Privacy Policy

opensketch ("we," "us," or "our") is operated from Israel and is subject to the Israeli Privacy Protection Law 5741-1981 and Amendment 13 (2024). We are committed to protecting your privacy in compliance with GDPR, UK GDPR, and other applicable data protection regulations.

This Privacy Policy describes how we collect, use, store, and protect your personal data when you use the opensketch platform.

1. Data We Collect

Account Data

When you create an account, we collect your email address, display name, and authentication credentials (hashed). If you sign in via a third-party provider (e.g., Google), we receive your name and email from that provider.

Usage Data

We collect anonymized usage data including pages visited, features used, generation requests, and interaction patterns to improve the Service.

Generation Inputs

When you generate a mnemonic, the medical topic you enter is sent to Google's Gemini API for AI processing. These inputs are stored in your account library alongside the generated content.

2. No Health Data

We do not collect, process, or store any health records, patient data, or biometric information. The medical topics you study are educational subjects, not personal health information. opensketch is a study aid, not a clinical tool.

3. AI Processing Disclosure

We use Google Gemini AI models to generate educational mnemonic images and text. Your topic inputs are sent to Google's API for processing. Google's data handling is governed by their Cloud Terms of Service and Data Processing Addendum. AI-generated content is stored in your account library.

4. How We Use Your Data

• To provide and maintain the Service;
• To process your generation requests via Google Gemini;
• To manage your account, subscriptions, and credits;
• To send transactional emails (account confirmations, billing);
• To improve the Service based on aggregated, anonymized usage patterns;
• To comply with legal obligations.

5. Sub-Processors

We share data with the following sub-processors to operate the Service:

Data is transferred to US/EU sub-processors under appropriate safeguards including Standard Contractual Clauses and the EU-US Data Privacy Framework.

6. Data Retention

• Account data: Retained while your account is active, plus 30 days after a deletion request.
• Generated images: Deleted within 30 days of account deletion or individual deletion request.
• Usage logs: 90 days rolling retention, anonymized after.
• Payment records: Retained per tax law requirements (7 years in Israel, varies by jurisdiction) — handled by Lemon Squeezy as Merchant of Record.

7. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

• Access: Request a copy of your personal data.
• Rectification: Request correction of inaccurate data.
• Erasure: Request deletion of your personal data.
• Portability: Request your data in a structured, machine-readable format.
• Objection: Object to processing of your personal data.
• Restriction: Request restriction of processing.

To exercise any of these rights, contact us at privacy@medicalprompter.com. We will respond within 30 days (or sooner as required by applicable law).

8. Security

We implement industry-standard security measures to protect your data, including encryption in transit (TLS) and at rest, secure authentication, and access controls. However, no method of transmission or storage is 100% secure.

9. Children

opensketch is not directed at children under 16. We do not knowingly collect personal data from children under 16. If you believe a child has provided us with personal data, please contact us and we will delete it promptly.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via email or in-app notification at least 30 days in advance. The "Last updated" date at the top indicates when the policy was last revised.