Privacy Policy

Privacy Policy Effective: REPLACE_WITH_EFFECTIVE_DATE Summary – We provide EMS education and continuing education content. We are not a healthcare provider and do not provide medical advice or patient care. – Do not submit patient-identifying information or protected health information (PHI) to the platform. De‑identify any case materials used for coursework or discussion. – We collect only what we need to operate the site (accounts, course progress, limited payment details via processors, device/usage data, support communications). We use vendors to run the service. – You control your data: access, correction, deletion, export, and marketing choices. Additional rights may apply based on your location (GDPR/UK, California, etc.). – If the business is acquired or restructured, your information may transfer to the successor, subject to this Policy. Who We Are – Legal entity: REPLACE_WITH_COMPANY_LEGAL_NAME (“RustyMedic”, “we”, “us”). – Address: REPLACE_WITH_BUSINESS_ADDRESS. – Contact: REPLACE_WITH_PRIVACY_EMAIL or via the Contact page. Scope – This Policy covers information collected through rustymedic.com and related services, including course delivery (LearnDash), commerce (WooCommerce), and support channels. What We Collect 1) Account & Profile – Name, email, password (hashed), role, and optional profile details. 2) Course & Assessment Data – Enrollments, progress, scores, certificates, submissions, and timestamps. – User‑generated content (comments, forums, assignments). You must de‑identify any real cases. 3) Payments (Processed by third parties) – We use payment processors (e.g., Stripe/PayPal). We receive limited transaction metadata but not full card data. 4) Device/Usage – IP address, device/browser info, pages and actions, referral/UTM, crash and performance logs. 5) Cookies & Similar Technologies – Session cookies for login, preferences, security; analytics; anti‑spam; caching. 6) Communications – Support requests, email preferences, marketing opt‑ins/outs. Sensitive & Patient Information – We are not a covered entity under HIPAA, and we do not request PHI. You must not submit PHI or identifiable patient information. De‑identify any cases used for learning. We may delete or anonymize any material that appears to contain PHI. How We Use Information (Purposes + Legal Bases) – Provide and improve the service and courses (contract/legitimate interests). – Personalize content, keep your session, save progress (contract/legitimate interests). – Process payments, issue receipts, and manage access (contract/legal obligations). – Communicate about your account, updates, support (contract/legitimate interests). – Protect security, deter fraud, enforce policies (legitimate interests/legal obligations). – Analytics and performance (legitimate interests/consent where required). – Marketing with your permissions and opt‑outs (consent/legitimate interests). Sharing & Disclosure – Service Providers/Processors: hosting, LMS (LearnDash), e‑commerce (WooCommerce), payments (e.g., Stripe/PayPal), email delivery, analytics, security, caching. They are bound to use data only for our instructions. – Legal: to comply with law, court orders, or to protect rights, security, or property. – Business Transfers: as part of a merger, acquisition, or sale of assets, your information may transfer to a successor subject to this Policy and applicable law; we will provide notice and your choices where required. – Aggregated/De‑identified: we may use or share de‑identified stats that cannot reasonably identify you. International Transfers – We may process and store data in countries different from yours. Where required, we use safeguards such as standard contractual clauses. Retention – Account and course records: for the life of the account and as needed to comply with legal/record‑keeping obligations. – Transaction records: as required by tax/financial laws. – Support and logs: for a commercially reasonable period. – We delete/anonymize data when no longer needed, subject to legal obligations and backups. Your Choices & Rights – Access, correction, deletion, export, objection, and restriction as available by law. – Marketing: unsubscribe links or email us to opt out. – To exercise rights, contact REPLACE_WITH_PRIVACY_EMAIL. We may request verification. Children’s Privacy – Our services are for adults and professional learners. We do not knowingly collect information from children under the age defined by local law (e.g., 13/16). Do not register children. If we learn a child has provided data, we will delete it. Security – We use administrative, technical, and physical safeguards appropriate to the risk (TLS, access controls, logging, least privilege). No system is perfectly secure; we cannot guarantee absolute security. Do Not Track & Cookies – Browser DNT is not universally honored. You can control cookies via browser settings. Some features require cookies to function. State/Regional Notices – EEA/UK: We rely on contract, legitimate interests, consent, and legal obligations as appropriate. You may complain to your local supervisory authority. – California: We do not sell or share personal information as defined by the CPRA. You may request access, deletion, or correction. Changes to This Policy – We may update this Policy. Material changes will be notified via the site or email. Continued use means you accept the new Policy. Contact – Email: REPLACE_WITH_PRIVACY_EMAIL – Address: REPLACE_WITH_BUSINESS_ADDRESS