OtoBoard Prep
Legal

Privacy Policy

Last updated: May 1, 2026

1. Overview

OtoBoard Prep respects user privacy and is committed to handling personal information in a transparent, lawful, and responsible manner.

This Privacy Policy explains how OtoBoard Prep collects, uses, stores, shares, protects, and deletes information when a user visits otoboardprep.com, creates an account, subscribes to the question bank, uses the platform, contacts support, or interacts with any related services that link to this Privacy Policy.

“OtoBoard Prep,” “we,” “us,” and “our” refer to the operator of the OtoBoard Prep website and services. “User,” “you,” and “your” refer to any person who accesses or uses the Services.

For privacy questions or requests, contact: info@otoboardprep.com.

2. Quick Privacy Summary

This summary is for convenience only. The full Privacy Policy below controls.

CategoryExamplesMain purposeShared withTypical retention
Account informationName, display name, email, authentication identifiersAccount creation, login, support, securityHosting, authentication, email providersWhile account is active and as needed afterward
Educational profileSpecialty, training level, country, exam goals, institutionPersonalization, analytics, supportService providers where neededWhile account is active
Subscription dataPlan, status, renewal date, payment confirmation, invoicesBilling, access control, accountingPayment processors, accounting/tax providersAs required for legal, tax, and dispute purposes
Usage and performance dataQuestions answered, scores, timing, flagged questions, test historyQBank functionality, progress tracking, analyticsHosting, database, analytics providersWhile account is active, then archived or deleted
Device and log dataIP address, browser, operating system, device type, logsSecurity, fraud prevention, debuggingHosting, security, analytics providersLimited rolling periods unless needed for security or legal
CommunicationsEmails, support requests, feedbackSupport, troubleshooting, product improvementEmail/support providersAs long as needed for support and legal records
CookiesSession cookies, preferences, analyticsLogin, security, preferences, analyticsCookie/analytics providers where usedSession to defined cookie duration

3. Scope of This Policy

This Privacy Policy applies to:

  1. The OtoBoard Prep website at otoboardprep.com and any related subdomains;
  2. The OtoBoard Prep web application and any future mobile or progressive web applications;
  3. Account registration, login, authentication, and account-management features;
  4. Subscription, payment, billing, refund, and cancellation workflows;
  5. Question-bank usage, test creation, review mode, performance dashboards, and study analytics;
  6. Email, support, feedback, and administrative communications;
  7. Cookies, analytics, security monitoring, and similar technologies; and
  8. Any other service that links to this Privacy Policy.

This Privacy Policy does not apply to third-party websites, applications, payment processors, app stores, institutions, or services that OtoBoard Prep does not control, even if they are linked from the Services.

4. Definitions

For purposes of this Privacy Policy:

  • Account means the registered user profile used to access the Services.
  • Cookies means cookies, pixels, local storage, software development kits, web beacons, and similar technologies.
  • Personal Data or Personal Information means information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked to an identifiable person.
  • Processing means any operation performed on Personal Data, including collection, storage, use, disclosure, transfer, deletion, or analysis.
  • Services means the OtoBoard Prep website, web application, question bank, subscription services, communications, and related offerings.
  • Service Provider means a vendor, processor, contractor, or third party that processes data on behalf of OtoBoard Prep.
  • Sensitive Data means categories of data that receive heightened protection under applicable law, such as health data, government identifiers, biometric data, precise geolocation, financial account details, or data about minors.

5. Information We Collect

OtoBoard Prep may collect the following categories of information.

5.1 Account Information

When a user creates an account, we may collect:

  • Name or display name;
  • Email address;
  • Password, password hash, or authentication identifier;
  • Login credentials or authentication tokens;
  • Account status, role, subscription status, and access permissions;
  • Date of registration and account activity logs.

5.2 Educational and Professional Information

If a user provides it, we may collect:

  • Specialty or area of interest, such as otolaryngology / ENT;
  • Training level, such as student, intern, resident, fellow, attending, or consultant;
  • Institution, hospital, program, or country of training or practice;
  • Exam goals, study goals, or preferred subspecialty areas;
  • User role within the platform, such as resident, author, editor, administrator, or other authorized role.

5.3 Subscription and Billing Information

When a user subscribes or attempts to subscribe, we may collect:

  • Selected plan and subscription term;
  • Subscription status;
  • Start date, expiration date, renewal date, cancellation date, and payment status;
  • Invoice numbers, order IDs, transaction IDs, and receipt metadata;
  • Currency, amount paid, taxes, discounts, promo codes, and refund status;
  • Limited payment metadata received from payment processors, such as card brand, last four digits, billing country, or payment confirmation token.

