Privacy Policy

Last updated: April 2026

1. What We Collect

We collect the following information when you use MedExcel:

• Account data — name, email address, and profile photo (via Google Sign-In or email registration)
• Study data — quizzes, flashcards, XP, streaks, and usage statistics
• Uploaded content — documents and images you upload for quiz generation. These are temporarily stored and deleted immediately after processing
• Payment references — transaction references and subscription IDs from Paystack, used to manage your recurring subscription. Card numbers and banking details are stored and tokenised by Paystack, not by MedExcel — we never see or store them
• Device data — FCM push notification tokens, used only to send study reminders you opt into

2. How We Use Your Data

We use your data exclusively to:

• Provide and improve the MedExcel service
• Process subscription payments
• Send study reminders and streak notifications (opt-out available)
• Send account security notifications (login alerts, password resets)
• Respond to support requests

We do not use your data for advertising, profiling, or any purpose outside of providing MedExcel.

3. Data Storage

Your data is stored securely on Google Firebase (Firestore database and Firebase Storage), hosted on Google Cloud infrastructure in data centres with enterprise-grade security.

Uploaded study materials are stored temporarily in Firebase Storage and are permanently deleted from our servers immediately after your quiz or flashcard set is generated.

4. Third-Party Services

MedExcel integrates with the following third-party services, each with their own privacy policies:

• Google Firebase — authentication, database, and file storage
• Paystack — payment processing
• Google Gemini & Groq AI — AI-powered quiz and flashcard generation
• Google Cloud Text-to-Speech — audio narration feature

We share only the minimum data necessary with each provider to perform their function.

5. We Never Sell Your Data

We do not sell, rent, lease, or trade your personal information to any third party, advertiser, or data broker. Your data exists solely to provide you with MedExcel.

6. Your Rights (NDPR)

Under the Nigeria Data Protection Regulation (NDPR), you have the following rights:

• Access — request a copy of the personal data we hold about you
• Correction — request correction of inaccurate data
• Deletion — delete your account at any time from the Profile page. All associated data is permanently removed within 30 days
• Objection — object to certain types of data processing

To exercise any of these rights, contact us at medexcel.app@gmail.com.

7. Push Notifications

If you grant notification permissions, we may send study reminders, streak alerts, and quiz completion notifications. You can disable notifications at any time through your device settings. We do not send marketing or promotional push notifications.

8. Data Retention

We retain your account data for as long as your account is active. When you delete your account, all associated personal data — including study history, XP, and profile information — is permanently deleted from our systems within 30 days.

9. Children

MedExcel is not intended for children under 16. We do not knowingly collect personal data from children under 16. If we become aware that we have collected data from a child under 16, we will delete it immediately.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes via the app or by email. The "Last updated" date at the top of this page will always reflect the most recent revision.