WANDM WANDM Notes
Terms Back
Legal · Privacy

Privacy Policy

How WANDM Notes handles your information.

Last updated: June 2026

Who we are

WANDM Notes is a medical education platform built by practising clinicians for postgraduate exam candidates. The platform is operated by Dr. Mohammed Khalid Khalafallah and Dr. Shima Mo. Ali, based in Riyadh, Saudi Arabia. References to "we", "us", or "WANDM" in this document refer to the WANDM Notes team.

This privacy policy applies to all WANDM Notes services accessed through the domain mrcs.wandmnotes.com and any related subdomains. It explains what personal information we collect, how we use it, who we share it with, and what rights you have over that information.

We take privacy seriously. As clinicians, we understand that trust is built through transparency. If anything here is unclear or you want more detail, please get in touch using the contact details in section 11.

Information we collect

We only collect the information we need to run the service. We do not buy data about you from third parties, and we do not sell your data to anyone.

2.1 Account information

When you create an account, we collect:

2.2 Study progress data

To make the platform genuinely useful, we record your interactions with the study material:

This data exists so you can resume where you left off, see your own progress over time, and get personalised insights. It is not used for any other purpose.

2.3 Technical information

When you use WANDM Notes, our infrastructure providers (notably Google Firebase) collect technical information automatically. This typically includes your IP address, browser type, operating system, approximate location derived from IP, the dates and times of requests, and basic error logs. This information is used to keep the service running, identify abuse, and debug issues.

We do not deliberately collect sensitive information such as racial origin, political views, religious beliefs, or biometric data. Please do not enter such information in any free-text fields.

How we use your information

We use your information for the following purposes only:

Where your data is stored

Your data is stored in Google Firebase infrastructure, specifically Firebase Authentication for credentials and Cloud Firestore for application data. Firebase is operated by Google LLC and uses data centres in regions selected for our project. The current data region for this exam's project is configured at the infrastructure level and may include the United States or Europe, depending on the Firebase project settings.

Google has obtained ISO/IEC 27001, ISO/IEC 27017, ISO/IEC 27018, SOC 1, SOC 2, and SOC 3 certifications relevant to data security and privacy. Their privacy practices are described in the Google Cloud Privacy Notice.

What this means for you: we use industry-leading infrastructure to host your data. Encryption in transit (HTTPS) and at rest is handled by Google. We do not run our own database servers.

Third-party services

WANDM Notes uses the following third-party services. Each has its own privacy policy, which we encourage you to review.

We do not use any third-party advertising network, behavioural tracking pixel, social media tracker, or analytics platform that profiles individual users. There is no Facebook pixel, no Google Analytics, no advertising cookies.

Cookies and local storage

WANDM Notes uses browser cookies and local storage for purposes that are strictly necessary to the operation of the service.

We do not use cookies for advertising, behavioural profiling, or third-party tracking. Because all cookies and local storage are strictly necessary, we do not show a cookie consent banner.

Your rights

You have the following rights over the personal data we hold about you. To exercise any of these rights, contact us using the details in section 11.

We aim to respond to all reasonable requests within thirty days. If you are unhappy with our response, you may have the right to lodge a complaint with your local data protection authority.

Data retention

We retain your data for as long as your account is active, plus a brief grace period after deletion or expiry to allow account recovery and to meet our legal obligations.

Children's privacy

WANDM Notes is designed for postgraduate medical exam candidates. The service is not intended for, marketed to, or knowingly used by individuals under eighteen years of age. We do not knowingly collect personal information from children. If you believe a child has provided personal information through the service, please contact us so we can remove the data and close the account.

Changes to this policy

We may update this policy from time to time, for example when we change service providers, add new features, or improve our privacy practices. When we make changes, we update the "Last updated" date at the top of the page.

For material changes that affect how we use your data, we will notify active subscribers by email and display a banner on the platform for thirty days before the changes take effect.

Continued use of the service after a change becomes effective constitutes acceptance of the updated policy.

Contact us

If you have any question about this privacy policy, want to exercise your rights, or believe we have not met our obligations to you, please contact us.

Response time: we aim to acknowledge privacy queries within seventy-two hours and provide a substantive response within thirty days.