Privacy Policy
We take your privacy seriously. This policy explains what data we collect, how we use it, and your rights.
Last updated: March 27, 2026
1. Who We Are
SlabED ("we," "us," "our") operates the educational platform at slabed.health. We help eye care professionals develop skills in en face OCT interpretation. For privacy inquiries, contact us at privacy@slabed.health.
2. Data We Collect
We collect the following categories of data:
Account Information
- Full name and email address (collected at registration)
- Encrypted password (we never store plaintext passwords)
- Account creation date and last login
Learning Progress
- Which modules you have completed
- Placement test responses (to personalize your learning path)
- Course completion timestamps
Usage & Analytics
- Pages visited, features used, and time on platform
- Device type (desktop/mobile) and browser type
- Referring website and UTM campaign parameters
- IP address (stored anonymized after analytics processing)
Communications
- Email address used for account creation (also used for transactional and educational emails)
- Newsletter subscription status (opt-in only)
3. How We Use Your Data
We use your data to:
- Provide the service: Create and maintain your account and track your learning progress.
- Personalize your experience: Use placement test results to recommend a starting point in the curriculum.
- Send educational emails: Onboarding sequences, course reminders, and study tips. You can unsubscribe at any time.
- Operate the platform: Ensure platform security, prevent abuse, and enforce our Terms of Service.
- Improve the platform: Analyze aggregate usage patterns to improve course design and platform performance.
- Legal compliance: Meet obligations under applicable law, resolve disputes, and enforce our Terms of Service.
We do not sell your personal data. We do not share your data with third parties for advertising purposes.
4. Third-Party Services
We use the following trusted third-party services:
| Service | Purpose | Data Shared |
|---|---|---|
| Postmark | Transactional email delivery | Email address, name |
| Render | Cloud hosting infrastructure | Server logs (IP, requests) |
| Neon | Database hosting (PostgreSQL) | All account & progress data |
5. Cookies & Tracking
We use the following cookies:
- Authentication cookie: A secure, httpOnly cookie storing your JWT session token. Required for login to work. Expires after 30 days or on logout.
- Analytics session: A session identifier used to group page views within a single visit. Not linked to your account unless you log in. Stored in localStorage.
We do not use advertising cookies, pixel trackers, or third-party analytics scripts (no Google Analytics, Meta Pixel, etc.).
6. Data Retention
We retain your data as follows:
- Account data: Retained while your account is active, plus 2 years after deletion (for billing dispute resolution).
- Learning progress: Retained for the lifetime of your account.
- Analytics events: Aggregated and anonymized after 12 months.
- Payment records: Retained for 7 years to comply with tax and financial regulations.
7. Your Rights (CCPA & GDPR)
Depending on your jurisdiction, you may have the following rights:
- Right to access: Request a copy of the personal data we hold about you.
- Right to correct: Request correction of inaccurate data.
- Right to delete: Request deletion of your account and associated personal data ("right to be forgotten").
- Right to portability: Request an export of your data in a machine-readable format.
- Right to opt out: Unsubscribe from non-essential emails at any time via the unsubscribe link or by contacting us.
- Right to non-discrimination: We will not discriminate against you for exercising your privacy rights.
To exercise any of these rights, email privacy@slabed.health. We will respond within 30 days.
8. Security
We use industry-standard security measures including encrypted HTTPS connections, bcrypt password hashing, secure httpOnly cookies, and access controls on our database. No system is 100% secure — if you believe your account has been compromised, contact us immediately at security@slabed.health.
9. Children's Privacy
SlabED is intended for healthcare professionals age 18 and over. We do not knowingly collect personal information from minors. If you believe a minor has created an account, contact us at privacy@slabed.health for immediate removal.
10. Changes to This Policy
We may update this Privacy Policy from time to time. Material changes will be communicated by email at least 14 days before they take effect. The "Last updated" date at the top of this page reflects the most recent revision.
11. Contact
Privacy questions or requests: privacy@slabed.health