MedicalWallahMedicalWallah
HomeCoursesAbout Us

Privacy Policy

Effective Date: May 13, 2025 | Last Updated: May 13, 2025

This Privacy Policy describes how MedicalWallah ("we," "us," or "our"), operated at https://mwcourses.com and through our mobile application available on the Google Play Store under the package name com.mwcourses (collectively, the "Platform"), collects, uses, shares, and protects the personal information of our users ("you" or "your"). This policy applies to all users of our website, mobile application, browser extensions, and related services.

We are committed to protecting your privacy and ensuring transparency in how we handle your data. Please read this policy carefully. By accessing or using our Platform, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy.

If you do not agree with the practices described in this policy, please do not use our Platform or provide us with your personal information.

1. Information We Collect

1.1 Information You Provide Directly

When you register, enroll in courses, or interact with our Platform, we collect:

  • Account Information: Full name, email address, phone number (Bangladeshi mobile number), and password.
  • Profile Information: Avatar/profile photo, alternate phone number, parent/guardian phone number, and address.
  • Educational Information: HSC batch year, HSC registration number, HSC roll number, and academic background.
  • Social Account Information: Facebook ID/name/link, Telegram username (when voluntarily provided for identity verification or communication purposes).
  • Payment Information: Transaction IDs, payment amounts, and payment method used. We do not store your credit/debit card numbers, mobile banking PINs, or other sensitive financial credentials — these are processed exclusively by our third-party payment processor (ShurjoPay).
  • Communication Data: Messages you send through our Q&A system, live chat, doubt submission forms, and customer support channels, including any images or attachments you upload.
  • Coupon/Referral Data: Discount codes and referral information used during enrollment.

1.2 Information Collected Automatically

When you use our Platform, we automatically collect:

  • Device Information: Device type, operating system, browser type and version, screen resolution, and unique device identifiers.
  • Usage Data: Pages visited, features used, lesson progress, course completion rates, exam scores, time spent on content, and interaction patterns.
  • Log Data: IP address, access timestamps, referring URLs, and error logs.
  • Session Information: Session tokens and login activity for security and single-device enforcement.
  • Push Notification Tokens: Firebase Cloud Messaging (FCM) device tokens for delivering notifications.
  • Browser/Device Fingerprint: Technical attributes used to identify your device for anti-piracy and account security enforcement.

1.3 Information from Third Parties

We may receive information from third-party services integrated with our Platform, including authentication providers and payment processors, to verify your identity and process transactions.

2. Legal Basis for Processing

We process your personal data based on the following legal grounds:

  • Contract Performance: Processing necessary to fulfill our agreement with you (e.g., providing course access after enrollment, processing payments).
  • Consent: Where you have given explicit consent (e.g., receiving promotional communications, providing optional profile information).
  • Legitimate Interest: Processing necessary for our legitimate business interests (e.g., fraud prevention, platform security, service improvement), provided these interests do not override your fundamental rights.
  • Legal Obligation: Processing required to comply with applicable laws and regulations.

3. How We Use Your Information

We use the information we collect for the following purposes:

3.1 Service Delivery

  • Creating and managing your account.
  • Providing access to purchased courses, video lectures, live classes, exams, and study materials.
  • Tracking your learning progress and providing personalized recommendations.
  • Processing course enrollments and payments.
  • Delivering AI-powered academic assistance and Q&A support.

3.2 Communication

  • Sending course updates, schedule changes, and exam notifications via SMS, email, or push notifications.
  • Responding to your support inquiries and academic questions.
  • Sending promotional offers and information about new courses (you may opt out at any time — see Section 8).

3.3 Security and Fraud Prevention

  • Verifying user identity and preventing unauthorized account access.
  • Enforcing single-device login policies to protect course content from piracy.
  • Detecting and preventing account sharing, content redistribution, and fraudulent activity.
  • Monitoring IP addresses and device fingerprints for security purposes.
  • Implementing CAPTCHA verification (Cloudflare Turnstile) to prevent automated abuse.
  • Locking accounts temporarily after suspicious login attempts.

3.4 Platform Improvement

  • Analyzing usage patterns to improve our educational content and user experience.
  • Conducting internal research and analytics to enhance platform performance.
  • Debugging technical issues and optimizing application performance.

