Skip to main content
Path2Medic

Privacy Policy

Last updated: May 13, 2026

1. Information We Collect

When you use Path2Medic, we collect the following types of information:

  • Account Information: Your name and email address when you create an account.
  • Payment Information: Payment processing is handled securely by Stripe. We do not store your credit card numbers or full payment details on our servers. Stripe may collect billing information necessary to process your transactions.
  • Exam and Study Data: Your exam responses, scores, and study session data are stored in our database (hosted on Supabase) to provide personalized practice exams, track your progress, and generate targeted study recommendations.
  • Diagnostic Submissions: If you purchase a diagnostic exam, your answers and submission timestamps are stored alongside your account so we can generate your personalized analytics report. Diagnostic responses are reviewed by a credentialed Path2Medic paramedic and used only to build your individual report.
  • Marketing Consent: If you opt in to marketing emails at checkout, we store a record of your consent (timestamp and source) for audit purposes under CAN-SPAM and GDPR.
  • Usage Data: We collect basic analytics about how you interact with the platform to improve our services.

2. How We Use Your Information

We use the information we collect to:

  • Provide, maintain, and improve our exam preparation platform.
  • Generate personalized practice exams and post-tests based on your performance.
  • Produce personalized diagnostic analytics reports for diagnostic-exam buyers.
  • Process payments and manage your subscription.
  • Send important account notifications (e.g., purchase confirmations, report delivery, subscription notices, password resets).
  • Send marketing emails only if you opt in at checkout. You can unsubscribe at any time from the footer of any marketing message.
  • Respond to your support inquiries.

3. Cookies, Analytics, and Advertising

We use three categories of cookies and similar technologies:

  • Essential cookies: Required to keep you logged in and maintain your session. These cannot be disabled without breaking the platform.
  • Analytics (Google Analytics 4): We use GA4 to understand how the platform is used so we can improve it (e.g., which pages convert, which exam formats users struggle with). GA4 is configured with IP anonymization. You can opt out by installing the Google Analytics Opt-Out Browser Add-on.
  • Advertising and retargeting (Meta Pixel): We use the Meta Pixel from Facebook to measure ad performance and to show relevant Path2Medic ads on Meta platforms (Facebook, Instagram) to people who have visited our site. Under California privacy law (CPRA), this use of the Meta Pixel is treated as a “sale” or “share” of personal information. You can opt out at your Facebook ad preferences or by enabling “Limit Ad Tracking” on your device.

California residents can also exercise their right to opt out of the sale or sharing of their personal information by emailing vincent@path2medic.com with the subject line “Do Not Sell or Share My Personal Information.” We will process the request within 15 business days.

4. Data Storage and Security

Your data is stored securely on Supabase (our database provider) and protected with industry-standard encryption. Payment data is processed and stored by Stripe in compliance with PCI DSS standards. We implement reasonable security measures to protect your personal information from unauthorized access, alteration, or destruction.

5. Data Sharing and Sub-Processors

We do not sell or rent your personal information to third parties. We share data only with the service providers below, and only to the extent required for them to perform their services on our behalf:

  • Stripe — payment processing, invoicing, and statement-descriptor management
  • Supabase — database hosting, authentication, and file storage
  • Vercel — website hosting, edge functions, and runtime logs
  • Resend — transactional email delivery (purchase confirmations, report delivery, password resets, account notifications)
  • Mailchimp — marketing email delivery for buyers who explicitly opt in at checkout
  • Google Analytics 4 — aggregate usage analytics with IP anonymization
  • Meta Pixel — advertising measurement and retargeting on Meta platforms (see §3 for opt-out)

Path2Medic is a registered fictitious name (d/b/a) of Ibis SaaS Holdings, LLC, a Florida limited liability company and the data controller for information collected through the Service. Customer data is held by the LLC, not by individual personnel.

6. Legal Basis for Processing (GDPR)

For users in the European Economic Area, United Kingdom, and similar jurisdictions, we process your personal information on the following legal bases: (a) your consent for marketing emails and advertising/retargeting cookies; (b) performance of a contract for account creation, payment processing, exam delivery, and report generation; (c) our legitimate interests for security monitoring, fraud prevention, aggregate analytics, and platform improvement; and (d) compliance with legal obligations for tax records, payment records, and similar statutory requirements.

7. Data Retention

We retain personal information only as long as needed for the purposes described in this policy:

  • Account and study data: for as long as your account is active, plus up to 7 years after closure where required by tax or audit obligations.
  • Payment records: retained by Stripe per its retention policy and by us for 7 years for tax/accounting purposes.
  • Diagnostic exam submissions and reports: retained alongside your account for as long as you maintain access, so you can re-reference your report and we can spot longitudinal trends if you take a second diagnostic.
  • Marketing consent records: retained until you withdraw consent or 2 years after account closure, whichever comes sooner.
  • Backups and logs: up to 90 days for security and operational integrity.

8. Your Rights

You have the right to:

  • Access the personal data we hold about you.
  • Request correction of inaccurate data.
  • Request deletion of your account and associated data.
  • Cancel your subscription at any time.

To exercise any of these rights, contact us at vincent@path2medic.com.

9. Changes to This Policy

We may update this privacy policy from time to time. We will notify you of any material changes by posting the updated policy on this page with a revised "Last updated" date.

10. Contact

If you have questions about this privacy policy or our data practices, contact us at vincent@path2medic.com.