Privacy Policy

Last updated: February 2026

Pre PG: MCQ Practice App ("we", "us", "our", or the "App") is committed to protecting the privacy of our users. This Privacy Policy explains how we collect, use, store, and protect your personal information when you use our mobile application and associated services.

This Privacy Policy is published in compliance with the Information Technology Act, 2000, the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011, and the Digital Personal Data Protection Act, 2023 ("DPDP Act"), as applicable.

1. Information We Collect

1.1 Information You Provide

• Phone Number — Used for account creation, OTP-based authentication, and login. This is the primary identifier for your account.
• Full Name — Displayed on leaderboards (along with last 4 digits of your phone number) and within the App interface.
• Copyright Complaint Information — If you submit a copyright complaint or legal request, we collect the details you provide (see Section 8).
• Forum Content — Any posts, comments, or content you voluntarily submit through community discussion features.
• Payment Information — When you purchase the ad-free experience, we collect your order details and transaction identifiers. Payment card/UPI details are processed directly by our payment gateway (Razorpay) and are not stored on our servers.
• Referral Information — Your unique referral code and records of referrals you make or receive.

1.2 Information Collected Automatically

• Quiz & Test Performance Data — Questions attempted, answers selected, scores, time taken, streaks, and daily practice statistics.
• Test Series Results — Scores, rankings, submission timestamps, and answer details for weekly mock tests and daily tests.
• AI-Generated Content Data — When you use AI features (Detailed Discussion, Clinical Points, Exam Pearls, Short Theory, or LEXA conversations), the generated responses are cached on our servers linked to the question ID — not to your personal identity. This caching reduces response times and AI service costs.
• Text Highlights & Annotations — When you use the built-in text highlighter tool to highlight or annotate AI-generated content, your highlights are stored on our servers and linked to your account for cross-session synchronisation.
• Flashcard Data — AI-generated flashcards from topics you study, including bookmark status, are stored on our servers and linked to your account.
• Push Notification Tokens — If you enable push notifications, we collect your device push notification token (via Firebase Cloud Messaging for Android or Apple Push Notification Service for iOS) to send you test reminders, exam alerts, and important service notifications. You can disable push notifications at any time through your device settings.
• Purchase & Transaction Data — Purchase records and feature unlock history (e.g., ad-free status).
• Advertising Data — We use Google AdMob to display ads. AdMob may collect device identifiers, advertising IDs, and usage data to serve personalized ads. You can opt out of personalized ads in your device settings. See Google's Privacy Policy for details.
• App Usage Data — Subjects studied, progress metrics, favourite questions, and forum interactions.
• Content Moderation Data — Reports you submit about other users or content, and any blocks you apply. This data is used to maintain community safety.
• Session Data — We enforce single-device login. When you log in on a new device, any existing session on a previous device is automatically terminated.
• Device Information — Device type, operating system version, and app version for compatibility and debugging purposes.
• Sync Timestamps — Used to enable offline-first functionality and delta synchronisation of question data.
• IP Address and Network Information — Collected automatically by our servers for security, rate limiting, and abuse prevention.

2. Lawful Basis for Processing

We process your personal data on the following lawful bases:

• Consent — By registering and using the App, you consent to the collection and processing of your data as described in this Policy. Consent is obtained through your affirmative action of completing OTP verification and account creation.
• Contractual Necessity — Processing necessary to provide the services described in our Terms of Service.
• Legitimate Interest — For security, fraud prevention, service improvement, and analytics.
• Legal Obligation — To comply with applicable laws, regulations, court orders, or governmental requests.

3. How We Use Your Information

• Authentication & Security — To verify your identity via OTP, maintain secure sessions, and prevent unauthorised access.
• App Functionality — To provide personalised quiz experiences, track progress, calculate streaks, generate analytics, and enable offline study.
• Test Series & Leaderboards — To score mock tests, compute All India Rankings, and display leaderboard entries (name + last 4 phone digits).
• Forum & Community — To attribute posts and enable peer discussion features.
• Service Improvement — To analyse aggregate usage patterns, identify bugs, and improve the App's content and features.
• Communication — To send essential service-related notifications (e.g., test reminders, policy updates).
• Legal Compliance — To respond to lawful requests, enforce our Terms, and protect our legal rights.

