Last Modified: March 6, 2026

INTRODUCTION

SimMed Learning Systems LLC ("Company," "we," or "us") respects your privacy and is committed to protecting it through our compliance with this Privacy Policy.

This Privacy Policy describes the types of information we collect from and about users of our Platform — which includes our website at www.simmedlearning.com, our mobile application available for download on iOS and Android devices (the "App"), and our integrated physician discussion forum (the "Forum")  and our practices for collecting, using, maintaining, protecting, and disclosing that information (collectively, the "Platform").

By accessing or using any part of the Platform, you agree to the terms of this Privacy Policy. If you do not agree, you must discontinue use of the Platform immediately.

This Privacy Policy may be updated from time to time (see Changes to Our Privacy Policy below). Your continued use of the Platform after we post changes constitutes your acceptance of those changes.

PLATFORM AUDIENCE AND MINIMUM AGE

The Platform is designed exclusively for licensed plastic surgeons and medical professionals who are at least twenty-one (21) years of age. The Platform is not directed at individuals under 21, and we do not knowingly collect personal information from individuals under 21.

If we learn that we have collected personal information from a person under 21 without appropriate authorization, we will promptly delete that information. If you believe we may have information from or about a person under 21, please contact us at [email protected].

INFORMATION WE COLLECT ABOUT YOU AND HOW WE COLLECT IT

A. Categories of Personal Information We Collect

We collect the following categories of personal information:

•         Full name

•         Mailing address (street, city, state, and ZIP code)

•         Email address

•         Phone number

•         Payment information (credit card data processed and stored by our third-party payment processor, Stripe; we do not directly store full credit card numbers)

•         Account credentials (username and hashed password)

•         Professional information provided at registration (e.g., medical specialty, board examination status, state of licensure)

•         Forum display name, profile information, and any content you post or upload to the Forum

•         Mobile device identifiers (see Mobile Application Data below)

Location data note: The mailing address collected at registration (city, state, and ZIP code) is used solely to identify who our customers are and to provide customer service and support. We do not use Google Maps APIs, geofencing, geotargeting, or any other location-based tracking or targeting technology. Location data is collected once at registration and is not used to track your physical location during Platform use.

We do not collect Social Security numbers, government-issued identification numbers, biometric data, or protected health information (PHI) as defined by HIPAA. The Platform is not a covered entity or business associate under HIPAA, and no clinical patient data is processed through the Platform.

Regarding photographs: Some simulation cases on the Platform may include de-identified clinical photographs provided by third-party medical professionals. The Company assumes that appropriate patient authorizations were obtained by the contributing parties. Users do not upload or access identifiable patient photographs through the Platform.

B. Information You Provide Directly

We collect information you voluntarily provide, including:

•         Registration and account information when creating your account

•         Payment information submitted at the time of subscription purchase

•         Practice use cases you upload within your individual account session

•         Forum posts, comments, responses, and any other content you contribute to the Forum

•         Your Forum profile, including any optional biographical or professional details you choose to share

•         Communications you send us (e.g., support requests, inquiries)

•         Responses to forms, surveys, or questionnaires, if applicable

C. Information We Collect Automatically — Website and App

When you access and use the Platform, we may automatically collect certain technical and usage information, including:

•         Browser type and version

•         Operating system

•         Device information

•         Referring URL and navigation patterns within the Platform

•         Date and time of access

•         Pages viewed, features used, and time spent within the application and Forum

Geographic access controls: The Platform is restricted to users located within the United States (excluding U.S. territories). To enforce this restriction, we query IP addresses to identify and block access from outside the authorized area. We do not retain or store IP addresses beyond what is necessary to perform this access check.

D. Mobile Application Data

When you download and use the SimMed mobile application, we may collect additional information specific to the mobile environment, including:

•         Device identifiers such as Advertising ID (IDFA on iOS, GAID on Android), device model, and operating system version

•         App version and session duration data

•         Crash reports and diagnostic data to support application stability and improvement

•         Push notification token (if you grant permission to receive push notifications)

•         In-app activity, including navigation patterns, feature usage, and simulation session data

Permissions we may request on your mobile device:

•         Push notifications: To send you account alerts, subscription reminders, and Forum activity updates. You may enable or disable push notifications at any time through your device settings.

•         Camera or photo library: Only if you choose to upload profile images or other content within the App. We do not access your camera or photo library without your explicit action to do so.

The App is available through the Apple App Store and Google Play Store. Your download and use of the App through those platforms is also subject to Apple's and Google's respective privacy policies and terms of service. The Company is not responsible for data collected by Apple or Google in connection with app downloads or updates.

