Skip to content
MedQBank

Privacy Policy

Last updated: 24 March 2026

This Privacy Policy describes how MedQBank collects, uses, and protects your information. By using MedQBank, you consent to the data practices described below. While MedQBank is a free student project and may not be formally covered by the Privacy Act 1988 (Cth), we voluntarily align with the Australian Privacy Principles (APPs) as a matter of best practice.

1. Information We Collect

Account Information

When you create an account, we collect your UWA email address and a hashed version of your password. We require a UWA email address to ensure the tool is only accessible to UWA students and staff.

Usage Data

We collect information about how you use MedQBank, including:

  • Quiz sessions: subjects selected, answers given, scores, time spent
  • Study progress: questions attempted, marks for review, flagged questions
  • Feature usage and navigation patterns (via Vercel Analytics)

Automatically Collected Data

We use Vercel Analytics to collect anonymised, privacy-friendly analytics data. This may include page views, device type, and general geographic region. Vercel Analytics does not use cookies and does not track individual users across sites.

2. How We Use Your Information

Your information is used solely to:

  • Provide and operate the MedQBank service
  • Track your personal study progress and performance
  • Improve the quality and features of the tool
  • Aggregate anonymised statistics (e.g. overall question difficulty)

3. Data Storage & Overseas Disclosure

Your data is stored in a Supabase-hosted PostgreSQL database. Supabase provides industry-standard security measures including encryption at rest and in transit.

In accordance with APP 8 (cross-border disclosure), we disclose that your data may be processed and stored on infrastructure located outside Australia, including in the United States, via:

  • Supabase — database hosting and authentication (US-based infrastructure)
  • Vercel — application hosting and edge network (globally distributed, US-headquartered)

Both providers maintain security practices consistent with international standards and their respective privacy policies.

4. Data Sharing

We do not sell, rent, or share your personal information with third parties beyond the service providers listed in Section 3 above. Your data is not provided to UWA, any faculty members, or any other educational institution.

5. Data Retention

Your data is retained for as long as your account exists. If MedQBank is discontinued, reasonable efforts will be made to notify users and provide an opportunity to request data deletion.

6. Your Rights

You have the right to:

  • Request access to the personal data we hold about you
  • Request deletion of your account and associated data
  • Request correction of any inaccurate data

To exercise any of these rights, please contact us at 25047004@student.uwa.edu.au.

7. Security

We implement reasonable security measures to protect your data, including encrypted connections (HTTPS), hashed passwords, and restricted database access. However, no method of electronic transmission or storage is 100% secure, and we cannot guarantee absolute security.

8. Data Breach Notification

In the event of a data breach that is likely to result in serious harm, we will take reasonable steps to notify affected users as soon as practicable. This approach is consistent with the Notifiable Data Breaches scheme under Part IIIC of the Privacy Act 1988 (Cth).

9. Changes to This Policy

We may update this Privacy Policy from time to time. Continued use of MedQBank after changes are posted constitutes acceptance of the updated policy.