Privacy Policy
Last updated: [insert date at publication]
1. Who we are
Scalpel Hub ("Scalpel Hub," "we," "us") operates a subscription-based question bank, study notes, and study-planning platform for doctors preparing for medical licensing and postgraduate surgical examinations. This policy explains what personal data we collect through the Scalpel Hub website and app (the "Service"), why we collect it, and the choices you have.
2. Information we collect
- Account information: name, email address, password (stored hashed, never in plain text), and, if you sign in with Google, your Google profile name/email/ avatar.
- Study activity: questions answered, correctness, time spent, bookmarks, flagged questions, notes viewed, study plan configuration and progress, and analytics derived from this activity (accuracy, weak/strong topics, study streaks).
- Subscription and payment records: plan selected, subscription status, and transaction records. For our current manual payment methods, this includes: for Bank of Khartoum (Bankak), the transfer screenshot/receipt you upload and the sender name or phone number you provide; for USDT (BEP20), the transaction hash and, if provided, the sending wallet address — both of which are already public on the blockchain independent of us. In both cases we also store the amount/reference you enter, reviewed manually by our team to confirm payment. (If card payment via Stripe is enabled in future, card details would be handled directly by Stripe and we would never receive or store your full card number.)
- Communications: messages you send us via the contact form, and support correspondence.
- Technical data: IP address, browser/device type, and basic usage logs, collected automatically for security, rate-limiting, and service reliability.
3. How we use your information
- To provide the Service: authenticate you, track your progress, generate your study plan, and power analytics.
- To process payments and manage your subscription — currently via manual review of Bank of Khartoum (Bankak) transfers or USDT (BEP20) payments submitted by you.
- To send service emails: email verification, password reset, subscription/renewal and expiry notices, and — if you opt in — study/revision reminders and product announcements.
- To maintain security: rate limiting, fraud prevention, and audit logging of administrative actions.
- To improve the Service: aggregated, de-identified analysis of question difficulty and platform usage.
We do not sell your personal data to third parties, and we do not use your study content or performance data to train third-party AI models.
4. Who we share data with
We share data only with service providers who help us run the Service, under contracts that limit their use of your data to providing that service:
- MongoDB Atlas — database hosting.
- Cloudinary — image/file storage for question images, note attachments, PDFs you or our team upload, and the transfer screenshots/receipts you submit as proof of a Bank of Khartoum (Bankak) or USDT (BEP20) payment.
- Google — OAuth sign-in, if you choose to use it.
- Our email provider — delivering verification, reset, and notification emails.
- Vercel / Render / Cloudflare — application hosting and content delivery.
We may also disclose information if required by law, or to protect the rights, property, or safety of Scalpel Hub, our users, or the public.
5. International data transfers
Scalpel Hub serves doctors across the Middle East and internationally. Your data may be processed in countries other than your own (for example, on servers operated by our hosting and infrastructure providers). Where required, we rely on appropriate safeguards (such as standard contractual clauses) for these transfers. [Counsel to confirm the specific mechanisms appropriate for the jurisdictions Scalpel Hub operates in.]
6. Data retention
We retain account and study-activity data for as long as your account is active, plus a reasonable period afterward to comply with legal, tax, and accounting obligations and to resolve disputes. You may request earlier deletion — see Section 7.
7. Your rights
Depending on where you live, you may have the right to access, correct, export, or delete your personal data, and to object to or restrict certain processing. To exercise any of these rights, contact us using the details in Section 10. We will verify your identity and respond within a reasonable timeframe.
8. Security
We use industry-standard safeguards: passwords are hashed (never stored in plain text), traffic is encrypted in transit via HTTPS, access to administrative functions is role-restricted and audit-logged, and we apply rate limiting and input sanitization against common attacks. No system is perfectly secure, and we cannot guarantee absolute security of your information.
9. Children's privacy
Scalpel Hub is intended for medical professionals and trainees and is not directed at children. We do not knowingly collect personal data from anyone under the age of 18.
10. Contact us
Questions about this policy or your data can be sent to privacy@scalpelhub.online or via the Contact page.
11. Changes to this policy
We may update this policy as the Service evolves. We'll update the "Last updated" date above and, for material changes, provide reasonable notice (such as an in-app notification or email).