4. Data Storage, Security, and Localisation

Your data is stored on secure servers. We implement appropriate and commercially reasonable security measures including:

• Encrypted communications using HTTPS/TLS protocols.
• Secure database access controls with authentication.
• Appropriate hashing and protection of credentials and authentication tokens.
• Access controls limiting employee access to personal data on a need-to-know basis.

While we take reasonable precautions to protect your data, no method of electronic storage or transmission over the Internet is 100% secure. We cannot guarantee absolute security of your information.

Question data is cached locally on your device to enable offline study. This local data is synchronised with our servers when you connect to the internet. Local data stored on your device is subject to your device's own security measures.

We endeavour to store and process data within India in compliance with data localisation requirements under applicable law, including the DPDP Act, 2023. Where data is processed by third-party service providers whose infrastructure may be located outside India, we ensure appropriate contractual safeguards are in place as required by law.

5. Data Sharing and Disclosure

We do not sell, trade, or rent your personal information to third parties. We may share information only in the following limited circumstances:

• Leaderboards — Your name and last 4 digits of your phone number are displayed on test leaderboards visible to other App users. By participating in the Test Series, you consent to this display.
• Legal Requirements — When required by law, court order, subpoena, or governmental or regulatory authority. We may disclose your data if we believe in good faith that such disclosure is necessary to comply with applicable law or protect our rights.
• Service Providers — With trusted third-party services that help us operate the App (e.g., SMS/OTP providers, cloud hosting, payment processors), bound by contractual confidentiality obligations and data processing agreements.
• AI Service Providers — When you use Ask Lexa, your conversation messages (without any personally identifiable information beyond what you voluntarily type) are sent to third-party AI service providers to generate responses. We do not share your phone number, name, or account details with AI providers.
• Payment Processors — When you make a purchase, your payment information (card details, UPI ID, net banking credentials) is processed directly by Razorpay, our payment gateway provider, in accordance with PCI-DSS standards. We receive only the transaction status, order ID, and amount — not your full payment credentials.
• Copyright Complaints — As described in Section 8 below.
• Business Transfers — In the event of a merger, acquisition, reorganisation, or sale of assets, your data may be transferred as part of the transaction, subject to this Privacy Policy continuing to apply.
• Protection of Rights — To enforce our Terms of Service, protect our rights, property, or safety, or the rights, property, or safety of our users or others.

6. Data Retention

We retain your personal information for as long as:

• Your account remains active and you continue to use the App.
• Necessary to provide you the services described herein.
• Required to comply with our legal obligations, resolve disputes, and enforce agreements.

Specific retention periods:

• Account data — Retained until you request deletion or your account is terminated.
• Test results and rankings — Retained for historical leaderboard purposes and may persist after account deletion in anonymised or aggregated form.
• Logs and security data — Retained for up to 180 days for security and debugging purposes.
• Ask Lexa conversations — Chat messages with Ask Lexa are retained for up to 90 days for service improvement and quality assurance, after which they are automatically deleted.
• AI-generated content cache — Cached AI responses (Detailed Discussion, Clinical Points, Exam Pearls) are retained indefinitely to improve service performance. This content is linked to question IDs, not to individual user accounts.
• Text highlights — Your text highlights and annotations are retained for as long as your account is active. They are deleted upon account deletion.
• Push notification tokens — Device push tokens are retained for as long as your account is active and notifications are enabled. Tokens are automatically refreshed by the operating system.
• Copyright complaint records — Retained for the duration necessary for compliance and legal purposes.