E. Forum Activity Data

The Forum is a physician-only discussion space integrated into the Platform. When you participate in the Forum, we collect:

•         All content you post, comment on, or upload

•         Reactions, votes, or endorsements you give to other posts

•         Private messages you send to other Forum members, if the private messaging feature is enabled

•         Content you flag or report for moderation review

•         Timestamps and frequency of your Forum participation

Important: Forum posts and profile information are visible to other registered, credentialed members of the Platform. Do not post any information in the Forum that you do not wish to be seen by other physician subscribers. The Company is not responsible for how other Forum members use information you voluntarily post.

F. Cookies and Tracking Technologies

The Platform uses cookies and similar tracking technologies, including:

•         Browser cookies and mobile SDK equivalents to support Platform functionality, session management, and user authentication

•         Tracking pixels and analytics tools to collect aggregate usage data and to support our marketing funnel and analytics

You may configure your browser or mobile device settings to refuse cookies or limit tracking. However, doing so may prevent certain features of the Platform from functioning properly.

G. Do Not Track

The Platform does not currently respond to Do Not Track (DNT) browser signals.

HOW WE USE YOUR INFORMATION

We use the information we collect for the following purposes:

•         To create and manage your subscriber account across both the web platform and mobile application

•         To verify your identity and eligibility to use the Platform

•         To process subscription payments through Stripe

•         To provide customer service and respond to support requests

•         To communicate with you regarding your account, subscription status, billing, and updates to these policies

•         To send push notifications to your mobile device, if you have granted permission

•         To operate and moderate the Forum, including reviewing flagged content and enforcing Forum conduct standards

•         To enforce geographic access restrictions (U.S. only)

•         To monitor aggregate Platform usage and performance for quality and service improvement purposes

•         To improve the mobile application based on crash reports and diagnostic data

•         To maintain records for legal and business purposes

•         To comply with applicable law

We do not use your personal information for targeted advertising, behavioral advertising, or third-party marketing. We do not engage in automated decision-making or profiling based on user data.

FORUM — SPECIAL NOTICE REGARDING USER-GENERATED CONTENT

The Forum is a members-only discussion community accessible to credentialed physician subscribers. Because the Forum enables interaction between users, the following special provisions apply:

Public Visibility Within the Platform

Content you post to the Forum, including posts, comments, profile information, and any professional details you choose to share — is visible to all other registered members of the Platform. You should post only information that you are comfortable sharing with a community of physician peers.

No General Public Access

Forum content is not publicly indexed or accessible to non-members. Access to the Forum is restricted to active, credentialed subscribers only.

Content You Own

You retain ownership of the content you post to the Forum. By posting content, you grant the Company a limited, non-exclusive, royalty-free license to display, reproduce, and distribute your content within the Platform solely for the purpose of operating the Forum.

The Company does not claim ownership of your Forum posts and does not use your Forum content for commercial purposes beyond Forum operation.

Content Moderation

The Company reserves the right to monitor, review, and remove Forum content that violates these policies or our Terms of Use. We may also temporarily or permanently restrict the Forum access of any user who violates Forum standards.

Forum content standards: All Forum contributions must be professional in nature and consistent with the standards expected of licensed medical professionals. Prohibited Forum content includes, but is not limited to:

•         Patient-identifying information of any kind

•         Defamatory, harassing, or abusive content directed at other members

•         Promotional, advertising, or commercial solicitation content

•         Content that infringes the intellectual property rights of any person or entity

•         False, misleading, or deceptive clinical information

•         Content that violates any applicable professional licensing standards or codes of conduct

We do not continuously pre-screen all Forum content, but we reserve the right to review and take action on any content at any time. The Company assumes no liability for Forum content posted by users.

Reporting Forum Content

If you encounter Forum content that you believe violates these standards, please report it using the in-platform reporting tool or contact us directly at [email protected].

Private Messaging

If the private messaging feature is available within the Forum, private messages are transmitted through our systems and are stored in accordance with our data retention policies. The Company does not routinely monitor private messages but reserves the right to review private communications when required to investigate a reported violation, comply with law, or protect user safety.

DISCLOSURE OF YOUR INFORMATION

We will not sell, rent, or trade your personal information to any third party.

We may share personal information in the following limited circumstances:

•         Service providers: We share information with third-party service providers who support our operations, including Stripe (payment processing), Amazon Web Services (cloud hosting), and OpenAI (AI features). These providers are required to protect your information and use it only for the specified purposes.

•         Mobile platform providers: Apple and Google receive certain transactional data in connection with App downloads and in-app purchases facilitated through their platforms. Their use of that data is governed by their own privacy policies.

•         Wait list communications: Prior to full platform launch, we may share contact information of wait list members with third-party services used to manage launch communications. This sharing is limited to platform launch outreach.