OtoBoard Prep does not intentionally store complete payment card numbers, CVV codes, or full bank account details. Payment information is processed by third-party payment providers subject to their own privacy and security practices.

5.4 Usage, Study, and Performance Data

When a user uses the question bank, we may collect:

  • Questions viewed, attempted, skipped, flagged, or answered;
  • Selected answers and correct/incorrect status;
  • Test mode, test length, subspecialty selection, timing, and completion status;
  • Time spent per question, per test, and across sessions;
  • Review history, explanation views, and performance trends;
  • Study progress, score history, percentile or comparative analytics where offered;
  • Feature interactions, dashboard activity, and navigation patterns.

5.5 Device, Technical, and Log Data

We may automatically collect:

  • IP address;
  • Browser type and version;
  • Operating system;
  • Device type;
  • Language and time-zone settings;
  • Referring and exit pages;
  • Pages viewed and features used;
  • Session duration and timestamps;
  • Error logs, crash reports, and diagnostic data;
  • Security logs, authentication events, and suspicious activity signals.

5.6 Communications and Support Data

If a user contacts OtoBoard Prep, we may collect:

  • Email address and message content;
  • Support requests, feedback, correction requests, and complaints;
  • Attachments or screenshots voluntarily submitted by the user;
  • Our responses and support history.

5.7 User-Generated Content

Where platform features permit, users may submit notes, feedback, error reports, question correction requests, suggested content, comments, or other materials. Users must not submit patient identifiers, confidential examination material, copyrighted material they do not have permission to share, or any unlawful content.

5.8 Cookies and Similar Technologies

We collect information using cookies and similar technologies as described in the Cookie Notice.

5.9 Future AI Feature Data

If OtoBoard Prep introduces AI-assisted educational features, we may collect prompts, outputs, interaction metadata, quality feedback, and technical logs related to those features. Users must not submit patient data, confidential data, or identifiable third-party information to any AI feature.

6. Information We Do Not Intentionally Collect

OtoBoard Prep is an educational question-bank platform. It is not designed to collect patient data or provide clinical care. Users must not upload, enter, transmit, or submit:

  1. Patient names;
  2. Medical record numbers;
  3. National ID numbers or government identifiers;
  4. Dates of birth linked to real patients;
  5. Patient phone numbers, addresses, photographs, videos, radiology images, pathology slides, or documents containing identifiers;
  6. Protected Health Information, health records, or identifiable health data;
  7. Confidential hospital, institutional, employer, or examination material;
  8. Any Sensitive Data of another person without a clear lawful basis and authorization.

If OtoBoard Prep becomes aware that such information has been submitted, we may delete, de-identify, restrict, or remove it without notice, and we may suspend or terminate the responsible account.

7. Sources of Information

OtoBoard Prep collects information from:

  1. The user directly;
  2. The user's interaction with the Services;
  3. Authentication systems;
  4. Payment processors;
  5. Hosting, database, analytics, security, and email service providers;
  6. Institutional or group-license administrators, if applicable;
  7. Publicly available sources, where legally permitted and relevant to fraud prevention, security, or legal compliance.

8. How We Use Information

OtoBoard Prep uses Personal Data for the following purposes:

  1. Creating, verifying, maintaining, and securing accounts;
  2. Providing access to the question bank and related features;
  3. Enforcing subscription restrictions and access permissions;
  4. Creating tests, saving answers, tracking progress, and generating performance analytics;
  5. Processing payments, renewals, cancellations, refunds, invoices, and receipts;
  6. Detecting and preventing fraud, abuse, account sharing, scraping, automated access, and unauthorized redistribution of content;
  7. Protecting platform security, intellectual property, and legal rights;
  8. Responding to support requests, complaints, correction requests, and technical issues;
  9. Improving content, features, design, reliability, and user experience;
  10. Conducting analytics, quality assurance, debugging, and internal reporting;
  11. Sending transactional, security, service, and policy communications;
  12. Sending marketing communications where permitted by law or with consent where required;
  13. Complying with legal, regulatory, tax, accounting, and payment obligations;
  14. Handling disputes, chargebacks, investigations, and enforcement actions;
  15. Creating aggregated, anonymized, or de-identified analytics and reports;
  16. Supporting business transactions such as merger, acquisition, restructuring, financing, or transfer of the platform.

