Privacy Policy

LastQbank ("we", "our", "us") operates the LastQbank platform, an online question bank for medical licensing exam preparation. We are committed to protecting your privacy and handling your personal information responsibly in accordance with Canada's Personal Information Protection and Electronic Documents Act (PIPEDA) and applicable provincial privacy laws.

For privacy inquiries, contact us at support@lastqbank.com.

We collect the following categories of personal information:

Information you provide directly:

• Account information: name and email address when you register.
• Payment information: processed securely by our payment provider (Stripe). We never store your full card number.

Information generated by your use of the Service:

• Study activity: questions attempted, answers selected, time spent, test scores, notes, and highlights.
• Performance data: accuracy rates, category breakdowns, and spaced-repetition intervals.
• Technical data: IP address, browser type, device type, and operating system (collected automatically for security and service improvement).
• Cookies and session data: see our Cookie Policy for details.

We use your information to:

• Create and manage your account and provide access to the Service.
• Process payments and send transaction confirmations.
• Personalise your study experience (progress tracking, spaced repetition, analytics).
• Send important service communications (account, security, policy updates).
• Respond to support requests and troubleshoot issues.
• Improve the quality and relevance of our questions and features.
• Detect and prevent fraud, abuse, and security incidents.
• Comply with legal obligations.

We do not sell your personal information to third parties. We do not use your data for advertising or share it with data brokers.

We process your personal information on the following grounds:

• Contract: to provide the Service you signed up for.
• Legitimate interests: to improve the Service, ensure security, and prevent abuse.
• Legal obligation: where we are required to by applicable law.
• Consent: for optional communications (you may withdraw consent at any time).

We share personal information only with trusted service providers who assist us in operating the Service:

• Supabase / PostgreSQL — database hosting (your study data).
• Cloudflare — content delivery and media storage (R2).
• Vercel — application hosting.
• Stripe — payment processing.

All service providers are contractually obligated to process your data only as instructed by us and to protect it with appropriate security measures.

We may also disclose your information where required by law, court order, or governmental authority.

We retain your account and study data for as long as your account is active. If you delete your account, we will delete or anonymise your personal information within 30 days, except where retention is required by law or for legitimate business purposes (e.g., payment records for tax compliance, which are kept for 7 years).

We implement industry-standard security measures including encrypted connections (TLS), encrypted database storage, and restricted access controls. However, no method of transmission or storage is 100% secure. If a data breach occurs that affects your rights and freedoms, we will notify you and relevant authorities as required by law.

Under PIPEDA and applicable provincial law, you have the right to:

• Access the personal information we hold about you.
• Correct inaccurate or incomplete information.
• Request deletion of your personal information (subject to legal retention requirements).
• Withdraw consent for optional communications (unsubscribe links are included in all marketing emails).
• Lodge a complaint with the Office of the Privacy Commissioner of Canada.

To exercise any of these rights, email us at support@lastqbank.com. We will respond within 30 days.

The Service is not directed to individuals under 18 years of age. We do not knowingly collect personal information from minors. If you believe we have inadvertently collected information from a minor, please contact us immediately.

We may update this Privacy Policy periodically. When we do, we will revise the effective date at the top of this page. For significant changes, we will notify you by email or through a notice on the Service. Your continued use of the Service after changes take effect constitutes acceptance of the updated policy.

For any questions or concerns about this Privacy Policy or our data practices, please contact us at support@lastqbank.com.