•         Legal compliance: We may disclose personal information when required by law, court order, or lawful governmental request, including requests under Arizona law.

•         Business transfers: In the event of a merger, acquisition, or sale of Company assets, personal information may be transferred as part of that transaction, subject to standard confidentiality protections.

•         Safety: We may disclose information when we believe disclosure is necessary to prevent harm or to protect the rights, property, or safety of the Company, our users, or the public.

We will not disclose user data for general marketing purposes, data brokerage, or any purpose unrelated to the operation of the Platform.

We do not participate in advertising networks or affiliate marketing programs.

THIRD-PARTY SERVICE PROVIDERS

The Platform relies on the following key third-party service providers:

•         Amazon Web Services (AWS): Cloud hosting and data storage for both the web platform and mobile application back end. All user data is stored on AWS servers behind multiple layers of firewall protection. While AWS maintains industry-leading security infrastructure, no cloud hosting environment is 100% immune from cyberattacks or system failures. We acknowledge this limitation and disclose it to our users accordingly.

•         Stripe: Payment processing for subscription billing. Stripe collects and processes credit card and billing information directly. The Company does not store full credit card numbers. Stripe's privacy practices are governed by Stripe's own privacy policy.

•         OpenAI: AI-powered simulation features. OpenAI's LLM API processes the text inputs you provide during AI simulation sessions to generate responses. Personal identifying information is not shared with OpenAI during these sessions. Tokenization and API usage are subject to OpenAI's data processing terms.

•         Apple App Store and Google Play Store: App distribution. Downloads and updates of the SimMed App are facilitated through Apple's and Google's respective platforms. Those platforms collect and process data according to their own privacy policies.

All third-party service providers engaged by the Company are contractually required to implement appropriate security measures and to use personal information only as directed.

DATA SECURITY

We take reasonable technical and administrative steps to protect your personal information from unauthorized access, disclosure, alteration, or destruction, including:

•         Storage of all user data behind AWS firewall infrastructure

•         SSL/TLS encryption for all data transmissions between users and the Platform, including the mobile application

•         Access controls limiting internal access to user data to authorized personnel only

•         Secure API communication between the mobile application and our back-end systems

Despite these measures, no security system is impenetrable. No internet or mobile data transmission is completely secure. We cannot guarantee the absolute security of your personal information. Any transmission of personal information to or from the Platform is at your own risk. We are not responsible for circumvention of any privacy settings or security measures on the Platform.

DATA RETENTION

We retain user account data for a period of 365 days following the expiration date of a user's last active subscription. The 365-day retention period begins on the day following subscription expiration. After this period, account data is deleted from our active systems.

Forum content is retained for the duration of your active subscription. Upon account expiration and the end of the applicable retention period, your Forum posts may be anonymized (disassociated from your identity) rather than deleted, in order to preserve the integrity of ongoing Forum discussions. We will retain records of anonymized contributions in aggregate form.

Mobile application diagnostic data (crash logs, usage data) is retained for a maximum of 12 months.

We may retain certain records for longer periods as required by applicable law or for legitimate business purposes such as fraud prevention or dispute resolution.

Users may request access to or correction of their personal information at any time. Users may not request deletion of account data prior to the expiration of the applicable retention period.

DATA BREACH NOTIFICATION

In the event of a data security incident, the Company will assess the nature and scope of the breach and respond in a manner appropriate to the specific circumstances. Because data breaches can arise from a wide variety of causes, our response is managed on a case-by-case basis in coordination with our hosting provider (AWS) and applicable legal counsel.

Where required by applicable state or federal law — including Arizona's data breach notification statute (A.R.S. § 18-552) — we will notify affected individuals and regulatory authorities within legally required timeframes. Notifications will describe the nature of the incident, the categories of information involved, and steps users can take to protect themselves.

To report a potential security issue or vulnerability, please contact us at [email protected].

YOUR PRIVACY RIGHTS

Access and Correction

You may access and update your personal information by logging into your account and visiting your profile settings (available on both the web platform and the mobile application). You may also contact us at [email protected] to request access to or correction of your personal information. We cannot accommodate a request to change information if we believe the change would violate any law or legal requirement or cause the information to be incorrect.

Users may not request deletion of account data prior to the expiration of the applicable retention period.

Forum Content

You may edit or delete your own Forum posts at any time through the Platform interface. The Company may retain records of deleted posts for a limited period in connection with moderation, safety, and legal obligations.

Push Notifications

You may enable or disable push notifications from the SimMed App at any time through your mobile device's notification settings.

Marketing Communications

The Company does not currently send promotional or marketing communications to users. If this practice changes in the future, users will be provided with an opt-out mechanism at that time.

