Privacy Policy

Last updated: March 24, 2026

SHOS Med Global LLC ("we," "us," or "our") respects your privacy and is committed to protecting your personal data. This policy explains what data we collect, how we use it, and your rights. This Privacy Policy applies to all users of the SHOS Med Global website and services, regardless of whether you use free or paid features.

1. Information We Collect

When you create an account or use our services, we may collect:

• Account information: Name, email address, chosen pathway (Applicant Path for med school applicants or Student Path for residency applicants)
• Usage data: Question Bank progress, test scores, study activity, Exam Review Guide reading progress, Research Course module completion, feature usage, and session timestamps
• User-created content: Notes, highlights, bookmarks, and annotations you create while using the Exam Review Guide, Question Bank, or Research Course, which are saved to your account
• Forum content: Questions, answers, comments, and other content you post on the community forum
• Communications: Emails and messages you send to us, and records of mentorship or consultation sessions
• Payment information: Processed securely by our payment provider (Stripe). We do not store credit card numbers. We retain records of purchase transactions, including the product purchased, amount, and date.
• Entrance exam registration data: If you register for an entrance examination through SHOS Med Global, we collect the information required for registration, which may be shared with the Third Faculty of Medicine (LF3), Charles University, as described in Section 3.

2. How We Use Your Information

• Provide and improve our educational services, including the Question Bank, Exam Review Guide, and Research Course
• Track your study progress, question bank performance, research course completion, and saved notes and highlights
• Personalize your dashboard experience based on your chosen pathway (Applicant or Student)
• Send service-related communications (account updates, support responses, service announcements)
• Process payments for paid services (Research Strategy Package, Application Package, consultation sessions)
• Facilitate entrance exam registration with LF3 on your behalf
• Embed identifying information (such as your email address) in digital watermarks on content you view, for the purpose of protecting our intellectual property and identifying unauthorized distribution
• Moderate community forum content and enforce our Terms of Service
• Generate anonymized, aggregate analytics to improve our services

3. Third-Party Services

We use the following third-party services that may process your data:

• Firebase (Google): Authentication, Firestore database for data storage (including your account data, study progress, notes, highlights, and user-generated content), and hosting. Firebase Privacy Policy
• Stripe: Payment processing for paid services. Stripe Privacy Policy
• Google Fonts: Web fonts loaded from Google servers. Google Privacy Policy
• LF3 / Charles University: If you register for an entrance examination through SHOS Med Global, your registration information (name, email, and other required details) will be shared with LF3 for the purpose of processing your examination registration. LF3 processes your data under its own privacy policies, over which SHOS Med Global has no control.

4. Data Storage and Security

Your data is stored in Google Cloud Firestore servers through our use of Firebase. Specifically, we store the following in Firestore:

• Account profile and preferences
• Question Bank progress, scores, and flagged questions
• Exam Review Guide and Research Course progress, completion status, and time spent
• Notes, highlights, and annotations you create within the Exam Review Guide, Question Bank, and Research Course
• Forum posts and community contributions
• Payment and subscription records (excluding credit card numbers)

We use industry-standard security measures including encrypted connections (HTTPS), Firebase Authentication, and Firestore security rules to protect your data. However, no method of transmission over the Internet is 100% secure, and we cannot guarantee absolute security.

5. Watermark and Content Protection Data

To protect our intellectual property, we embed digital watermarks in content viewed through our platform. These watermarks may include your registered email address or a unique account identifier. Watermarks may be visible or invisible and are embedded in Question Bank questions, Exam Review Guide chapters, and Research Course modules. This data is used solely for the purpose of identifying the source of any unauthorized reproduction or distribution of our content. By using our services, you consent to the embedding of this identifying information in the content you view.

6. Cookies and Local Storage

We use the following browser storage mechanisms:

• localStorage: To store your study preferences, UI settings, and cookie consent status locally on your device. This data does not leave your device.
• Firebase session cookies: For authentication and maintaining your logged-in session. These are essential cookies required for the service to function.
• Cookie consent preference: We store your cookie consent decision in localStorage.

We do not use third-party tracking cookies, advertising cookies, or analytics cookies from third-party advertising networks. We do not participate in any ad networks or share cookie data with advertisers.

