1. Introduction
Welcome to Medical Physiology Hub ("we," "our," or "us"). We are committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application and related services (collectively, the "Service").
By using our Service, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree with our policies and practices, please do not use our Service.
2. Information We Collect
2.1 Information You Provide to Us
We collect information that you provide directly to us when you:
- Create an Account: When you register for an account, we collect email address, password (encrypted and stored securely), display name (optional), and profile picture (optional, if you choose to upload one).
- Use the Service: We collect quiz answers and responses, learning progress and course completion data, subscription preferences and payment information (processed through third-party payment processors), feedback and support requests, and user preferences and settings.
2.2 Information Automatically Collected
When you use our Service, we automatically collect certain information about your device and usage patterns:
- Device Information: Device unique identifier (device ID), device name, model, and manufacturer, operating system and version, app version, and platform type (iOS, Android, Web, etc.).
- Session Information: Login timestamps, last active time, session duration, and device sessions and concurrent login tracking.
- Usage Data: Features accessed and used, time spent on different sections, quiz attempts and results, course progress and completion rates, and error logs and crash reports.
- Network Information: IP address, network connectivity status, and connection type.
2.3 Information from Third-Party Services
We may receive information from third-party services that you connect to our Service:
- Firebase Services: Authentication, database, storage, and analytics data
- Payment Processors: Transaction information (processed securely through Lenco payment gateway)
- AI Services: Quiz evaluation data processed through Google Gemini AI
3. How We Use Your Information
3.1 Service Provision
To create and manage your account, provide access to courses, quizzes, and learning materials, track your learning progress and personalize your experience, process payments and manage subscriptions, enforce device and session limits based on your subscription plan, and evaluate quiz answers using AI-powered assessment tools.
3.2 Communication
To send you important updates about the Service, respond to your support requests and inquiries, send email verification messages, and notify you about subscription changes or payment confirmations.
3.3 Security and Fraud Prevention
To detect and prevent fraudulent activity, monitor for suspicious login patterns, enforce security policies and prevent unauthorized access, and protect against account sharing and credential misuse.
3.4 Analytics and Improvement
To analyze usage patterns and improve our Service, understand how users interact with our content, identify and fix technical issues, and develop new features and enhance existing ones.
3.5 Legal Compliance
To comply with applicable laws and regulations, respond to legal requests and protect our rights, and enforce our Terms of Service.
4. Data Storage and Security
4.1 Data Storage
Your information is stored using the following methods:
- Cloud Storage: User data, progress, and content are stored securely in Firebase Cloud Firestore
- File Storage: Profile pictures and uploaded images are stored in Firebase Storage
- Local Storage: Device identifiers and preferences are stored locally on your device using secure storage mechanisms
- Analytics Data: Aggregated usage analytics are stored in Firebase Analytics
4.2 Security Measures
We implement industry-standard security measures to protect your information:
- Encryption: All data transmitted between your device and our servers is encrypted using SSL/TLS
- Authentication: Secure authentication through Firebase Authentication
- Access Controls: Limited access to personal data on a need-to-know basis
- Secure Storage: Sensitive data stored using Flutter Secure Storage
- Session Management: Active monitoring and management of user sessions
- Device Fingerprinting: Unique device identification to prevent unauthorized access
4.3 Data Retention
We retain your information for as long as necessary to provide the Service and fulfill the purposes outlined in this Privacy Policy:
- Account Data: Retained while your account is active and for a reasonable period after account deletion
- Session Data: Retained for up to 90 days of inactivity, then automatically cleaned up
- Activity Logs: Retained for up to 90 days for security and troubleshooting purposes
- Payment Records: Retained as required by law and payment processor requirements
- Analytics Data: Aggregated and anonymized data may be retained longer for statistical purposes
5. Third-Party Services
We use the following third-party services that may collect, process, or store your information:
5.1 Firebase (Google)
- Firebase Authentication: User authentication and account management
- Cloud Firestore: Database storage for user data and content
- Firebase Storage: File storage for profile pictures and user uploads
- Firebase Analytics: Usage analytics and app performance monitoring
5.2 Google Gemini AI
- Purpose: AI-powered evaluation of quiz answers (long-answer questions)
- Data Processed: Quiz questions, correct answers, and user responses
- Note: Quiz answers are sent to Google Gemini AI for evaluation purposes only
5.3 Lenco Payment Gateway
- Purpose: Processing subscription payments
- Data Processed: Payment information, transaction details, and billing data
- Note: We do not store your full payment card details. All payment processing is handled securely by Lenco.
