Privacy Policy
MDNDO ("we", "us") is committed to protecting your privacy. This policy explains what data we collect, how we use it, and your rights.
1. Data We Collect
| Data | Purpose | Retention |
|---|---|---|
| Email address (if you sign in) | Account authentication, sending OTP codes | Until you delete your account |
| Analysis inputs (GPA, MCAT, state, experiences) | Generating your admissions analysis | Up to 100 most recent analyses (rolling), anonymized |
| Purchase history (if paid) | Credit tracking, Stripe payment processing | As required by law (typically 7 years) |
| Server logs (IP, timestamps) | Security, abuse prevention | 30 days |
We do not collect your name, phone number, school transcripts, or any government-issued ID.
2. How We Use Your Data
- To generate and deliver your admissions analysis
- To authenticate your account and send OTP verification codes
- To process payments through Stripe (we never see or store your card details)
- To improve the accuracy of our statistical models (aggregated, anonymized)
- To detect and prevent abuse or unauthorized use
We do not sell your data, use it for advertising, or share it with third parties except as described below.
3. Third-Party Services
| Service | Purpose | Data Shared |
|---|---|---|
| Groq (narrative analysis) | Generating personalized advisory text | Your GPA, MCAT, experience inputs, state — no email |
| Stripe | Payment processing | Email, payment details (processed directly by Stripe) |
| Brevo (optional) | Transactional email (OTP codes) | Email address only |
Each third-party service is bound by their own privacy policy and data processing agreements. We use only reputable providers with strong privacy commitments.
4. Cookies and Storage
We use localStorage (not cookies) to store your session token on your device. No tracking cookies or advertising pixels are used. We do not use Google Analytics or similar tracking services.
5. Your Rights
Depending on your location, you may have the right to:
- Access the data we hold about you
- Delete your account and associated data
- Correct inaccurate data
- Portability — receive your data in a machine-readable format
- Opt out of any non-essential data processing
To exercise these rights, contact us through the app. We will respond within 30 days.
6. California Residents (CCPA)
If you are a California resident, you have the right to know what personal information we collect, the right to delete it, and the right to opt out of its sale. We do not sell personal information. To submit a CCPA request, contact us through the app.
7. Data Security
Analysis inputs are stored in a local JSON file on our server with rolling deletion after 100 entries. Authentication tokens are hashed. We use HTTPS for all data transmission. No sensitive personal data (medical records, financial data, Social Security numbers) is ever collected or stored.
8. Children's Privacy
MDNDO is intended for adults (18+) applying to medical school. We do not knowingly collect data from anyone under 18. If you believe a minor has submitted data, contact us for immediate deletion.
9. Changes to This Policy
We may update this Privacy Policy periodically. We will post the updated policy with a new effective date. Continued use of the Service constitutes acceptance of the updated policy.
10. Contact
For privacy-related questions, data deletion requests, or to exercise your rights, contact us through the app or at the email address associated with your account.