9. Legal Bases for Processing

Where applicable law requires a legal basis for processing Personal Data, OtoBoard Prep relies on one or more of the following:

  1. Performance of contract — to provide the Services, manage accounts, deliver subscriptions, and process payments;
  2. Consent — for certain optional profile information, marketing communications, non-essential cookies, or AI features where legally required;
  3. Legitimate interests — to operate, secure, improve, and protect the Services, prevent fraud, protect intellectual property, and communicate with users;
  4. Legal obligation — to comply with applicable laws, regulations, accounting duties, tax duties, court orders, or lawful requests;
  5. Establishment, exercise, or defense of legal claims — to protect rights, enforce agreements, and resolve disputes;
  6. Vital interests or public interest — only in limited circumstances where applicable law permits or requires it.

Where Sensitive Data is processed, OtoBoard Prep will rely on explicit consent or another legally permitted basis if required by applicable law. OtoBoard Prep does not intentionally request patient health data from users.

10. Cookies and Tracking Technologies

OtoBoard Prep uses cookies and similar technologies for:

  1. Login and authentication;
  2. Session security;
  3. User preferences;
  4. Fraud and abuse prevention;
  5. Analytics and platform improvement;
  6. Payment and checkout functionality;
  7. Error monitoring and performance measurement.

Strictly necessary cookies are required for the Services to function. Non-essential analytics or preference cookies may be subject to consent requirements depending on the user's jurisdiction. Users can control cookies through browser settings and, where available, through a cookie banner or cookie preference center. Disabling certain cookies may prevent login, subscription access, or platform functionality.

11. Analytics

OtoBoard Prep may use analytics tools to understand how users interact with the Services. Analytics data may include pages visited, actions taken, session duration, feature usage, browser type, device type, and approximate location inferred from IP address.

Where feasible, analytics data is aggregated, anonymized, or pseudonymized. Where consent is required by applicable law, non-essential analytics will be used only with appropriate consent.

12. Payments and Payment Processors

Payments are handled by third-party payment processors. OtoBoard Prep may receive payment confirmation, subscription status, transaction ID, card brand, last four digits, invoice metadata, and related records needed to manage the subscription.

OtoBoard Prep does not control the privacy and security practices of payment processors. Users should review the payment processor's privacy policy and terms. OtoBoard Prep is not responsible for payment processor failures, bank fees, currency conversion fees, rejected payments, chargebacks, or payment-method restrictions, except where applicable law provides otherwise.

13. How We Share Information

OtoBoard Prep may share Personal Data with:

  1. Hosting and infrastructure providers;
  2. Database and storage providers;
  3. Authentication providers;
  4. Payment processors and billing platforms;
  5. Email and communication service providers;
  6. Analytics, error monitoring, and performance tools;
  7. Security, anti-fraud, and abuse-prevention providers;
  8. Customer support tools;
  9. Legal, tax, accounting, and professional advisors;
  10. Courts, regulators, law-enforcement authorities, or government bodies where required or permitted by law;
  11. Successors, purchasers, investors, or advisors in connection with a merger, acquisition, financing, restructuring, insolvency, asset sale, or similar transaction;
  12. Institutional or group-license administrators, if the user receives access through an organization;
  13. Other parties with the user's consent or direction.

Service Providers are expected to process Personal Data only for authorized purposes and under appropriate confidentiality and security obligations.

14. No Sale of Personal Data

OtoBoard Prep does not sell Personal Data for money. OtoBoard Prep also does not knowingly share Personal Data for cross-context behavioral advertising as defined under certain privacy laws.

If OtoBoard Prep changes its practices in a way that qualifies as a “sale” or “sharing” under applicable privacy law, it will update this Privacy Policy and provide required notices and choices.

15. International Data Transfers

OtoBoard Prep may use service providers located in countries other than the user's country of residence. As a result, Personal Data may be processed in jurisdictions with different data protection laws.

Where required by law, OtoBoard Prep will use appropriate safeguards for cross-border transfers, such as contractual protections, vendor due diligence, transfer assessments, data minimization, encryption, and other legally recognized mechanisms.

For users whose data is subject to Saudi Arabia's Personal Data Protection Law, international transfers will be handled in accordance with applicable Saudi personal-data transfer rules and any required safeguards.

16. Data Retention

OtoBoard Prep retains Personal Data only for as long as reasonably necessary, including:

  1. While the account is active;
  2. While the user maintains a subscription;
  3. As needed to provide study history, performance analytics, and account functionality;
  4. As needed for support, security, fraud prevention, and abuse detection;
  5. As needed for legal, tax, accounting, audit, payment, chargeback, and dispute purposes;
  6. As needed to enforce the Terms of Use and protect intellectual property;
  7. As required by law.

After retention is no longer necessary, OtoBoard Prep will delete, anonymize, or de-identify Personal Data, unless continued retention is legally required or reasonably necessary for legitimate business or legal purposes. Backup copies may persist for limited periods before being overwritten or deleted in accordance with backup cycles.

