New
Welcome to Passmed - See All exams — explore now →
Legal

Privacy Policy

Last updated: March 2026. This policy explains how Passmed Pte. Ltd. collects, uses, and protects your personal information.

Summary: We collect your account details, usage data, and payment info to run the platform. We never sell your data. You can access, correct, or delete your data at any time. Contact [email protected] with any questions.

1. Who We Are

Passmed Pte. Ltd. ("Passmed", "we", "us", or "our") operates the Passmed question bank platform at passmed.us and passmed.org. This Privacy Policy explains how we collect, use, store, share, and protect your personal information when you use our platform.

By creating an account or using our services, you consent to the practices described in this policy. If you do not agree, please do not use the platform.

2. Information We Collect

We collect the following categories of personal information:

  • Account information: Your name, email address, and password when you register.
  • Payment information: Billing details and payment card information processed securely by our third-party payment provider (e.g. Stripe). We never store your full card details on our servers.
  • Usage and performance data: Questions attempted, answers given, scores, session duration, topic performance, and Weighted Performance Average (WPA) data — used to power your analytics dashboard.
  • Device and technical data: IP address, browser type and version, operating system, screen resolution, device type, and general location (city/country level).
  • Communications: Messages you send us via the contact form or email, including support requests and feedback.
  • Marketing preferences: Your opt-in/opt-out status for marketing communications.
  • Cookies and tracking data: Session identifiers, preferences, and usage patterns collected via cookies and similar technologies. See Section 7 for details.

3. How We Use Your Information

We use your personal information for the following purposes:

  • To provide the service: Operating your account, processing subscriptions, delivering question bank content, and tracking your progress.
  • To personalise your experience: Adapting session content to target your weak areas and tailoring recommendations based on your performance data.
  • To process payments: Completing subscription purchases and refunds via our payment provider.
  • To communicate with you: Sending account confirmations, subscription receipts, password resets, and support responses.
  • To send marketing: Emailing you about new exam banks, features, or promotions — only where you have opted in or where permitted by law. You can opt out at any time.
  • To improve the platform: Analysing anonymised, aggregated usage data to improve question quality, platform features, and user experience.
  • For institutional reporting: Where you access Passmed through an institutional licence, we may share performance data with the administering institution (e.g., programme directors) as agreed in the institutional contract.
  • To ensure security: Detecting and preventing fraud, abuse, and unauthorised account access.
  • To comply with legal obligations: Retaining records as required by applicable law.

4. Legal Basis for Processing (GDPR / International Users)

If you are located in the European Economic Area, UK, or another jurisdiction with similar data protection laws, we process your personal information on the following legal bases:

Contract performance — to deliver the services you have subscribed to. Legitimate interests — to improve the platform, prevent fraud, and communicate with you (where not overridden by your rights). Consent — for marketing communications and non-essential cookies. Legal obligation — where required by applicable law.

As a Singapore-incorporated company (Pte. Ltd.), Passmed also complies with the Personal Data Protection Act 2012 (PDPA) of Singapore.

5. How We Share Your Information

We do not sell your personal information to third parties. We may share your information in the following circumstances:

Service providers: Trusted third parties who help us operate the platform (e.g., cloud hosting, payment processing, analytics, email delivery). These providers are contractually bound to protect your data and may only use it to provide services to us.

Institutional partners: If your access is funded by a residency programme, medical school, or other institution, we may share performance and completion data with the relevant administrators as set out in our institutional agreement.

Business transfers: In the event of a merger, acquisition, or sale of assets, your information may be transferred to the acquirer, subject to equivalent privacy protections.

Legal requirements: We may disclose your information where required by law, court order, or to protect the rights, property, or safety of Passmed, its users, or the public.

6. Data Retention

We retain your account and progress data for as long as your account is active. If you cancel your subscription, your data is retained for 12 months to allow you to resubscribe and pick up where you left off.

After 12 months of inactivity following cancellation, your personal data is permanently deleted, unless we are legally required to retain it for longer (e.g., financial records for tax purposes, which are retained for 7 years).

You may request earlier deletion of your account and data at any time by contacting [email protected] .

7. Cookies & Tracking Technologies

We use cookies and similar technologies (e.g. local storage, pixel tags) to operate the platform and understand how it is used.

Essential cookies: Required for login sessions, security, and core platform functionality. These cannot be disabled.

Analytics cookies: Help us understand how users navigate the platform so we can improve it (e.g. page views, session duration). We use privacy-respecting analytics tools and do not share raw analytics data with advertisers.

Marketing cookies: Used only where you have given explicit consent. You can withdraw consent at any time via your browser settings or by contacting us.

Most browsers allow you to manage or block cookies through their settings. Disabling essential cookies may prevent you from logging in or using core features.

8. Your Rights

Depending on your location, you may have the following rights regarding your personal data:

Access: Request a copy of the personal information we hold about you. Correction: Request correction of inaccurate or incomplete data. Deletion: Request deletion of your personal data (subject to legal retention requirements). Portability: Request your data in a structured, machine-readable format. Objection: Object to processing based on legitimate interests, including for direct marketing. Restriction: Request that we restrict processing in certain circumstances. Withdraw consent: Where processing is based on consent, you may withdraw it at any time without affecting prior processing.

To exercise any of these rights, contact us at [email protected] . We will respond within 30 days. We may need to verify your identity before fulfilling a request.

9. Children's Privacy

The Passmed platform is intended for users aged 18 and over. We do not knowingly collect personal information from anyone under 18. If we become aware that we have collected data from a minor, we will delete it promptly. If you believe a minor has provided us with personal data, please contact us immediately.

10. Data Security

We implement industry-standard technical and organisational measures to protect your personal information, including encrypted data transmission (TLS/HTTPS), hashed password storage, access controls, and regular security reviews.

No method of transmission over the internet is 100% secure. While we strive to protect your data, we cannot guarantee absolute security. In the event of a data breach that affects your rights, we will notify you in accordance with applicable law.

11. International Data Transfers

Passmed Pte. Ltd. is incorporated in Singapore. Your data may be processed in Singapore, the United States, or other countries where our service providers operate. Where data is transferred outside your home jurisdiction, we ensure appropriate safeguards are in place, such as standard contractual clauses or equivalent protections recognised under applicable law.

12. California Residents (CCPA/CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA), including the right to know what personal information we collect and how it is used, the right to delete, the right to opt out of sale (we do not sell personal information), and the right to non-discrimination for exercising your rights.

To submit a CCPA/CPRA request, contact us at [email protected] with the subject line "California Privacy Request".

13. Third-Party Links

Our platform may contain links to third-party websites or resources. This Privacy Policy does not apply to those sites. We encourage you to review the privacy policies of any third-party sites you visit.

14. Changes to This Policy

We may update this Privacy Policy from time to time. The date of the most recent update appears at the top of this page. For material changes, we will notify you by email or via a prominent notice on the platform. Continued use after changes are posted constitutes acceptance of the revised policy.

15. Contact & Complaints

For privacy-related queries, requests, or complaints, contact our data team at [email protected] or via our Contact page.

If you are in the EEA or UK and are not satisfied with our response, you have the right to lodge a complaint with your local data protection authority.