3.5 Legal Compliance

  • Complying with applicable laws, regulations, and legal processes.
  • Enforcing our Terms and Conditions and protecting our legal rights.
  • Responding to lawful requests from government authorities.

4. Cookies and Tracking Technologies

We use cookies and similar technologies to enhance your experience:

  • Essential Cookies: Required for authentication, session management, and security. These cannot be disabled as they are necessary for the Platform to function.
  • Functional Cookies: Remember your preferences, theme settings, and progress in courses.
  • Analytics Cookies: Help us understand how users interact with our Platform to improve performance and content delivery (via Firebase Analytics).

You can manage cookie preferences through your browser settings. However, disabling essential cookies may prevent you from using certain features of the Platform.

5. Third-Party Services and Data Sharing

We integrate with the following third-party services to operate our Platform. Each service processes data according to its own privacy policy:

  • Supabase: Database hosting, user authentication, and real-time features. (Privacy Policy)
  • Firebase (Google): Push notifications (FCM) and analytics. (Privacy Policy)
  • ShurjoPay: Payment processing (supports bKash, Nagad, credit/debit cards).
  • Cloudinary: Image and media file hosting. (Privacy Policy)
  • Cloudflare: Security (Turnstile CAPTCHA) and content delivery. (Privacy Policy)
  • Google Gemini AI: AI-powered academic Q&A assistance. (Privacy Policy)
  • BulkSMS BD: SMS notification delivery.

Data Sharing Principles

  • We do not sell, trade, or rent your personal information to any third party.
  • We do not share your data with advertisers or ad networks.
  • We do not use your data for third-party marketing purposes.

We share data with third parties only when:

  • It is necessary to provide our services (e.g., payment processing, SMS delivery).
  • We have your explicit consent.
  • We are required by law, regulation, or valid legal process.
  • It is necessary to protect our rights, safety, property, or that of our users.

6. Data Storage and Security

We implement industry-standard security measures to protect your personal information:

  • Encryption in Transit: All data transmitted between your device and our servers is encrypted using SSL/TLS protocols (HTTPS).
  • Encryption at Rest: Sensitive data stored in our databases is encrypted at rest.
  • Password Security: Passwords are cryptographically hashed using industry-standard algorithms and are never stored in plain text.
  • Access Controls: Access to personal data is restricted to authorized personnel on a need-to-know basis.
  • Infrastructure Security: We use secure cloud infrastructure with regular security monitoring.
  • Session Security: Automatic account lockout after suspicious activity or multiple failed login attempts.
  • Content Protection: Video content is delivered through encrypted streaming to prevent unauthorized redistribution.

While we implement robust security measures, no method of electronic transmission or storage is 100% secure. In the unlikely event of a data breach, we will notify affected users within 72 hours and take immediate steps to mitigate any harm.

7. Data Retention

We retain your personal information for as long as:

  • Your account remains active on our Platform.
  • It is necessary to provide you with our services.
  • Required by applicable laws and regulations.
  • Needed to resolve disputes or enforce our agreements.

After account deletion: If you request account deletion, we will remove or anonymize your personal data within 30 days, except where retention is required by law or for legitimate business purposes (such as fraud prevention records or financial transaction records required for tax/audit purposes). Anonymized data that cannot identify you may be retained for analytics.

8. Your Rights and Choices

You have the following rights regarding your personal data:

  • Right to Access: Request a copy of the personal data we hold about you.
  • Right to Rectification: Request correction of inaccurate or incomplete information via your profile settings or by contacting support.
  • Right to Deletion: Request deletion of your account and personal data (subject to legal retention requirements). See Section 8.1 below for how to request deletion.
  • Right to Object: Object to processing of your data for marketing purposes.
  • Right to Data Portability: Request your data in a structured, machine-readable format.
  • Right to Withdraw Consent: Withdraw previously given consent at any time without affecting the lawfulness of prior processing.
  • Right to Opt-Out of Communications: Unsubscribe from promotional SMS, emails, or push notifications at any time.

8.1 How to Request Account Deletion

You may request deletion of your account and associated personal data by:

  • Sending an email to support@mwcourses.com with the subject line "Account Deletion Request" from your registered email address.
  • Including your registered phone number and full name for identity verification.

Upon verification, we will process your deletion request within 30 days. You will receive a confirmation email once deletion is complete. Please note that deletion is permanent and cannot be reversed — all course access, progress data, and purchase history will be removed.

