studymedeu
Sign In
← Back home

Privacy Policy

Last updated: June 9, 2026

1. Who we are

StudyMedEU ("we", "us", "our") operates this platform for entry-exam preparation. For any privacy-related question, contact us at support@studymedeu.com.

2. Data we collect

  • Account data: name, email, password hash (or Google ID if signing in with Google).
  • Usage data: exam attempts, answers, scores, timestamps — used to track your progress.
  • Payment data: handled entirely by Stripe. We store only the order/plan reference, never card numbers.
  • Technical data: IP address, browser type, device info, cookies — used for security and basic analytics.

3. Why we collect it

  • To create and maintain your account.
  • To deliver the practice exams, track results, and show your progress.
  • To process one-time payments and manage your access period.
  • To send transactional emails (password resets, receipts, important account notices).
  • To improve the platform — what works, what breaks, what to build next.
  • To prevent fraud and abuse.

4. Legal basis (GDPR)

We rely on: contract (to deliver the service you signed up for), legitimate interest (security, product improvement), consent (marketing emails — optional, unsubscribe anytime), and legal obligation (tax, accounting records).

5. Who we share it with

We do not sell your data. We share only with processors strictly needed to run the service:

  • Stripe — payment processing.
  • Google — only if you choose Google sign-in.
  • Hosting & email providers — to deliver the app and transactional mail.

Each processor is bound by its own data-protection terms. We may also disclose data when required by law.

6. Cookies

We use strictly-necessary cookies to keep you signed in and protect against CSRF attacks. We may use minimal analytics cookies (aggregated, non-identifying) to understand traffic patterns. You can block cookies in your browser, but parts of the site may not work.

7. Data retention

We keep account and exam-attempt data while your account is active. After deletion, we remove personal data within 30 days, except records we are required to keep for tax/accounting (typically up to 7 years) or to defend legal claims.

8. Your rights

Under GDPR and similar laws you can:

  • Access the personal data we hold on you.
  • Correct inaccurate data.
  • Delete your account and associated personal data.
  • Export your data in a portable format.
  • Object to or restrict processing.
  • Withdraw consent at any time.
  • Lodge a complaint with your local data-protection authority.

Email support@studymedeu.com to exercise any of these. We respond within 30 days.

9. Security

Passwords are hashed (bcrypt). Traffic is encrypted via HTTPS. Database access is restricted to authorized personnel. No system is perfectly secure — if a breach affects you, we will notify you and the relevant authority as required by law.

10. International transfers

Some processors (e.g. Stripe, Google) may process data outside the EU/EEA. Where this happens, transfers rely on Standard Contractual Clauses or equivalent safeguards.

11. Children

The service is not directed at children under 16. If you believe a child has registered, contact us and we will remove the account.

12. Changes to this policy

We may update this policy. Material changes will be announced by email or in-app notice before they take effect. The "Last updated" date above always reflects the current version.

13. Contact

Questions, requests, or complaints: support@studymedeu.com.