7. Your Rights

You have the right to:

• Access: Request a copy of the personal data we hold about you, including your stored notes, highlights, progress data, and forum posts
• Correction: Update or correct your personal data through your account settings or by contacting us
• Deletion: Request deletion of your account and associated data, including all notes, highlights, progress, and forum posts
• Data portability: Request your data in a machine-readable format
• Restriction: Request that we restrict processing of your personal data in certain circumstances
• Objection: Object to processing of your personal data for certain purposes

To exercise any of these rights, email us at eli@shosmed.com. We will respond to all requests within 30 days.

8. Legal Basis for Processing (GDPR)

If you are located in the European Economic Area (EEA), we process your personal data under the following legal bases:

• Consent: For marketing communications, optional data collection (e.g., newsletter sign-up), and embedding watermark data in viewed content. You may withdraw consent at any time.
• Legitimate interest: For service delivery, site security, fraud prevention, content protection and intellectual property enforcement, and improving our Services.
• Contract performance: For processing data necessary to provide services you have purchased or registered for, including Research Strategy Package access, Application Package sessions, mentorship sessions, entrance exam registration facilitation, and Question Bank and Exam Review Guide access.

9. International Data Transfers

Your personal data is processed and stored in the United States through our service providers, including Firebase (Google Cloud) and Stripe. If you register for an entrance examination, your registration data may also be transferred to LF3 in the Czech Republic. If you are located outside the United States, including in the EEA, your data will be transferred to and processed in the US (and potentially the Czech Republic for exam registration purposes). We rely on standard contractual clauses and our service providers' compliance frameworks to ensure appropriate safeguards for international data transfers in accordance with GDPR Articles 46-49.

10. Right to Lodge a Complaint

If you are located in the EEA, you have the right to lodge a complaint with your local data protection supervisory authority if you believe your personal data has been processed in violation of applicable data protection laws. A list of EU data protection authorities is available at https://edpb.europa.eu.

11. Data Protection Contact

For any questions or requests regarding your personal data or this privacy policy, including exercising your rights under GDPR, please contact us at:

Email: eli@shosmed.com

12. Children's Privacy

Our services are intended for users aged 16 and older. We do not knowingly collect personal data from children under 16. If we discover that we have collected data from a child under 16, we will delete it promptly.

13. Data Retention

We retain your data according to the following schedule:

• Active accounts: All account data, including notes, highlights, progress, and forum posts, is retained for as long as your account is active.
• Paid service records: Payment transaction records and service delivery records are retained for seven (7) years after the transaction for accounting and legal compliance purposes.
• Account deletion requests: Upon your request, we will remove your personal data within 30 days, except where we are required to retain it for legal, regulatory, or accounting purposes.
• Expired paid access: If your paid service access expires (e.g., Research Strategy Package 6-month access), your progress and completion data may be retained, but access to the paid content will be revoked.
• Forum content: Forum posts may be retained after account deletion in anonymized form to preserve the integrity of community discussions, unless you specifically request their removal.
• Watermark records: Records linking watermark identifiers to user accounts are retained for the duration of the account and for two (2) years after account deletion for intellectual property enforcement purposes.

14. Changes to This Policy

We may update this privacy policy from time to time. We will notify registered users of significant changes by email. The "Last updated" date at the top of this page indicates when this policy was last revised. Continued use of our services after notification of changes constitutes acceptance of the updated policy.

15. California Privacy Rights (CCPA)

If you are a California resident, the California Consumer Privacy Act (CCPA) provides you with specific rights regarding your personal information:

• We do not sell personal information. SHOS Med Global does not sell, rent, or trade your personal information to third parties for monetary or other valuable consideration.
• We do not share personal information for cross-context behavioral advertising.
• Right to know: You have the right to request information about the categories and specific pieces of personal information we have collected about you, the categories of sources from which it was collected, and the business purpose for collecting it.
• Right to deletion: You have the right to request that we delete any personal information we have collected from you, subject to certain exceptions (such as legal retention requirements).
• Right to correct: You have the right to request correction of inaccurate personal information we maintain about you.
• Right to non-discrimination: We will not discriminate against you for exercising any of your CCPA rights. We will not deny you services, charge different prices, or provide a different quality of service because you exercised your rights.

Categories of personal information collected: Identifiers (name, email), commercial information (purchase history), internet activity (usage data, study progress), and user-generated content (notes, highlights, forum posts). We collect this information for the business purposes described in Section 2 of this policy.

To exercise any of these rights, please contact us at eli@shosmed.com. We will respond to verifiable consumer requests within 45 days.

16. Contact Us

If you have questions about this privacy policy or your personal data, contact us at:

SHOS Med Global LLC

Email: eli@shosmed.com