17. Security

OtoBoard Prep uses reasonable administrative, technical, and organizational safeguards designed to protect Personal Data. These safeguards may include encryption in transit, password hashing, access controls, role-based permissions, logging, monitoring, secure hosting, backup practices, and vendor review.

No website, application, database, network, or transmission method is completely secure. OtoBoard Prep cannot guarantee absolute security. Users are responsible for keeping their login credentials confidential and promptly notifying OtoBoard Prep of suspected unauthorized access.

If OtoBoard Prep becomes aware of a personal-data breach requiring notification, it will notify affected users and competent authorities where required by applicable law.

18. User Privacy Rights

Depending on applicable law, users may have the right to:

  1. Request access to Personal Data;
  2. Request correction of inaccurate Personal Data;
  3. Request deletion of Personal Data;
  4. Request restriction of processing;
  5. Object to certain processing;
  6. Withdraw consent where processing is based on consent;
  7. Request data portability;
  8. Opt out of marketing communications;
  9. Lodge a complaint with a competent data protection authority;
  10. Appeal or request review of certain privacy decisions where applicable.

To exercise privacy rights, contact: info@otoboardprep.com. OtoBoard Prep may need to verify the requester's identity before fulfilling a request. Some requests may be denied or limited where permitted by law, such as when retention is required for security, legal, tax, accounting, fraud-prevention, dispute, or contractual reasons.

19. Saudi Arabia Privacy Notice

Where Saudi Arabia's Personal Data Protection Law and related regulations apply, OtoBoard Prep processes Personal Data in accordance with principles such as transparency, purpose limitation, data minimization, accuracy, security, accountability, and lawful processing.

Users may have rights to be informed, access Personal Data, request correction, request destruction, obtain a copy of Personal Data, and withdraw consent where consent is the legal basis, subject to applicable conditions and exceptions.

Privacy requests may be sent to: info@otoboardprep.com. Users may also have the right to complain to the competent Saudi authority where applicable.

20. EEA / UK / Switzerland Notice

If a user is located in the European Economic Area, the United Kingdom, or Switzerland, the user may have rights under applicable data protection laws, including rights of access, correction, deletion, restriction, portability, objection, withdrawal of consent, and complaint to a supervisory authority.

OtoBoard Prep relies on the legal bases described in Section 9. If OtoBoard Prep is legally required to appoint a representative or Data Protection Officer for a relevant jurisdiction, it will update this Privacy Policy with the required details.

21. California and U.S. State Privacy Notice

If a user is a resident of California or another U.S. state with applicable privacy rights, the user may have rights to know, access, correct, delete, obtain a portable copy, opt out of certain processing, and not be discriminated against for exercising privacy rights.

OtoBoard Prep does not currently sell Personal Data or knowingly share Personal Data for cross-context behavioral advertising. If this changes, OtoBoard Prep will provide any legally required opt-out mechanism.

OtoBoard Prep has collected the categories of Personal Data described in Section 5 for the purposes described in Section 8 and disclosed them to the categories of recipients described in Section 13.

22. Children's Privacy

The Services are intended for adults and healthcare learners or professionals. The Services are not directed to children or minors.

Users must be at least 18 years old, or the age of legal majority in their jurisdiction if higher. OtoBoard Prep does not knowingly collect Personal Data from children. If OtoBoard Prep becomes aware that a minor has created an account or submitted Personal Data without legally valid consent, OtoBoard Prep may delete the information and terminate the account.

23. Marketing Communications

OtoBoard Prep may send service-related communications, including login, security, billing, policy, subscription, and support messages. These are necessary for operation of the Services and cannot generally be opted out of while the user maintains an account.

OtoBoard Prep may also send marketing emails where permitted by law or with consent where required. Users may unsubscribe from marketing emails using the unsubscribe link or by contacting info@otoboardprep.com.

24. User Responsibilities

Users are responsible for:

  1. Providing accurate account information;
  2. Keeping login credentials secure;
  3. Not sharing accounts;
  4. Not submitting patient data or confidential third-party information;
  5. Using the Services lawfully;
  6. Keeping their own copies of information they need outside the platform;
  7. Promptly notifying OtoBoard Prep of suspected unauthorized access.

25. Changes to This Privacy Policy

OtoBoard Prep may update this Privacy Policy from time to time. Updates will be posted with a new “Last Updated” date. Where required by law, OtoBoard Prep will provide additional notice or request consent.

Continued use of the Services after an updated Privacy Policy becomes effective means that the user accepts the updated Privacy Policy, except where applicable law requires additional consent.

26. Contact

For privacy questions, data requests, complaints, or notices, contact:

OtoBoard Prep
Email: info@otoboardprep.com
Website: otoboardprep.com