Privacy Policy
Effective: February 23, 2026 ยท Last updated: February 23, 2026
1. Overview
Verdele ("we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you use the Verdele platform ("Service"). By using the Service, you consent to the practices described in this policy.
This policy applies to all users of the Service, including students, educators, and visitors to our website. We encourage you to read this policy carefully and contact us at [email protected] with any questions.
2. Information We Collect
We collect the following categories of information:
Account Information
When you register, we collect your display name, email address, and a hashed version of your password. We also store your selected healthcare discipline, profile photo (if uploaded), and account preferences.
User Content
We store documents, notes, audio recordings, and other study materials you upload to the Service. We also store your chat messages, AI-generated responses, flashcard sets, and quiz results to provide and improve the Service for you.
Usage Data
We automatically collect information about how you interact with the Service, including pages visited, features used, session duration, device type, browser type, IP address, and general geographic location (country/region level). This data is used for analytics, security, and service improvement.
Communications
If you contact us for support or feedback, we retain those communications to respond to your inquiry and improve our service.
3. How We Use Your Information
We use the information we collect to:
- Provide, operate, and maintain the Service
- Personalize your experience (e.g., discipline-specific tools and content)
- Process your uploaded materials for AI-powered study features (RAG, flashcard generation, quiz generation)
- Send transactional emails (account confirmation, email change verification, password changes)
- Analyze usage patterns to improve the Service
- Detect and prevent fraud, abuse, and security incidents
- Comply with legal obligations
We do not use your personal data or User Content to train AI models. We do not sell your personal information to third parties.
4. FERPA Considerations
The Family Educational Rights and Privacy Act (FERPA) protects the privacy of student education records. Verdele does not collect or maintain "education records" as defined by FERPA on behalf of educational institutions. You use Verdele as an individual student tool, not through your institution. Accordingly, FERPA does not directly govern our relationship with you; however, we are committed to protecting your academic privacy consistent with FERPA's principles.
If your institution has entered into a separate data processing agreement with Verdele, the terms of that agreement will govern the handling of any education records shared with us.
5. HIPAA Disclaimer
Verdele is not a HIPAA-covered entity and does not provide services that require HIPAA compliance. The Service is designed exclusively for educational use with fictional, anonymized, or hypothetical clinical scenarios. You must not upload, enter, or process any protected health information (PHI), including real patient names, dates of birth, medical record numbers, diagnoses, or any other patient-identifiable data.
If you inadvertently upload PHI, please contact us immediately at [email protected] so we can assist with removal.
6. Data Sharing and Third Parties
We share your information only in the following limited circumstances:
| Recipient | Purpose |
|---|---|
| Cloud infrastructure providers | Hosting, file storage (S3), and database services |
| AI model providers | Processing your prompts to generate AI responses (your prompts are sent to the model API; they are not used for model training under our agreements) |
| Email service providers | Sending transactional emails (account verification, notifications) |
| Analytics providers | Aggregated, anonymized usage analytics to improve the Service |
| Law enforcement / legal process | When required by law, court order, or to protect the rights and safety of users or the public |
All third-party service providers are contractually required to handle your data in accordance with this Privacy Policy and applicable data protection laws.
7. Data Retention
We retain your account information and User Content for as long as your account is active. If you delete your account, we will remove your personal data and User Content from our active systems within 30 days. Certain anonymized or aggregated data may be retained indefinitely for analytics purposes. We may also retain data as required by law or to resolve disputes.
8. Security
We implement industry-standard security measures including encrypted data transmission (TLS), hashed password storage (bcrypt), access controls, and regular security reviews. However, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security and encourage you to use a strong, unique password for your Verdele account.
9. Cookies and Tracking
Verdele uses session cookies to maintain your authenticated session. We do not use third-party advertising cookies or cross-site tracking technologies. You can configure your browser to refuse cookies, but doing so may prevent you from logging in or using certain features of the Service.
10. Your Rights
Depending on your jurisdiction, you may have the following rights regarding your personal data:
- Access: Request a copy of the personal data we hold about you
- Correction: Update inaccurate or incomplete data via the Settings panel
- Deletion: Request deletion of your account and associated data
- Portability: Request an export of your data in a machine-readable format
- Objection: Object to certain processing activities
To exercise any of these rights, contact us at [email protected]. We will respond within 30 days.
11. Children's Privacy
The Service is not directed to individuals under the age of 18. We do not knowingly collect personal information from children under 18. If we become aware that we have collected personal information from a child under 18 without parental consent, we will take steps to delete that information promptly.
12. International Users
Verdele is operated from the United States. If you access the Service from outside the United States, your information may be transferred to and processed in the United States, where data protection laws may differ from those in your country. By using the Service, you consent to this transfer and processing.
Users in the European Economic Area (EEA) or United Kingdom have additional rights under the GDPR and UK GDPR. Please contact us at [email protected] for information about our lawful basis for processing and to exercise your rights.
13. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page and, where appropriate, by sending an email to your registered address. Your continued use of the Service after changes are posted constitutes your acceptance of the updated policy.
14. Contact Us
If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact our privacy team at [email protected].