Trust & data

Privacy Policy

We collect only what we need to run your workspace, explain why, and tell you how to request deletion or raise concerns.

Last updated May 10, 2026

This Privacy Policy explains how PremedStrategy (“we,” “us”) collects, uses, and protects information when you use our website and application. We built it for students: plain language first, specifics when they matter.

What we collect

  • Authentication & account. Email, authentication provider identifiers (for example when you sign in with Google), session tokens, and basic account status (such as onboarding completion or beta access flags tied to your account).
  • Onboarding & profile. Questionnaire answers, intake fields, GPA and MCAT self-reports, school interests, narrative drafts, course planner entries, timeline markers, and similar planning data you choose to save.
  • Hours log & story bank. Experiences you log, hour entries, optional verification notes, and meaningful-moment stories you store for later writing.
  • Engagement & reflections. Optional check-ins, weekly reviews, readiness snapshots, reflections, and MCAT progress notes you submit inside the engagement hub.
  • AI personalization. When you use the advisor, roadmap generator, writing assist, or similar features, we send the minimum relevant context to our model providers to return a response. That context is derived from what you have already stored or typed in-session; we do not sell prompts as marketing lists.
  • Analytics & feedback. Product usage events (for example saving a roadmap or submitting feedback), error logs, and voluntary feedback forms to improve reliability and UX.
  • Billing information. If paid plans are added later, payment details may be processed by a billing provider. We do not intend to store full card numbers on our servers.

Why we use data

We process data to provide the service you asked for: sync your workspace across devices, power readiness and roadmap views, remember advisor threads where enabled, and improve features responsibly. We do not use your content to train public foundation models unless we introduce an optional, clearly labeled program in the future with separate consent.

Where data lives & how it is protected

PremedStrategy is built on Supabase (PostgreSQL) with authenticated access controls (row-level security) so your rows are tied to your user id. Traffic uses HTTPS in production. Secrets such as API keys stay on the server; your browser never receives our provider keys for model calls.

AI providers

When you invoke AI features, portions of your prompt and context may be processed by our model vendors under their terms. We select configurations intended for application assistance, but you should still avoid sharing secrets you would not paste into any cloud tool.

Analytics, error monitoring, and service providers

We may use analytics, error monitoring, hosting, database, AI, email, and payment providers to operate the platform. These providers process information on our behalf so we can secure the product, understand reliability, respond to feedback, and support future billing if paid plans are introduced.

Cookies & local storage

We use cookies and local storage for session authentication, UI preferences (for example sidebar state), and lightweight client-side planning caches. You can clear site data in your browser; signed-in sync may require signing in again.

Retention & deletion

We retain your information while your account is active and for a limited period afterward for backups, security, and legal compliance. You can delete your account and associated cloud rows from Settings → Account, or request help with deletion by contacting us through Help → Contact . Some anonymized analytics may persist in aggregate form that cannot reasonably identify you.

Your choices & rights

  • Access or update profile and planning data directly in the app where supported.
  • Export or copy your drafts from workspaces such as Narrative or Application Hub.
  • Request deletion or restriction as noted above; we will respond within a reasonable timeframe.

If you are in the EEA, UK, or other regions with statutory privacy rights, you may have additional rights (access, portability, objection). Contact us and we will honor requests where applicable law requires.

Children

PremedStrategy is intended for prospective medical applicants—not young children. If you believe a child has created an account without appropriate consent, contact us and we will investigate and remove the account if required.

Changes to this policy

When we materially update this Privacy Policy, we will change the “Last updated” date and, when practical, point to the update from the app or email. Please review changes periodically.

Contact

Privacy questions? Contact support@example.com or visit Help → Contact.

See also our Terms of Service (including the AI & admissions disclaimer).