This Policy applies to any individual accessing or using our Services, including those who are browsing the Site or utilizing our training platform (including exam preparation, AI-driven scoring, and multi-modality reporting). For data protection purposes, m3 Academy acts as the “data controller,” determining how and why your personal data is processed.

Contact Information

For any questions regarding this Policy or the handling of your data, please refer to Section 10 or email us at [email protected].

We collect both personal and non-personal information to administer and improve our Services.

1. Personal Information

   • Identifying Data: Information that directly identifies you (e.g., name, email address, payment details).
   • User-Provided Data: Any data you submit during account registration, report submissions, exam preparation, or through interaction with our training modules.

2. Non-Personal Information

   • Technical Data: IP addresses, browser type, device information, and general usage details (e.g., page visits, time spent, interaction logs).
   • Derived Data: Aggregated or anonymized statistics (e.g., analytics, performance metrics, usage patterns) that cannot be used to identify you personally.

3. Exclusions

   • We do not collect sensitive information such as social security numbers, genetic data, religious beliefs, or health data.
   • Financial information (e.g., credit card numbers) is collected solely to process transactions and is stored only as long as needed for that purpose.
   • If you provide personal data about others, you must have their permission to do so.

We gather data in two main ways:

1. Automated Collection

   • Website: We automatically collect IP addresses, browser characteristics, and user activity on our Site.
   • App: We monitor device specifics, usage metrics, and analytics to refine our platform.

2. Direct User Submission

   • User Input: We receive data directly when you register for an account, submit answers during training or testing, complete forms, or otherwise engage with the Services.

3. Consent and Legal Basis

   • Consent: Where required by law, we will obtain your explicit permission to process certain data.
   • Contractual Necessity: Processing is required to deliver the Services you request.
   • Legal Obligation: We may process your data to comply with laws or regulations.
   • Legitimate Interests: We may process data for security, anti-fraud measures, platform improvement, or other business interests that do not override your privacy rights.

We use collected information for purposes including, but not limited to:

• Service Delivery: Providing radiology exam prep features, AI-generated report scoring, and user-specific feedback.
• Personalization: Tailoring the user experience to help improve individual training outcomes.
• Security: Safeguarding the Services against unauthorized access, fraud, or other illicit activities.
• Feature Development: Creating and testing new functionalities based on performance metrics and user engagement.

We do not knowingly collect personal data from children under the age of 13. If we discover that such data has been provided to us without appropriate consent, we will take immediate steps to delete it. If you suspect a child under 13 has provided personal data, please contact us at [email protected].

We may disclose your data under the following circumstances:

1. Group Companies

   We share data with affiliated entities where necessary to support operations and enhance user experiences across our Services.

2. Service Providers

   We engage third-party providers (e.g., payment processors, cloud hosting, analytics services, software developers, etc.) to assist in delivering and improving our platform.

3. Legal Authorities

   We may disclose data when required by law, court order, or legal process. Where allowed, we will endeavor to notify you unless such disclosure is prohibited.

4. Marketing

   We may share aggregated, non-personal statistics (e.g., usage metrics) with partners or advertisers. We will not use or disclose personal data for marketing without your prior consent.

5. Ownership Changes

   In the event of a merger, acquisition, or sale of assets, your data may be transferred to the acquiring entity under the same conditions outlined here. We will notify you of any ownership changes where required by law.

Depending on your location, you may have specific rights regarding personal data. Such rights may include:

• Access: Request a copy of your personal data.
• Rectification: Correct inaccurate or incomplete information.
• Deletion: Request erasure of your data, subject to legal constraints.
• Portability: Obtain a machine-readable copy of certain data.
• Objection: Object to specific processing activities, including direct marketing.

To exercise these rights, please contact us at [email protected]. We will respond within a reasonable timeframe, typically within 30 days.

1. Complaints to Authorities

   If you believe your rights have been infringed or that your data has been unlawfully processed:

   • EU/EEA: Contact the data protection authority in your member state.
   • UK: Reach out to the Information Commissioner’s Office (ICO) via ico.org.uk.
   • Other Regions: Follow local data protection laws and file a complaint with the relevant authority.

1. Data Retention

   We retain personal data as long as it is necessary to provide the Services or as legally mandated. Aggregated or anonymized data may be retained for analytics, security, or other legitimate purposes. If you delete your account, we will remove your personal data within 30 days unless retention is required by law.

2. Security Measures

   • Encryption: Data is encrypted in transit and at rest where applicable.
   • Secure Infrastructure: Firewalls, secure servers, and role-based access controls limit exposure to unauthorized access.
   • Regular Monitoring: Ongoing assessments of our systems to identify vulnerabilities or potential threats.
   
   

   Despite these measures, no security protocol is entirely foolproof.

Your data may be transferred and processed in jurisdictions outside your country of residence, including places with different or less stringent data protection standards. We utilize mechanisms such as Standard Contractual Clauses (SCCs) and secure transfer protocols to help ensure your data is treated lawfully and securely.

We reserve the right to modify or update this Policy at our discretion. If changes are significant, we may provide notice (e.g., via email or in-app notification). Your continued use of the Services following any updates constitutes acceptance of the revised Policy.

Contact Us

For questions about this Policy, or to exercise any data rights, reach us at:

Email: [email protected]