Legal

Privacy Policy

Last updated: March 2026

Summary

We collect only what is necessary to run the Service. We do not sell your data. Your case results are stored to power your personal progress dashboard. You can request deletion of your account and all associated data at any time.

1. Who We Are

Rounds is an AI-powered clinical education platform. This Privacy Policy explains how we collect, use, and protect your personal information when you use the Service.

2. What Data We Collect

We collect the following categories of data:

Account Data

Email address, full name, profile photo (if signing in via Google)

Usage Data

Cases completed, scores, time spent, hints used, specialties attempted

Interaction Data

Anonymised transcripts of simulator conversations for service improvement

Technical Data

Browser type, device type, IP address (via Supabase infrastructure)

We do not collect payment card information, government IDs, or any sensitive health information about you personally.

3. How We Use Your Data

  • To provide and operate the Service (authentication, case sessions, grading)
  • To display your personal progress dashboard and analytics
  • To improve the AI models and scenario quality using anonymised interaction data
  • To send transactional emails (account confirmation, password reset) — no marketing emails without explicit consent
  • To comply with legal obligations

4. Data Storage & Sub-processors

Your data is stored and processed using the following third-party services:

Supabase

Authentication, database storage, and row-level security. Hosted on AWS. Supabase Privacy Policy applies.

Google Gemini API

AI model used to generate patient responses and grading. Only the content of your simulator prompts is sent — no personally identifiable information is included in these requests.

Vercel / Render

Frontend and backend hosting infrastructure.

5. Data Retention

We retain your account data for as long as your account is active. Case result data is retained to power your progress dashboard. If you delete your account, all associated personal data is permanently deleted within 30 days.

6. Your Rights

You have the right to:

  • Access — request a copy of the data we hold about you
  • Correction — request correction of inaccurate data
  • Deletion — request deletion of your account and all associated data
  • Portability — request your case history data in a machine-readable format
  • Objection — object to use of your data for service improvement purposes

To exercise these rights, contact us through the platform or email us directly. We will respond within 30 days.

7. Cookies

The Service uses only essential cookies required for authentication (session tokens managed by Supabase). We do not use advertising or tracking cookies. No third-party advertising networks have access to your data.

8. Children

The Service is intended for users aged 18 and above (or the age of medical school enrolment in your jurisdiction). We do not knowingly collect data from minors.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify registered users of material changes via email. Continued use of the Service after changes constitutes acceptance.

10. Contact

For any privacy-related requests or questions, please contact us through the platform. We are committed to resolving concerns promptly.

Terms of Service →← Back to Home