GDPR requirements for international transfers
If you are in the European Economic Area (EEA), you have the following rights:
Right to Access: Request a copy of your personal data
Right to Rectification: Correct inaccurate or incomplete data
Right to Erasure ("Right to be Forgotten"): Request deletion of your data
Right to Data Portability: Receive your data in a machine-readable format
Right to Restrict Processing: Limit how we process your data
Right to Object: Object to processing based on legitimate interest
Right to Withdraw Consent: Withdraw consent at any time
Right to Lodge a Complaint: File a complaint with your data protection authority
To exercise these rights, visit our Privacy & Data Management page or contact us at hello@nowyouknowmed.com.
If you are a California resident, the California Consumer Privacy Act (CCPA) provides you with specific rights regarding your personal information.
You have the right to request disclosure of:
Categories of personal information we collect
Categories of sources from which information is collected
Business purpose for collecting information
Categories of third parties with whom we share information
Specific pieces of personal information we collected about you
You have the right to request deletion of your personal information, subject to certain exceptions (e.g., legal obligations, fraud prevention, completing transactions).
We do not sell your personal information. We have not sold personal information in the past 12 months and do not intend to sell personal information in the future.
We will not discriminate against you for exercising your CCPA rights. You will not receive:
Denial of goods or services
Different prices or rates for goods or services
Different level or quality of goods or services
Suggestion that you will receive different prices or quality
To exercise your California privacy rights, contact us at:
Email: hello@nowyouknowmed.com
Subject Line: "CCPA Privacy Rights Request"
Response Time: Within 45 days of receiving your request
In the past 12 months, we have collected the following categories of personal information:
Identifiers: Name, email address, username, device identifiers
Commercial Information: Subscription history, purchase records, payment data
Internet Activity: Quiz performance, study patterns, browsing behavior
Geolocation Data: Approximate location (city/state) for security purposes
Professional Information: Exam preferences (Psychiatry/Neurology)
We use personal information for the following business purposes:
Provide quiz platform services and educational content
Process payments and manage subscriptions
Improve platform performance and user experience
Detect fraud and ensure security
Comply with legal obligations
Respond to customer support requests
We share personal information only with service providers who assist us in operating our business:
AWS: Cloud infrastructure and hosting
Supabase: Database services
Stripe: Payment processing
PayPal: Payment processing
We do NOT sell, rent, or share your personal information for advertising or marketing purposes.
We retain personal information for:
Active accounts: Duration of account existence
Financial records: 7 years (legal requirement)
Quiz data: Until account deletion
Session logs: 90 days (then anonymized)
For CCPA-specific inquiries or to exercise your rights:
Email: hello@nowyouknowmed.com
Response Time: Within 45 days
We implement industry-standard security measures to protect your data:
Encryption in transit (TLS/SSL) and at rest
Secure password hashing (bcrypt)
IP address hashing for privacy
Regular security audits and penetration testing
Access controls and least-privilege principles
Monitoring and logging for suspicious activity
Our Service is not intended for users under 18 years of age. We do not knowingly collect personal information from children. If you believe we have collected data from a child, please contact us immediately.
We may update this Privacy Policy from time to time. We will notify you of material changes by:
Posting the new Privacy Policy with an updated "Last Updated" date
Sending an email notification to registered users
Displaying a prominent notice on our Service
If you have questions about this Privacy Policy or how we handle your data, please contact us:
Email: hello@nowyouknowmed.com
Privacy & Data Management: https://app.nowyouknowmed.com/gdpr-settings
© 2026 NowYouKnowMed. All rights reserved.
