Privacy Policy

Last updated: November 30, 2025

1. Introduction

Prept ("we," "our," or "us") is a tutoring platform that connects students with qualified teachers for medical education. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our platform.

2. Information We Collect

2.1 Account Information

  • Email address (required for authentication)
  • Name (first and last name)
  • Date of birth
  • Gender
  • Profile picture
  • Location (city, state, country)
  • Role (Student or Teacher)

2.2 Teacher-Specific Information

  • Education history (medical school, residency, fellowship)
  • Years of experience
  • Teaching expertise and certifications
  • Test scores (MCAT, Step exams, etc.)
  • Professional links (LinkedIn, Google Scholar)
  • Bank account information (for payment processing via Stripe Connect)
  • Stripe Connect account information

2.3 Student-Specific Information

  • Educational aspirations
  • Current status
  • Strengths and weaknesses

2.4 Google Calendar Data

When teachers connect their Google Calendar, we access the following information:

  • Calendar events (read-only) to check availability and prevent double-booking
  • Calendar metadata (calendar name, timezone, description)
  • We create, update, and delete calendar events for bookings
  • OAuth tokens (encrypted and stored securely)

How we use Google Calendar data: We read your calendar events to calculate real-time availability and prevent scheduling conflicts. We create calendar events when students book lessons, update them when bookings are rescheduled, and delete them when bookings are cancelled. We do not share your calendar data with third parties or use it for advertising purposes.

2.5 Payment Information

  • Payment transaction details (processed securely through Stripe)
  • Booking and lesson information
  • Payment method information (handled by Stripe, not stored by us)

2.6 Usage Information

  • Booking history
  • Lesson notes and communications
  • Platform usage data

3. How We Use Your Information

  • To provide and maintain our tutoring platform services
  • To process payments and facilitate transactions between students and teachers
  • To manage calendar availability and prevent scheduling conflicts
  • To create, update, and delete calendar events for bookings
  • To communicate with you about your account, bookings, and platform updates
  • To verify teacher qualifications and certifications
  • To improve our platform and develop new features
  • To comply with legal obligations and enforce our terms of service

4. Data Storage and Security

We use industry-standard security measures to protect your information:

  • AWS DynamoDB: User profiles and booking data are stored in encrypted databases
  • AWS Cognito: Authentication data is managed securely
  • Encryption: OAuth tokens and sensitive credentials are encrypted before storage
  • Stripe: Payment information is processed securely through Stripe Connect (we do not store credit card numbers)
  • HTTPS: All data transmission is encrypted using SSL/TLS

5. Data Sharing and Disclosure

We do not sell your personal information. We may share your information only in the following circumstances:

  • Service Providers: We use third-party services (AWS, Stripe, Google) to operate our platform. These providers are contractually obligated to protect your data.
  • Teachers and Students: Basic profile information is shared between matched teachers and students for booking purposes
  • Legal Requirements: We may disclose information if required by law or to protect our rights and safety
  • Business Transfers: In the event of a merger or acquisition, your information may be transferred to the new entity

6. Google Calendar Integration

Our platform requires Google Calendar integration for teachers to manage their availability and bookings. When you connect your Google Calendar:

  • We request read-only access to view your calendar events to prevent double-booking
  • We request write access to create, update, and delete booking events
  • Your OAuth tokens are encrypted and stored securely
  • You can revoke access at any time by disconnecting your calendar in your account settings
  • We do not share your calendar data with third parties
  • We do not use your calendar data for advertising or marketing purposes

7. Your Rights and Choices

You have the following rights regarding your personal information:

  • Access: You can view and update your profile information at any time
  • Deletion: You can request deletion of your account and associated data
  • Calendar Access: You can disconnect your Google Calendar at any time, which revokes our access
  • Payment Information: Payment data is managed through Stripe Connect; you can update or remove payment methods through your Stripe account
  • Communication Preferences: You can opt out of non-essential communications

8. Data Retention

We retain your personal information for as long as your account is active or as needed to provide our services. If you delete your account, we will delete or anonymize your personal information, except where we are required to retain it for legal or regulatory purposes (such as payment transaction records).

9. Children's Privacy

Our platform is not intended for users under the age of 13. We do not knowingly collect personal information from children under 13. If you believe we have collected information from a child under 13, please contact us immediately.

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new Privacy Policy on this page and updating the "Last updated" date. You are advised to review this Privacy Policy periodically for any changes.

11. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us:

  • Email: jramoschen@medprept.com
  • Platform: Prept