Privacy Policy

Last updated: April 17, 2026

MedCoach (“MedCoach,” “we,” “us,” or “our”) is a sole proprietorship operated by Aayush, based in Florida, United States. MedCoach helps pre-med applicants prepare their medical school applications. This Privacy Policy explains what information we collect when you use medcoach.io (the “Service”), how we use it, who we share it with, and the choices you have.

By using the Service, you agree to the practices described here. If you do not agree, please do not use MedCoach.

Information we collect

We collect the following categories of information:

  • Account data. When you sign in with Google, we receive your name, email address, and profile image from your Google account. See Google user data below for details on the specific fields and how we handle them.
  • Application content. Anything you enter or upload while using MedCoach — life-story entries, essay drafts, personal statements, secondary responses, activity descriptions, letter-of-rec information, school lists, MCAT study logs and scores, GPA and transcript data, interview and CASPer practice responses, and any files you attach.
  • Payment data. If you subscribe, Stripe processes your payment on our behalf. We receive limited information from Stripe (subscription status, plan, last four digits of your card, billing country). We do not store your full card number.
  • Usage data. Logs about how you use the Service, including timestamps, pages visited, feature interactions, and metadata about AI generations (model, tokens, duration) for rate limiting and quality monitoring.
  • Device data. Standard information your browser sends, such as IP address, user agent, and referrer.

Google user data

MedCoach uses Google Sign-In (OAuth 2.0) so you can create and access your account with your Google account. This section is provided to satisfy the disclosure requirements of the Google API Services User Data Policy.

What Google data we access

When you sign in with Google, we request only these standard scopes:

  • openid— your unique Google account identifier.
  • email— your primary Google email address and verification status.
  • profile— your name (given and family name) and profile picture URL.

We do not request access to Gmail, Google Drive, Calendar, Contacts, YouTube, or any other Google product, and we do not read, write, send, or delete anything in those products.

How we use Google data

  • To create and authenticate your MedCoach account.
  • To display your name and profile picture in the MedCoach interface.
  • To send transactional emails related to your account (for example, sign-in confirmations, billing receipts, and service notices).
  • To provide customer support when you contact us.

We do not use Google user data for advertising, we do not sell it, and we do not use it to train generalized machine learning or AI models.

How we share Google data

Google profile data (name, email, profile picture, Google account ID) is stored in our authentication and database provider, Supabase, which hosts our backend infrastructure. We do not share Google user data with any third party for advertising or marketing purposes, and we do not sell it. Google profile data is notsent to our AI providers (Anthropic or OpenAI) — the AI features in MedCoach operate on application content you provide, not on your Google profile information.

Limited Use disclosure

MedCoach’s use and transfer of information received from Google APIs to any other app will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

Revoking access

You can revoke MedCoach’s access to your Google account at any time from your Google Account permissions page. Revoking access does not delete data already stored in your MedCoach account; to delete that data, see Data retention below.

How we use your information

  • To provide and operate the Service and your account.
  • To generate AI-assisted drafts, feedback, and suggestions based on content you provide.
  • To personalize the experience (e.g., tailoring essays to your story, matching schools to your profile).
  • To process payments, manage subscriptions, and prevent fraud.
  • To communicate with you about your account, updates, and support requests.
  • To improve the Service, debug issues, and monitor reliability.
  • To comply with legal obligations and enforce our terms.

AI and your content

MedCoach uses third-party AI providers (Anthropic for language models and OpenAI for embeddings) to generate drafts and feedback on your behalf. When you use an AI feature, the relevant portions of your content are sent to those providers solely to produce output for you.

Anthropic and OpenAI have contractually committed not to train their foundation models on content submitted through their API by default. We do not sell your content, and we do not use your content to train public AI models.

How we share information

We share information only with service providers who help us run MedCoach, and only to the extent necessary. These include:

  • Supabase— database, authentication, and file storage.
  • Vercel— application hosting.
  • Google— sign-in (OAuth).
  • Anthropic and OpenAI— AI generation and embeddings (application content only; not Google profile data).
  • Stripe— payment processing.
  • Resend— transactional email delivery.

We may also disclose information if required by law, to protect our rights or users, or in connection with a business transfer (e.g., merger or acquisition). We do not sell your personal information.

Data retention

Because applying to medical school can take more than a year and often spans multiple cycles, we retain your content for the duration of your active application cycle and for a reasonable period afterward so you can return to your work if you reapply. You can delete individual entries at any time from within the app.

If you want us to delete your entire account and its content — including any data received from Google — email us at aayush@medcoach.io from the address associated with your account. We will permanently delete your account within 30 days of receiving the request. We may retain limited records where required by law (for example, payment records for tax and accounting purposes). Backups are overwritten on a rolling basis, typically within 30 days.

Security

Your data is hosted in the United States on Supabase infrastructure. We use industry-standard safeguards including TLS 1.2+ for all network traffic, AES-256 encryption at rest for database and file storage, row-level security so your data is isolated to your account, least-privilege role-based access controls for administrators, and secrets managed via encrypted environment variables. No system is perfectly secure; please use a strong, unique password on your Google account and contact us immediately if you suspect unauthorized access.

Your choices and rights

Depending on where you live, you may have the right to access, correct, export, or delete your personal information, and to object to or restrict certain processing. You can exercise most of these rights directly in the app, or by emailing us at the address below. We will respond within the time required by applicable law.

Children

MedCoach is intended for users who are at least 18 years old. We do not knowingly collect personal information from anyone under 18. If you believe a minor has provided us information, please contact us and we will delete it.

International users

MedCoach is operated from the United States. If you use the Service from outside the U.S., your information will be transferred to and processed in the U.S. and other countries where our service providers operate.

Changes to this policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you by email or through the Service. The “Last updated” date at the top of this page reflects the latest revision.

Contact

Questions about this policy or your data? Email aayush@medcoach.io.