Privacy Policy

PLABpass ("we", "us", "our") operates the website https://plabpass.app and provides an online PLAB examination preparation platform. We are committed to protecting your personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

For data protection enquiries, contact us at: support@plabpass.app

We collect the following personal data when you use PLABpass:

• Account information: Full name, email address, password (encrypted)
• Profile information: Country of residence, target exam date, target score
• Usage data: Questions answered, accuracy scores, study streaks, session history
• Payment information: Handled securely by Stripe — we do not store card details
• Technical data: IP address, browser type, device information, cookies
• Communications: Messages sent to our support team

We use your personal data to:

• Provide and improve our exam preparation platform
• Personalise your learning experience and track your progress
• Process payments and manage your subscription
• Send essential service emails (account verification, password reset, payment receipts)
• Respond to support requests
• Comply with legal obligations
• Send product updates and offers (only with your consent — you can opt out at any time)

We process your data under the following legal bases:

• Contract: To provide the services you have signed up for
• Legitimate interests: To improve our platform and prevent fraud
• Consent: For marketing communications and non-essential cookies
• Legal obligation: To comply with UK law, including tax and financial regulations

We do not sell your personal data. We share data only with trusted service providers necessary to operate PLABpass:

• Stripe — payment processing (PCI-DSS compliant)
• Resend — transactional email delivery
• Vercel — website hosting (EU/US data centres)
• Railway — database and backend hosting
• Anthropic — AI features (PLAB 2 roleplay, Clinical Cases)

All processors are bound by data processing agreements and comply with UK GDPR requirements.

We use the following types of cookies:

• Essential cookies: Required for the platform to function (authentication, preferences)
• Analytics cookies: Help us understand how users interact with PLABpass (only with consent)

You can manage cookie preferences via the cookie banner on first visit or through your browser settings.

We retain your personal data for as long as your account is active. If you delete your account:

• Account and profile data is deleted within 30 days
• Payment records are retained for 7 years (UK tax law requirement)
• Anonymised usage statistics may be retained indefinitely

Under UK GDPR, you have the right to:

• Access — request a copy of your personal data
• Rectification — correct inaccurate data
• Erasure — request deletion of your data ("right to be forgotten")
• Restriction — limit how we process your data
• Portability — receive your data in a portable format
• Object — object to processing based on legitimate interests
• Withdraw consent — at any time for consent-based processing

To exercise any of these rights, email support@plabpass.app. We will respond within 30 days.

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.

We implement appropriate technical and organisational measures to protect your data, including:

• All data transmitted over HTTPS/TLS encryption
• Passwords hashed using industry-standard algorithms
• Database access restricted to authorised personnel only
• Regular security reviews

Some of our service providers (Vercel, Railway, Anthropic) may process data in the United States. These transfers are carried out under appropriate safeguards including Standard Contractual Clauses (SCCs) approved by the UK Information Commissioner.

PLABpass is intended for medical professionals and graduates aged 18 and over. We do not knowingly collect data from anyone under 18. If you believe a minor has created an account, please contact us immediately.

We may update this privacy policy from time to time. We will notify you of significant changes by email or via a notice on the platform. Continued use of PLABpass after changes constitutes acceptance of the updated policy.

For any privacy-related questions or to exercise your rights:

Email: support@plabpass.app
Website: https://plabpass.app