Privacy Policy

Last updated: April 21, 2026

SHOS Med LLC, a New Jersey limited liability company doing business as "SHOS Med" ("we," "us," or "our") respects your privacy and is committed to protecting your personal data. This policy explains what data we collect, how we use it, and your rights. This Privacy Policy applies to all users of the SHOS Med website and services, regardless of whether you use free or paid features.

1. Information We Collect

When you create an account or use our services, we may collect:

• Account information: Name, email address, chosen pathway (Applicant Path for med school applicants or Student Path for residency applicants)
• Usage data: Question Bank progress, test scores, study activity, Exam Review Guide reading progress, Research Course module completion, feature usage, and session timestamps
• User-created content: Notes, highlights, bookmarks, and annotations you create while using the Exam Review Guide, Question Bank, or Research Course, which are saved to your account
• Forum content: Questions, answers, comments, and other content you post on the community forum
• Communications: Emails and messages you send to us, and records of mentorship or consultation sessions
• Payment information: Processed securely by our payment provider (Stripe). We do not store credit card numbers. We retain records of purchase transactions, including the product purchased, amount, and date.
• Entrance exam registration data: If you register for an entrance examination through SHOS Med, we collect the information required for registration, which may be shared with the Third Faculty of Medicine (LF3), Charles University, as described in Section 3.

2. How We Use Your Information

• Provide and improve our educational services, including the Question Bank, Exam Review Guide, and Research Course
• Track your study progress, question bank performance, research course completion, and saved notes and highlights
• Personalize your dashboard experience based on your chosen pathway (Applicant or Student)
• Send service-related communications (account updates, support responses, service announcements)
• Process payments for paid services (Research Strategy Package, Application Package, consultation sessions)
• Facilitate entrance exam registration with LF3 on your behalf
• Embed identifying information (such as your email address) in digital watermarks on content you view, for the purpose of protecting our intellectual property and identifying unauthorized distribution
• Moderate community forum content and enforce our Terms of Service
• Generate anonymized, aggregate analytics to improve our services

3. Third-Party Services

We use the following third-party services that may process your data:

• Firebase (Google): Authentication, Firestore database for data storage (including your account data, study progress, notes, highlights, and user-generated content), and hosting. Firebase Privacy Policy
• Stripe: Payment processing for paid services. Stripe Privacy Policy
• Google Fonts: Web fonts loaded from Google servers. Google Privacy Policy
• LF3 / Charles University: If you register for an entrance examination through SHOS Med, your registration information (name, email, and other required details) will be shared with LF3 for the purpose of processing your examination registration. LF3 processes your data under its own privacy policies, over which SHOS Med has no control.

4. Data Storage and Security

Your data is stored in Google Cloud Firestore servers through our use of Firebase. Specifically, we store the following in Firestore:

• Account profile and preferences
• Question Bank progress, scores, and flagged questions
• Exam Review Guide and Research Course progress, completion status, and time spent
• Notes, highlights, and annotations you create within the Exam Review Guide, Question Bank, and Research Course
• Forum posts and community contributions
• Payment and subscription records (excluding credit card numbers)

We use industry-standard security measures including encrypted connections (HTTPS), Firebase Authentication, and Firestore security rules to protect your data. However, no method of transmission over the Internet is 100% secure, and we cannot guarantee absolute security.

5. Watermark and Content Protection Data

To protect our intellectual property, we embed digital watermarks in content viewed through our platform. These watermarks may include your registered email address or a unique account identifier. Watermarks may be visible or invisible and are embedded in Question Bank questions, Exam Review Guide chapters, and Research Course modules. This data is used solely for the purpose of identifying the source of any unauthorized reproduction or distribution of our content. By using our services, you consent to the embedding of this identifying information in the content you view.

6. Cookies and Local Storage

We use the following browser storage mechanisms:

• localStorage: To store your study preferences, UI settings, and cookie consent status locally on your device. This data does not leave your device.
• Firebase session cookies: For authentication and maintaining your logged-in session. These are essential cookies required for the service to function.
• Cookie consent preference: We store your cookie consent decision in localStorage.

