Skip to content
MedQBank

Privacy Policy

Last updated: 12 May 2026

This Privacy Policy explains what information MedQBank collects about you, what it's used for, where it goes, and how to get it back or delete it. By using MedQBank you consent to the practices described below.

MedQBank is an independent project run by a single UWA medical student and may sit below the threshold that makes the Privacy Act 1988 (Cth) directly binding. The operator chooses to comply with the Australian Privacy Principles (APPs) as a matter of good practice, including the automated-decision-making transparency obligation introduced by the Privacy and Other Legislation Amendment Act 2024 (effective 10 December 2026).

1. Who runs MedQBank

MedQBank is built and operated by a single UWA medical student, based in Western Australia, Australia. There is no company behind it and no Australian Business Number (ABN). Privacy questions, access requests, and data-deletion requests can be sent to 25047004@student.uwa.edu.au.

2. What MedQBank collects

Account information

Your UWA email address and a hashed version of your password. A UWA email is required so that access stays within the cohort the tool was built for.

Study activity

  • Quiz sessions: subjects selected, answers given, scores, and time spent
  • Per-card spaced-repetition state: ratings, intervals, scheduled next review
  • Mistakes, marks-for-review, and questions you have flagged
  • Per-subject and per-lecture mastery, derived from your activity above

Conversational tutor data

If you use the chat tutor, MedQBank stores:

  • The full text of your conversations, including the messages you send and the responses you receive
  • The chat mode for each conversation and any safety metadata produced by the screen
  • Cost-accounting numbers used to enforce daily message and spend limits — these are counters, not the message bodies
  • A short learner-memory profile (focus subjects, weak topics, mastery state) so the tutor can tailor explanations, if you have not turned this off in Settings
  • Short embedding summaries — numeric representations, not the underlying text — of past conversations so the tutor can recall context from earlier sessions, if cross-session recall is enabled

Operational data

  • Anonymised, cookie-free analytics on which pages are visited and roughly where in the world from (Vercel Analytics)
  • Error and performance traces for diagnosing crashes (Sentry)
  • A single non-tracking functional cookie, sidebar_state, which remembers whether the sidebar is expanded or collapsed

3. How MedQBank uses your information

Your information is used to:

  • Operate the service — store your progress, render the right questions, sign you in
  • Personalise the conversational tutor and surface useful recommendations
  • Enforce fair-use limits on the tutor (daily message and spend caps)
  • Investigate errors and improve reliability
  • Aggregate anonymised statistics (e.g. how hard the average question is)

MedQBank does not train any AI model on your data and does not opt in to any provider-side training programme. Anthropic's API terms — current at the date of this Policy — state that prompts and completions submitted to the API are not used to train Anthropic's models without explicit opt-in. Provider terms can change; if a provider materially changes its training-data position, this Policy will be updated and you will be re-prompted to re-accept it.

4. Automated decision-making (APP 1.7–1.9)

Several MedQBank features make automated assessments about you. None of them affect your grades, your enrolment, or any official UWA record — they only shape what MedQBank shows you next.

  • Spaced-repetition scheduling. Each flashcard rating you give is fed through a scheduling algorithm (FSRS by default, SM-2 as an option) which calculates when the card will reappear. Inputs: your rating, the prior interval and ease, your retention target. Output: a next-review date.
  • Recommendation engine. The Study page suggests a next-best action (e.g. review overdue cards, retry mistakes, practise a weak subject). Inputs: your recent attempts, mistake list, mastery state, focus subjects. Output: a ranked suggestion.
  • Tutor safety classification. Each message you send to the tutor is screened by a separate model that estimates a distress level and whether the message appears to discuss a real patient. A high signal surfaces crisis-resource information and may, in narrow cases, block the message. The classification is not stored against your identity beyond the conversation it belongs to.
  • Tutor personalisation. The tutor reads your focus subjects, weak topics, and overall progress to choose framing. You can turn this off in Settings.

You can ask for a human review of any automated assessment by emailing 25047004@student.uwa.edu.au.

5. Where your data goes (APP 8 cross-border disclosure)

MedQBank uses the following sub-processors. Each has its own security and privacy commitments; together they cover all of the storage and processing that happens outside the browser.

  • Supabase. Database hosting and authentication. Location: United States.
  • Vercel. Application hosting, AI Gateway, and privacy-friendly analytics. Location: United States, with a global edge network.
  • Anthropic. Provides the Claude models used by the AI tutor and the safety classifier, routed through the Vercel AI Gateway. Location: United States.
  • Upstash. Redis storage for daily message and spend limits on the AI tutor. Location: Region selected closest to the user.
  • Sentry. Error monitoring and performance traces. Location: United States.

Because most of these providers are based in the United States or operate global infrastructure, your data is likely to be processed outside Australia. The sub-processors listed above maintain industry-standard security controls and contractual obligations consistent with the APPs.

6. Who else sees your data

MedQBank does not sell, rent, advertise on, or trade your personal information. It is not shared with UWA, with faculty, or with any other educational institution. Sub-processors listed above receive data only as needed to operate the service. The only other case in which data would be disclosed is where it is required by Australian law or to protect the safety of users.

7. Your rights and controls

You can, at any time:

  • Request a copy of the personal information held about you
  • Request correction of anything inaccurate
  • Request deletion of your account and the data tied to it
  • Export your chat history from Settings → Chat
  • Turn off, independently: anonymised analytics, chat memory, the tutor's access to your profile, and cross-session recall

Access, correction and deletion requests go to 25047004@student.uwa.edu.au.

8. How long MedQBank keeps your data

  • Account and study data: kept while your account is active. After you request deletion, the account and its data are removed within 30 days.
  • Chat history:kept until you delete it from Settings → Chat, or until your account is deleted.
  • Sentry traces:retained for 90 days under Sentry's standard policy, then deleted automatically.
  • Analytics: aggregated and non-identifying. There is no per-user analytics record to delete.

Each sub-processor listed in Section 5 may retain operational copies of data on its own side (server logs, backups, error traces) under its own retention policies, independent of any deletion you request through MedQBank.

If MedQBank is discontinued, users will be given at least 30 days' notice and an opportunity to export their data before the database is shut down, except where an earlier shutdown is required by law, by a binding take-down notice, or to address an imminent risk to user safety or security.

9. Security

Connections are encrypted in transit (HTTPS). Passwords are hashed. Database access is limited to the operator. The chat tutor is rate-limited per user, spend-capped per day, and runs every message through a safety screen. No system is perfectly secure, and you should choose a strong, unique password.

10. Data breach notification

Where a breach is likely to cause serious harm, affected users will be notified as soon as practicable. This commitment aligns with the Notifiable Data Breaches scheme under Part IIIC of the Privacy Act 1988 (Cth).

11. Changes to this Policy

Material changes will be flagged the next time you sign in via the in-product Terms gate, and you will need to re-accept before continuing. Minor edits (typos, clarifications) will be posted here with a new “Last updated” date.

12. Contact

For privacy questions or to exercise any of the rights above, email 25047004@student.uwa.edu.au. For a description of what cookies MedQBank does and doesn't set, see the Cookie Policy.