5.4 Google Fonts
- Purpose: Providing typography for the app interface
- Data Processed: May collect usage statistics
6. Device and Session Management
6.1 Device Limits
To prevent unauthorized account sharing and ensure fair usage, we implement device limits based on your subscription plan:
- Free Tier: Limited device access
- Premium Tiers: Increased device limits as specified in your subscription plan
6.2 Device Fingerprinting
We use device fingerprinting technology to:
- Create a unique identifier for each device
- Track device sessions and prevent unauthorized access
- Enforce subscription-based device limits
- Detect suspicious activity patterns
Device identifiers are generated using device hardware information (where available), secure storage mechanisms, and platform-specific identifiers (Android ID, iOS identifierForVendor, etc.).
6.3 Session Management
We actively monitor and manage user sessions to:
- Prevent concurrent session abuse
- Detect and prevent credential sharing
- Ensure security and compliance with subscription terms
- Automatically expire inactive sessions
7. Your Rights and Choices
7.1 Access and Correction
You have the right to access your personal information, correct inaccurate or incomplete information, and update your profile and preferences through the app settings.
7.2 Data Deletion
You can request deletion of your account and associated data by using the account deletion feature in the app settings or contacting us at medicalphysiologyhub@gmail.com.
Upon account deletion: your account will be permanently deleted, your personal data will be removed from our active databases, some information may be retained as required by law or for legitimate business purposes, and aggregated and anonymized data may be retained.
7.3 Data Portability
You can request a copy of your data in a portable format by contacting us at medicalphysiologyhub@gmail.com.
7.4 Opt-Out Options
You can disable analytics collection through app settings (where available), unsubscribe from marketing emails (if applicable), and manage notification preferences in device settings.
Note: Some data collection is necessary for the Service to function properly and cannot be opted out of.
7.5 Device Management
You can view your active devices in the app settings, remove devices from your account, and manage device limits based on your subscription.
8. Children's Privacy
Our Service is not intended for children under the age of 13 (or the minimum age required in your jurisdiction). We do not knowingly collect personal information from children under 13. If you believe we have collected information from a child under 13, please contact us immediately, and we will take steps to delete such information.
9. International Data Transfers
Your information may be transferred to and processed in countries other than your country of residence. These countries may have data protection laws that differ from those in your country. By using our Service, you consent to the transfer of your information to these countries.
We ensure that appropriate safeguards are in place to protect your information in accordance with this Privacy Policy, including standard contractual clauses, adequacy decisions, and other legally recognized transfer mechanisms.
10. California Privacy Rights
If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):
- Right to Know: You can request information about the categories and specific pieces of personal information we collect, use, and disclose
- Right to Delete: You can request deletion of your personal information (subject to certain exceptions)
- Right to Opt-Out: You can opt-out of the sale of personal information (we do not sell personal information)
- Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights
To exercise these rights, please contact us at medicalphysiologyhub@gmail.com.
11. European Privacy Rights (GDPR)
If you are located in the European Economic Area (EEA) or United Kingdom, you have additional rights under the General Data Protection Regulation (GDPR):
- Right of Access: You can request access to your personal data
- Right to Rectification: You can request correction of inaccurate data
- Right to Erasure: You can request deletion of your personal data
- Right to Restrict Processing: You can request restriction of processing
- Right to Data Portability: You can request transfer of your data
- Right to Object: You can object to processing of your personal data
- Right to Withdraw Consent: You can withdraw consent at any time
To exercise these rights, please contact us at medicalphysiologyhub@gmail.com.
12. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of any material changes by:
- Posting the updated Privacy Policy in the app
- Updating the "Last Updated" date at the top of this Privacy Policy
- Sending you an email notification (if you have provided an email address)
- Displaying a prominent notice in the app
Your continued use of the Service after such changes constitutes your acceptance of the updated Privacy Policy.
13. Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us:
Phone
0772827720Company
Medical Physiology Education
14. Data Controller Information
Data Controller
OneStop Medical Education
Note: This Privacy Policy should be reviewed regularly. We recommend checking this page periodically for any updates. The most current version will always be available in the app and on our website.
Last Updated: November 7, 2025