We do not use third-party tracking cookies, advertising cookies, or analytics cookies from third-party advertising networks. We do not participate in any ad networks or share cookie data with advertisers.

7. Your Rights

You have the right to:

• Access: Request a copy of the personal data we hold about you, including your stored notes, highlights, progress data, and forum posts
• Correction: Update or correct your personal data through your account settings or by contacting us
• Deletion: Request deletion of your account and associated data, including all notes, highlights, progress, and forum posts
• Data portability: Request your data in a machine-readable format
• Restriction: Request that we restrict processing of your personal data in certain circumstances
• Objection: Object to processing of your personal data for certain purposes

To exercise any of these rights, email us at contact@shosmed.com. We will respond to all requests within 30 days.

8. Legal Basis for Processing (GDPR)

If you are located in the European Economic Area (EEA), we process your personal data under the following legal bases:

• Consent: For marketing communications, optional data collection (e.g., newsletter sign-up), and embedding watermark data in viewed content. You may withdraw consent at any time.
• Legitimate interest: For service delivery, site security, fraud prevention, content protection and intellectual property enforcement, and improving our Services.
• Contract performance: For processing data necessary to provide services you have purchased or registered for, including Research Strategy Package access, Application Package sessions, mentorship sessions, entrance exam registration facilitation, and Question Bank and Exam Review Guide access.

9. International Data Transfers

Your personal data is processed and stored in the United States through our service providers, including Firebase (Google Cloud) and Stripe. If you register for an entrance examination, your registration data may also be transferred to LF3 in the Czech Republic. If you are located outside the United States, including in the EEA, your data will be transferred to and processed in the US (and potentially the Czech Republic for exam registration purposes). We rely on standard contractual clauses and our service providers' compliance frameworks to ensure appropriate safeguards for international data transfers in accordance with GDPR Articles 46-49.

10. Data Protection Contact

For any questions or requests regarding your personal data or this privacy policy, including exercising your rights under GDPR, please contact us at:

Email: contact@shosmed.com

11. Children's Privacy

SHOS Med's Services are not directed to children under the age of 13. In compliance with the Children's Online Privacy Protection Act (COPPA), we do not knowingly collect, use, or disclose personal information from any child under the age of 13. If you are under 13, please do not create an account, submit personal information, or use our Services.

Our Services are intended for users aged 16 and older. Users between 13 and 16 may only use our Services with the involvement and consent of a parent or legal guardian, where permitted by applicable law.

If you are a parent or guardian and believe that a child under 13 has provided us with personal information, please contact us at contact@shosmed.com and we will promptly delete the information from our records.

12. Data Retention

We retain your data according to the following schedule:

• Active accounts: All account data, including notes, highlights, progress, and forum posts, is retained for as long as your account is active.
• Paid service records: Payment transaction records and service delivery records are retained for seven (7) years after the transaction for accounting and legal compliance purposes.
• Account deletion requests: Upon your request, we will remove your personal data within 30 days, except where we are required to retain it for legal, regulatory, or accounting purposes.
• Expired paid access: If your paid service access expires (e.g., Research Strategy Package 6-month access), your progress and completion data may be retained, but access to the paid content will be revoked.
• Forum content: Forum posts may be retained after account deletion in anonymized form to preserve the integrity of community discussions, unless you specifically request their removal.
• Watermark records: Records linking watermark identifiers to user accounts are retained for the duration of the account and for two (2) years after account deletion for intellectual property enforcement purposes.

13. Changes to This Policy

We may update this privacy policy from time to time. We will notify registered users of significant changes by email. The "Last updated" date at the top of this page indicates when this policy was last revised. Continued use of our services after notification of changes constitutes acceptance of the updated policy.

14. Contact Us

If you have questions about this privacy policy or your personal data, contact us at:

SHOS Med LLC
USA

Email: contact@shosmed.com
Privacy requests: privacy@shosmed.com
Legal notices: legal@shosmed.com