7. Your Rights

In accordance with the DPDP Act, 2023, and other applicable laws, you have the right to:

• Access — Request a summary of the personal data we hold about you and how it is being processed.
• Correction — Request correction or updating of inaccurate or incomplete personal data.
• Erasure — Request deletion of your account and associated personal data, subject to our retention obligations under law.
• Withdrawal of Consent — Withdraw your consent for data processing at any time by emailing us at [email protected] with the subject line "Withdraw Consent" and your registered phone number. Note that withdrawal of consent may affect your ability to use the App and may require account termination.
• Grievance Redressal — Lodge a complaint with our Grievance Officer (see Section 13) or with the Data Protection Board of India.
• Nomination — Nominate another individual to exercise your rights in the event of your death or incapacity, as provided under the DPDP Act.

To exercise any of these rights, please email us at [email protected] with your request and your registered phone number for identity verification. We will acknowledge your request within 24 hours and endeavour to act upon it within the period prescribed by applicable law.

8. Anonymous Community Contributions — No Contributor Data

Specifically:

• We do not collect the name, email, phone number, IP address, device identifier, or any other personal data of content contributors at the time of contribution.
• We do not maintain any logs, records, or metadata linking any specific question, answer, or explanation to any identifiable individual.
• We do not have the technical capability to identify the contributor of any specific piece of content, as this information was never collected.
• Requests for contributor identity — whether from individuals, organisations, or legal authorities — cannot be fulfilled because such data does not exist in our systems.

This design choice reflects our commitment to contributor privacy and our role as a neutral intermediary platform under Section 79 of the Information Technology Act, 2000.

9. Copyright Complaints, Takedown Requests, and Legal Requests

If you believe any content on the App infringes your copyright or proprietary rights, you may submit a takedown request through our dedicated Content Takedown Request page or by emailing [email protected].

Upon receiving a valid takedown request, we will acknowledge receipt within 24 hours and remove or disable access to the reported content within 36 hours of verification.

Important: As stated in Section 8 above, we are unable to provide any information about the identity of content contributors in response to takedown requests or legal inquiries, as such information does not exist in our systems. Our response to valid complaints is limited to taking action on the content itself (removal, restriction, or modification).

If you submit a copyright complaint, we may collect and process the information you provide (your name, contact details, organisation, details of the work claimed, screenshots, correspondence, and supporting documents) for the purpose of reviewing and resolving the complaint. We may share such information with our legal advisers or competent authorities where reasonably necessary.

We may retain records of complaints, notices, actions taken, and related correspondence for compliance, dispute resolution, and evidentiary purposes for as long as reasonably necessary or as required by law.

10. Cookies and Similar Technologies

The App may use local storage, session tokens, and similar technologies to maintain your login session, store preferences, and enable offline functionality. These are essential for the App's operation and cannot be disabled without affecting functionality.

11. Third-Party Links and Services

The App may contain links to third-party websites or services. We are not responsible for the privacy practices, content, or security of any third-party sites or services. We encourage you to review the privacy policies of any third-party services before providing personal information.

12. Image-Based Content, Third-Party Image Credits, and Fair Dealing

12.1 Types of Image Data

The App features image-based medical questions that utilise clinical photographs, radiological images (X-rays, CT scans, MRIs), histopathology slides, dermatological images, ECG tracings, and other medical imagery. In connection with these images, the App processes and displays the following data:

• Image files — The image itself, which may be resized, compressed, or adapted for mobile display.
• Attribution metadata — The original author/creator name, licence type, and source URL, displayed alongside or accessible from the image within the question interface.
• Question context — The educational question, answer options, and explanatory text associated with the image.

We do not collect, store, or process any personal data of the individuals depicted in clinical photographs. All medical images used are sourced from openly licensed repositories where patient consent and de-identification have been handled by the original publisher.

