Privacy Notice

Last updated: 6 June 2026

1. Who we are

IMAT Prep is operated by Careermedsitalia pvt limited ("we", "us", "our"), trading as IMAT Prep. We are the data controller for the personal data we collect about you through our website and services.

2. What personal data we collect

• Account data — name, email address, password (stored hashed).
• Authentication data — login timestamps, OAuth identifiers if you sign in with Google.
• Usage data — videos watched, tests attempted, scores, answers given, progress over time.
• Support data — messages you send us via email or support channels.
• Technical data — IP address, browser type, device identifiers, log data, and cookies necessary to provide the Service.

3. Why we use your data, and on what legal basis

• To create and manage your account — performance of the contract.
• To provide video lessons, tests, and progress tracking — performance of the contract.
• To prevent fraud and abuse and keep the Service secure — our legitimate interests.
• To improve our content and the platform — our legitimate interests.
• To respond to support requests — performance of the contract / our legitimate interests.
• To comply with legal obligations — tax, accounting, and legal compliance.
• To send service emails (e.g. account verification, security alerts) — performance of the contract.
• To send marketing emails, where applicable — your consent (which you can withdraw at any time).

4. Who we share your data with

• Service providers / sub-processors — our hosting and database provider, authentication provider, and analytics tooling, all under contractual data protection obligations.
• Paddle.com Market Limited (Merchant of Record) — for the sale of subscriptions, payment processing, subscription management, tax compliance, invoicing, and refund handling. Paddle's processing is governed by its own privacy notice.
• Professional advisers — lawyers, accountants and auditors where necessary.
• Authorities — where required by law or to protect our rights.

5. International data transfers

Some of our service providers are located outside your country, including in the EEA, the UK, and the United States. Where data is transferred outside the UK/EEA, we rely on appropriate safeguards such as the European Commission's Standard Contractual Clauses or adequacy decisions.

6. Data retention

We keep your account data and usage data for as long as your account is active, and for a reasonable period afterwards to handle disputes, comply with legal obligations, and protect our rights. After that we delete or anonymise it. Billing and tax records are kept for the periods required by law.

7. Your rights

Depending on where you live, you may have the right to access, rectify, erase, restrict the processing of, port, or object to the processing of your personal data, and to withdraw any consent you previously gave. UK/EEA users have these rights under the UK GDPR and EU GDPR and may complain to their local supervisory authority. We will respond to verified requests within one month.

8. Security

We use appropriate technical and organisational measures to protect your data, including encryption in transit, hashed passwords, row-level access controls on our database, and least-privilege access for staff.

9. Cookies

We use cookies and similar technologies that are strictly necessary to keep you logged in and to keep the Service secure. Where we use analytics or marketing cookies, we will ask for your consent and you will be able to manage your preferences.

10. Contact

To exercise your rights or ask questions about this notice, contact Careermedsitalia pvt limited via the support email shown in your account. For billing-related personal data, you can also contact Paddle at paddle.net.