← Back to Home

Privacy Policy & Data Protection

Last updated: October 2, 2025

Our Commitment to Your Privacy

At Scrubs to Be, protecting your personal information and learning data is fundamental to our mission. We maintain the highest standards of data security and comply with all applicable regulations including FERPA, HIPAA, and international data protection laws.

Information We Collect

Account Information

  • Name, email address, and institutional affiliation
  • Educational background and career goals
  • Profile preferences and settings

Learning Data

  • Quiz and test performance metrics
  • Study patterns and time spent on platform
  • Progress tracking and achievement data
  • Content interactions and preferences

Technical Information

  • Device type, browser, and operating system
  • IP address and general location (country/region)
  • Session data and analytics

How We Use Your Information

Educational Purposes

To provide personalized learning experiences, track your progress, and adapt content to your needs

Platform Improvement

To analyze aggregate data for improving content, features, and user experience

Communication

To send important updates, educational content, and respond to your inquiries

Institutional Reporting

To provide aggregate analytics to partner institutions (individual data only with explicit consent)

Data Protection & Security

Encryption

All data is encrypted in transit (TLS 1.3) and at rest (AES-256)

Access Control

Role-based access with multi-factor authentication for sensitive data

Regular Audits

Third-party security audits and penetration testing quarterly

Compliance

SOC 2 Type II certified, FERPA and HIPAA compliant

Your Rights

You have the following rights regarding your personal data:

Access

Request a copy of all personal data we hold about you

Correction

Update or correct any inaccurate information

Deletion

Request deletion of your personal data (subject to legal requirements)

Portability

Export your data in a machine-readable format

FERPA Compliance

For students at partner institutions, we comply with the Family Educational Rights and Privacy Act (FERPA):

  • Educational records are protected and not disclosed without consent
  • Institutions maintain control over their students' educational data
  • Students have the right to review their educational records
  • We act as a school official under FERPA when providing services to institutions

Data Retention

We retain your data for as long as your account is active or as needed to provide services:

  • Active accounts: Data retained while account is in use
  • Inactive accounts: Anonymized after 2 years of inactivity
  • Deleted accounts: Personal data removed within 30 days
  • Legal requirements: Some data retained longer if required by law

Third-Party Services

We use select third-party services that have been vetted for security and privacy compliance:

  • Cloud hosting: AWS (SOC 2, ISO 27001 certified)
  • Analytics: Privacy-focused analytics with no personal data sharing
  • Email: Encrypted email service providers
  • Payment processing: PCI DSS compliant processors

Contact Us

For any privacy-related questions or to exercise your rights:

Data Protection Officer

Email: privacy@scrubstobe.com

Phone: (555) 123-4569

Address: 123 Medical Education Way, Boston, MA 02115

Changes to This Policy: We may update this privacy policy periodically. We will notify you of significant changes via email and platform notifications. Continued use of our services constitutes acceptance of the updated policy.