Privacy Policy

Effective date: 28 February 2026

MedMMI ("we", "our", "us") is a medical interview preparation app operated by MedMMI. This policy explains what data we collect, why, and how we protect it.

1. Data We Collect

Account information: Email address and hashed password, used to create and secure your account.

Practice content: Transcribed interview answers, evaluation scores, feedback, and session history. Audio is transcribed on your device using Apple Speech Recognition — raw audio recordings are never sent to our servers.

Video recordings: Stored only on your device. Never uploaded to our servers.

Widening participation applications: School postcode, eligibility indicators (free school meals, household income band, first-in-family status), submitted voluntarily for free access consideration.

Support messages: Contact form submissions including your email and message text.

2. How We Use Your Data

AI evaluation: Your transcribed answers are sent to Anthropic's Claude API for scoring and feedback. Anthropic does not use API inputs for model training. See Anthropic's privacy policy.
Session sync: Practice scores and feedback are stored on our servers so you can access your history across devices.
Transactional email: We use Postmark to send password reset emails and support confirmations. See Postmark's privacy policy.
Benchmarking: Aggregated, anonymised scores are used to show percentile rankings. No individual answers are shared.
Community answers: If you choose to share an answer, it is stored anonymously (no user ID attached).

3. Data We Do NOT Collect

We do not track you across apps or websites
We do not collect device identifiers for advertising
We do not sell or share your data with data brokers
We do not use analytics or crash reporting SDKs

4. Third-Party Services

Anthropic (Claude API)	Processes answer transcripts for evaluation
Postmark	Sends transactional emails (password reset, support)
AWS App Runner	Hosts our backend API
Apple (StoreKit, Speech)	Handles purchases and on-device transcription

5. Data Storage & Security

Your data is stored in a PostgreSQL database hosted on Amazon Web Services (London, UK region). Passwords are hashed with bcrypt. API communication uses HTTPS. Authentication tokens (JWT) are stored in your device's Keychain.

6. Data Retention

Account data and session history are retained while your account is active. Video recordings are stored on-device only and automatically cleaned up after 30 days. You can request account deletion at any time by contacting us.

7. Your Rights

You may:

Request a copy of your data
Request deletion of your account and associated data
Withdraw consent for data processing

To exercise these rights, contact us at support@medintmmi.com.

8. Children's Privacy

MedMMI is intended for users aged 16 and over (prospective medical school applicants). We do not knowingly collect data from children under 16.

9. Changes to This Policy

We may update this policy from time to time. Material changes will be communicated through the app or via email.

10. Contact

For privacy questions or data requests, email support@medintmmi.com.