Features

Privacy Policy for QE1Bank

Last Updated: February 2026

QE1Bank is a global educational SaaS platform for Medical Council of Canada Qualifying Examination (MCCQE) Part I preparation. This policy explains what data we collect, why we process it, and the controls available to you.

Important: QE1Bank is not affiliated with, endorsed by, or sponsored by the Medical Council of Canada. Content is provided for educational use only.

1. Data We Collect

  • Account data: Name, email address, password hash, authentication logs, account preferences.
  • Learning and performance data: Questions attempted, answer history, timing, flags, notes, and analytics outputs.
  • Billing and transaction metadata: Plan, payment status, invoice references, and processor transaction IDs (not full card numbers).
  • Support and communications: Contact forms, support emails, and service-related communications.
  • Technical and device data: IP address, browser/device information, operating system, and security events.

2. Purposes and Legal Bases

  • Contract performance: Delivering subscriptions, simulations, analytics, and account functionality.
  • Legitimate interests: Platform security, abuse prevention, service reliability, quality improvement, and product analytics.
  • Consent (where required): Optional analytics/cookies and marketing communications.
  • Legal obligations: Financial records, fraud prevention, legal requests, and compliance obligations.

3. Cookies and Analytics

We use essential cookies for authentication, security, and core functionality. We may also use analytics technologies to understand product usage and improve performance. You can control non-essential cookies through browser settings or consent tools where available.

4. Sharing and Processors

We do not sell personal data. We share data only with trusted processors and infrastructure providers that support our service operations, such as:

  • Payment processors (for example, Lemon Squeezy)
  • Email and notification providers
  • Hosting, database, monitoring, and security providers
  • Analytics providers (where enabled)

All processors are contractually required to protect personal data and process it only for authorized purposes.

5. International Data Transfers

Because QE1Bank serves users globally, personal data may be processed in countries outside your residence. Where required, we apply safeguards such as contractual protections and equivalent transfer mechanisms.

6. Retention

We retain data according to business and legal requirements:

  • Account and learning records: while your account is active, then archived/deleted according to support and compliance needs.
  • Billing records: retained for legal and tax obligations.
  • Security logs: retained for fraud prevention, audit, and incident response windows.

When retention is no longer required, data is deleted or irreversibly anonymized.

7. Security Measures

  • Encryption in transit (TLS) and secure credential handling.
  • Role-based access controls and least-privilege operational access.
  • Monitoring, logging, and security incident response procedures.
  • Periodic updates and hardening of application infrastructure.

8. Your Rights

Depending on your location, you may have rights to access, correct, export, delete, or restrict processing of personal data, and to object to certain processing activities. You may also withdraw consent where processing is consent-based.

To submit a request, contact dpo@qe1bank.com. We may verify identity before processing requests.

9. Children

QE1Bank is intended for adult medical learners and professionals. It is not directed to children.

10. Policy Updates

We may revise this Privacy Policy as our service evolves or legal requirements change. Material updates will be posted on this page with a revised effective date.

11. Contact and Data Protection Officer

General support: support@qe1bank.com

Data protection and privacy requests (DPO): support@qe1bank.com