12.2 Sources and Licensing

Images are sourced from the following categories:

• Wikimedia Commons (commons.wikimedia.org) — a repository of freely licensed and public domain media files.
• Open-access medical journals and repositories — images published under open-access licences permitting educational reuse.
• Public domain medical atlases and government health publications — images in the public domain or published by government bodies for public educational use.
• Original content — images created, commissioned, or owned by Pre PG: MCQ Practice App.

Third-party images are used under their respective open licences, including but not limited to:

• Creative Commons Attribution-ShareAlike (CC BY-SA 2.0, 3.0, 4.0)
• Creative Commons Attribution (CC BY 2.0, 3.0, 4.0)
• Creative Commons Zero (CC0 1.0) — Public Domain Dedication
• Public Domain (including works where copyright has expired or been waived)

12.3 Attribution and Compliance

Individual image attributions — including the original author/photographer, licence type, and source — are displayed alongside each image within the App. We do not claim ownership of third-party images. All credits and attributions are preserved and displayed as required by the applicable licence terms.

Where an image's licence requires that derivative works be shared under the same or compatible licence (share-alike), we comply with such obligations to the extent applicable. If any attribution is found to be incomplete or inaccurate, we will correct it promptly upon notification.

12.4 Fair Dealing Defence (Section 52, Copyright Act, 1957)

Our use of such images is strictly non-commercial, educational, and supplementary in nature. Images are used in the context of individual examination-style questions to aid medical student preparation — not as standalone reproductions or substitutes for the original source works.

12.5 Medical Imagery and Patient Privacy

All clinical photographs and medical images used in the App are sourced from openly licensed repositories where:

• Patient consent for educational publication has been obtained by the original author or institution.
• Images have been de-identified in accordance with applicable medical ethics and privacy standards.
• No personally identifiable patient information is accessible through or derivable from the images as displayed in the App.

We do not independently obtain patient consent, as the images have already been published under open licences by their original creators with appropriate consent and de-identification measures in place. If you believe any image in the App contains identifiable patient information, please contact us immediately at [email protected] and we will remove it within 24 hours.

12.6 User Acknowledgment

By using the App, you acknowledge and agree that:

• The App contains third-party images used under open licences and/or fair dealing provisions for educational purposes.
• You will not download, extract, redistribute, republish, or commercially exploit any images from the App without independently verifying and complying with the applicable licence terms.
• Image availability, attributions, and associated content may change at any time without notice as part of ongoing compliance efforts.
• Clinical images in the App are for educational purposes only and must not be used for diagnosis, treatment, or patient care.

12.7 Image Takedown

If you are the copyright holder of any image used in the App and believe that your rights have been infringed, please contact us at [email protected] with details of the image and your ownership claim. We will acknowledge your request within 24 hours and take appropriate action — including correction of attribution or removal — within 36 hours of verification. For full takedown procedures, see our Terms of Service or Content Takedown Request page.

13. Children's Privacy

The App is designed for medical students and professionals preparing for postgraduate examinations. We do not knowingly collect personal information from children under the age of 18. If we become aware that we have collected data from a person under 18 without verifiable parental consent, we will take steps to delete it promptly. If you believe that a minor has provided us with personal data, please contact us.

14. Data Breach Notification

In the event of a personal data breach that is likely to cause harm to you, we shall:

• Notify the Data Protection Board of India in accordance with the timelines prescribed under the DPDP Act, 2023.
• Notify affected users as required by applicable law.
• Take immediate steps to contain and remediate the breach.
• Maintain a record of all data breaches, including their effects and remedial actions taken.

15. Grievance Officer

In accordance with the Information Technology Act, 2000, the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021, and the DPDP Act, 2023, the name and contact details of the Grievance Officer who can be contacted with respect to any complaints or concerns regarding the processing of personal data are:

16. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of significant changes through the App or by other appropriate means. The "Last updated" date at the top of this Policy indicates when it was last revised. Continued use of the App after changes constitutes acceptance of the updated Policy.

17. Contact Us

Effective: February 2026 • Pre PG: MCQ Practice App