ShiftPrep

Privacy Notice

Last updated: April 17, 2026

1. Who we are

ShiftPrep is operated by HealthCareShiftPrep ("we", "us"). We are the data controller for personal data we process about users of our website and services (the "Service"). Contact us at 76georgechirac@gmail.com.

2. What we collect

  • Account data: name, email, password hash, role/specialty/setting you select during onboarding.
  • Service content: mock interview answers, saved STAR responses, AI feedback we generate for you.
  • Usage data: pages visited, features used, sessions, basic device and browser info, IP address.
  • Support messages: anything you send us by email or in-app.
  • Subscription data: plan, status, renewal dates. Card numbers are handled by Paddle and never reach our servers.

3. How and why we use it

  • Provide the Service — create your account, run mock interviews, store your answers, generate AI feedback. Legal basis: performance of contract.
  • Security and fraud prevention — detect abuse, secure accounts. Legal basis: legitimate interests.
  • Product improvement — aggregated, de-identified analytics. Legal basis: legitimate interests.
  • Customer support — respond to your messages. Legal basis: performance of contract / legitimate interests.
  • Legal compliance — tax records, responding to lawful requests. Legal basis: legal obligation.

4. Who we share data with

  • Hosting and database: our cloud infrastructure provider hosts the application and database that powers the Service.
  • AI providers: we route prompts and answers through an AI gateway to large language model providers (e.g. Google, OpenAI) to generate feedback. They process the data to return a response and do not use it to train their models.
  • Paddle (Merchant of Record): our payment provider Paddle.com processes orders, payments, tax, invoicing, subscription management, and refunds. See Paddle's Privacy Notice.
  • Email delivery: a transactional email provider sends receipts, reminders, and account emails on our behalf.
  • Professional advisers: accountants and lawyers, where needed.
  • Authorities: where required by law or to protect rights and safety.

5. International transfers

Our providers may process data outside your country, including in the United States. Where required, transfers rely on appropriate safeguards such as Standard Contractual Clauses or adequacy decisions.

6. Retention

We keep account and Service data while your account is active. After deletion or prolonged inactivity, we delete or anonymize personal data within a reasonable period, except where law requires longer retention (e.g. tax records held by Paddle).

7. Your rights

Depending on where you live, you may have the right to access, rectify, delete, restrict, or port your personal data; to object to processing; to withdraw consent; and to complain to your local data protection authority. To exercise these rights, email 76georgechirac@gmail.com. We respond within one month.

8. Security

We use appropriate technical and organisational measures to protect your data, including encryption in transit, access controls, hashed passwords, and row-level security on our database. No system is perfectly secure; please use a strong, unique password.

9. Cookies

We use essential cookies and local storage to keep you signed in and remember your preferences. We may use limited analytics to understand product usage. We do not run advertising cookies.

10. Children

The Service is intended for adults pursuing healthcare careers and is not directed at children under 16.

11. Changes

We may update this notice. Material changes will be communicated through the Service or by email. See also our Terms & Conditions.