To exercise any of these rights, contact us at support@mwcourses.com. We will respond to your request within 30 days.

9. Children's Privacy

Our Platform is designed for medical admission aspirants, which may include users under the age of 18. We take the following measures to protect younger users:

  • We do not knowingly collect personal information from children under the age of 13 without verifiable parental consent.
  • For users between 13 and 18 years of age, we encourage registration with a parent or guardian's phone number and oversight.
  • We do not serve targeted advertising or behavioral ads to any users, including minors.
  • We do not sell or share minors' personal information with third parties for commercial purposes.
  • If we discover that we have inadvertently collected data from a child under 13 without proper consent, we will delete that information within 48 hours of discovery.

Parents or guardians who believe their child has provided personal information without consent should contact us immediately at support@mwcourses.com for prompt data removal.

10. Mobile Application Privacy

Our Android mobile application (available on Google Play Store as MedicalWallah) may request the following device permissions:

  • Internet Access (INTERNET): Required to load course content, stream videos, and sync your learning progress.
  • Network State (ACCESS_NETWORK_STATE): To detect connectivity and provide offline-friendly behavior.
  • Push Notifications (POST_NOTIFICATIONS): To deliver class reminders, exam schedules, and important updates. You can disable notifications in your device settings at any time.
  • Storage/Media (READ_EXTERNAL_STORAGE): Only when you choose to upload a profile photo or submit images for doubt resolution. We do not scan or access other files on your device.
  • Camera (CAMERA): Only when you explicitly choose to take a photo for your profile or doubt submission. Never activated without your action.

Permissions We Do NOT Request

Our mobile application does not access or request:

  • Contacts or address book
  • Call logs or phone state
  • SMS messages
  • Location data (GPS or network-based)
  • Microphone (except during live classes if applicable)
  • Background location tracking

All permissions are requested at runtime only when needed and can be revoked at any time through your device's Settings > Apps > MedicalWallah > Permissions.

11. Push Notifications

We use Firebase Cloud Messaging (FCM) to send push notifications. These notifications may include:

  • Live class reminders and schedule updates.
  • New course announcements and enrollment confirmations.
  • Exam schedules and result notifications.
  • Important platform updates and maintenance notices.

How to opt out: You can disable push notifications at any time through:

  • Android: Settings > Apps > MedicalWallah > Notifications
  • Web Browser: Browser notification settings or clicking "Block" when prompted

Opting out of notifications will not affect your access to course content or any paid features.

12. Advertising and Analytics

We want to be transparent about our advertising and analytics practices:

  • We do not display third-party advertisements on our Platform.
  • We do not use advertising IDs or participate in ad networks.
  • We do not create advertising profiles based on your activity.
  • We use Firebase Analytics solely to understand aggregate usage patterns and improve our educational services. This data is not shared with advertisers.

13. International Data Transfers

Your data may be processed and stored on servers located outside of Bangladesh through our third-party service providers (such as cloud hosting in the United States, Europe, or Singapore). When data is transferred internationally, we ensure that:

  • Appropriate safeguards are in place to protect your information.
  • Third-party processors maintain security standards consistent with this Privacy Policy.
  • Data transfers comply with applicable data protection laws.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes:

  • We will update the "Last Updated" date at the top of this page.
  • For significant changes, we will notify you via email, SMS, or a prominent notice on our Platform at least 7 days before the changes take effect.
  • Continued use of the Platform after the effective date of changes constitutes acceptance of the updated policy.

We encourage you to review this Privacy Policy periodically. Previous versions of this policy are available upon request.

15. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

MedicalWallah

Website: https://mwcourses.com

Email: support@mwcourses.com

Subject Line: "Privacy Inquiry"

We aim to respond to all privacy-related inquiries within 30 days of receipt.

16. Governing Law and Dispute Resolution

This Privacy Policy is governed by and construed in accordance with the laws of the People's Republic of Bangladesh, including the Digital Security Act 2018 and the Information and Communication Technology Act 2006 (as amended). Any disputes arising from this policy shall be subject to the exclusive jurisdiction of the courts in Dhaka, Bangladesh.

Your Consent

By creating an account, enrolling in courses, or otherwise using our Platform, you signify your informed acceptance of this Privacy Policy. If you do not agree with this policy, please do not use our services or provide us with your personal information. Your continued use of the Platform following the posting of changes to this policy will be deemed your acceptance of those changes.