1. What We Collect
When you create an account on MatchReady, we collect:
- Account information: name, email address, password (hashed), and applicant type (IMG, DO, US MD)
- Profile information: medical school, graduation year, home country, specialty, match cycle year
- Application data: exam scores, QBank progress, practice exam results, USCE entries, LOR tracking, research and publications, signals, interviews, rank list, and ECFMG checklist status
- Program preferences: which residency programs you save, apply to, interview at, and rank
- Usage data: pages visited, features used, timestamps of actions
2. How We Use Your Data
- Personalization: to adapt your dashboard, show relevant progress indicators, and provide stage-appropriate guidance
- Product improvement: to understand how applicants use MatchReady and improve the experience
- Anonymized research: we may use anonymized, aggregate data to study patterns in the IMG match process. This may include publishing findings in medical education journals. Individual users are never identified in any research output.
- Future prediction tools: we plan to use anonymized historical data to build tools that help future applicants estimate their competitiveness for specific programs and specialties. These tools will use aggregate patterns, not individual records.
3. What We Do NOT Do
- We do not sell your personal data to third parties
- We do not share individually identifiable data with residency programs, medical schools, or any other institution
- We do not use your data for advertising
- We do not store protected health information (PHI) or patient data
4. Data Storage and Security
Your data is stored securely using Supabase (hosted on AWS). We use row-level security policies to ensure users can only access their own data. Passwords are hashed and never stored in plain text. All connections use HTTPS encryption.
5. Third-Party Services
We use the following third-party services:
- Supabase: database and authentication
- Vercel: hosting
- Google OAuth: optional sign-in (if you choose to sign in with Google, Google shares your email and name with us)
6. Your Rights
- Access: you can view all your data within the app at any time
- Correction: you can edit your profile and application data at any time
- Deletion: you can delete your account and all associated data from Profile → Delete Account. This action is permanent and cannot be undone.
- Opt out of research: if you do not want your anonymized data included in aggregate research, contact us and we will exclude your data
7. Data Retention
We retain your data for as long as your account is active. If you delete your account, all personal data is permanently removed. Anonymized aggregate data that has already been included in published research may persist in those publications.
8. Changes to This Policy
We may update this privacy policy from time to time. We will notify users of significant changes via email or in-app notification.