Privacy Policy

Last Updated: July 15, 2026

1. Information We Collect

ForTheWards ("we," "us," or "our") collects and processes personal information to provide our simulation-based medical education platform. This includes:

  • Account information (name, email, institutional affiliation)
  • Learning activity data (scenario attempts, transcripts, feedback)
  • Temporary oral-presentation audio uploads used for transcription and deleted after transcription succeeds
  • Technical data (IP address, browser type, device information)
  • Communication records (support tickets, feedback submissions)

2. How We Use Your Information

We use collected information for:

  • Providing and improving our educational services
  • Generating personalized AI feedback on your performance
  • Allowing learners to review their feedback and performance history
  • Enabling specifically authorized institutional faculty to review learning progress
  • Supporting IRB-approved research when any required participant consent has been obtained
  • Complying with legal and regulatory requirements

3. FERPA and Educational Records

ForTheWards is designed for institutional learning workflows that may be governed by FERPA. We treat retained learner transcripts, feedback, and attempt records as educational records that require controlled access.

  • Raw oral-presentation recordings are deleted after transcription succeeds
  • Retained transcripts and feedback remain available to the learner and for authorized educational review
  • Role-based access controls limit who can access retained learner records
  • Privileged transcript and feedback review workflows are audited

4. HIPAA-Level Security for Fictional Scenarios

ForTheWards is designed for educational simulations only. Our platform does not collect, store, or process actual patient health information (PHI). All scenarios are fictional and for training purposes only.

While our platform itself does not handle PHI, we implement HIPAA-level security standards including:

  • Encryption at rest and in transit (TLS 1.3, AES-256)
  • Role-based access controls (RBAC)
  • Audit logging of sensitive administrative record-handling workflows
  • Business Associate Agreements (BAAs) with all vendors

5. Data Sharing and Third Parties

We share your data only as necessary to provide our services:

  • Your Institution: Specifically authorized faculty with a legitimate educational role can view your learning progress
  • Approved Research Personnel: Interaction data may be accessed for IRB-approved research when any required participant consent has been obtained
  • Platform Administration: Authorized ForTheWards platform administrators may access the minimum information reasonably necessary for security, troubleshooting, maintenance, or responding to support requests; this access is not performed routinely
  • Service Providers: Supabase (database), Vercel (hosting), Google Gemini (AI feedback)
  • Legal Requirements: When required by law or to protect rights and safety

We do not sell interaction data, use it for advertising, or disclose it to unauthorized third parties.

For detailed vendor information and Business Associate Agreements, please contact privacy@forthewards.com.

6. Retention and Research Use

Learning activity data is retained to provide learners with access to their feedback, support authorized institutional review, and, where applicable, conduct IRB-approved research. Research use is subject to the approved study protocol and any required participant consent. Accepting this Privacy Policy or our Terms of Service does not constitute consent to participate in research.

Research records are retained for the period required by the applicable IRB, institution, law, or study protocol. Direct identifiers are removed or replaced with study codes when practicable and when they are no longer needed for the approved purpose. Deletion requests remain subject to applicable educational and research record-retention requirements.

7. Your Rights

You have the right to:

  • Access your personal data
  • Request correction of inaccurate data
  • Request deletion of your data (subject to institutional requirements)
  • Opt out of non-essential communications
  • File a complaint with a supervisory authority

To exercise these rights, contact us at privacy@forthewards.com.

8. Data Security

We implement industry-standard security measures including encryption, access controls, and regular security audits. However, no system is 100% secure. We encourage users to maintain strong passwords and report any security concerns immediately.

9. Children's Privacy

Our platform is designed for medical professionals and students in professional training programs. We do not knowingly collect information from individuals under 18 years of age.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify users of material changes via email and by updating the "Last Updated" date at the top of this page.

11. Contact Us

For questions about this Privacy Policy or our data practices, please contact:

ForTheWards Privacy Team

Email: privacy@forthewards.com

Phone: (808) 555-1234

Address: Honolulu, Hawaii