Cookies and Mobile Tracking

You may configure your browser or mobile device settings to decline cookies or limit ad tracking (e.g., by enabling "Limit Ad Tracking" on iOS or "Opt Out of Ads Personalization" on Android). Note that doing so may impair the functionality of the Platform.

YOUR STATE PRIVACY RIGHTS

State consumer privacy laws may provide residents of certain states with additional rights regarding our use of their personal information. The Platform is available to users across the contiguous United States, Hawaii, and Alaska (excluding U.S. territories).

Arizona Residents

Arizona residents are protected under Arizona's data breach notification statute (A.R.S. § 18-552), which requires timely notification in the event that your personal information is compromised in a security incident. The Company complies with this statute.

For general consumer protection complaints or inquiries, Arizona residents may contact the Arizona Attorney General's Office, Consumer Protection and Advocacy Section, 2005 N. Central Ave., Phoenix, AZ 85004, or by calling (602) 542-5763 or (800) 352-8431.

California Residents

California residents have specific rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA), including:

•         Right to Know: Request disclosure of personal information collected, the sources, the purposes, and the third parties with whom it is shared

•         Right to Delete: Request deletion of personal information we have collected (subject to applicable legal retention requirements)

•         Right to Correct: Request correction of inaccurate personal information

•         Right to Opt-Out of Sale or Sharing: We do not sell or share personal information as defined by California law

•         Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights

To exercise your California privacy rights, please contact us at [email protected] or write to: Privacy Department, SimMed Learning Systems LLC, 4539 N. 22ND Street, Suite N, Phoenix, Arizona 85016 USA.

California's "Shine the Light" law (Civil Code § 1798.83) permits California residents to request information about disclosures of personal information to third parties for direct marketing purposes. We do not disclose personal information to third parties for their direct marketing purposes.

Nevada Residents

Nevada residents have the right to opt out of the sale of certain personal information. We do not sell personal information as defined by Nevada law. To submit a request, contact us at [email protected] with the subject line "Nevada Do Not Sell Request."

Virginia, Colorado, Connecticut, and Utah Residents

Residents of Virginia, Colorado, Connecticut, and Utah have rights under their respective state privacy laws, including the right to access, delete, and correct personal information, and the right to opt out of targeted advertising, the sale of personal information, and profiling in furtherance of automated decisions with legal or similarly significant effects.

We do not sell personal information, engage in targeted advertising, or conduct profiling as defined by these state laws.

To exercise these rights, please contact us at [email protected].

LEGAL BASIS FOR PROCESSING

We process your personal information based on the following grounds:

•         Contractual necessity: To fulfill our obligations under the subscription agreement, including account management, service delivery, and payment processing

•         Legitimate business interests: To operate, maintain, and improve the Platform (including the web platform, mobile application, and Forum), and to detect and prevent fraud or security threats

•         Legal compliance: To meet applicable legal obligations, including Arizona's data breach notification statute, CAN-SPAM compliance, and applicable state consumer privacy laws

•         Consent: Where we rely on your consent (e.g., push notifications), you may withdraw consent at any time through your device or account settings

THIRD-PARTY TECHNOLOGIES AND INTEGRATIONS

The Platform does not use social media login integrations or third-party authentication services for web or mobile registration. All account creation is completed directly through the Platform.

The Platform uses OpenAI's API for AI-powered simulation features. During simulation sessions, your text inputs are processed by OpenAI's systems. Personal identifying information is not transmitted to OpenAI during session interactions. The Company's use of OpenAI's API is subject to OpenAI's data processing terms.

The Platform may use analytics technologies (such as tracking pixels and mobile analytics SDKs) in connection with our marketing funnel and application performance monitoring. We are in the process of confirming all specific analytics integrations and will update this policy accordingly.

The Forum does not embed third-party advertising, social media share buttons, or external chatbot tools.

CHILDREN'S PRIVACY

The Platform is not intended for individuals under the age of 21. We do not knowingly collect, use, or disclose personal information from individuals under 21. If you are under 21, do not use the Platform, create an account, or submit any personal information. If we discover that a user is under 21, we will terminate the account and delete associated data.

CHANGES TO OUR PRIVACY POLICY

It is our policy to post any changes we make to this Privacy Policy on this page, with an updated "Last Modified" date. You are responsible for periodically reviewing this Privacy Policy for changes. Your continued use of the Platform after changes are posted constitutes your acceptance of those changes.

CONTACT INFORMATION

For privacy-related inquiries, data access or correction requests, Forum content concerns, or to report a security issue, please contact us at:

SimMed Learning Systems LLC

Privacy Department

4539 N. 22ND Street, Suite N

Phoenix, Arizona 85016 USA

Email: [email protected]

We will acknowledge privacy inquiries within 48 business hours and work to resolve them within 30 days. Requests for data access or correction will be processed within 30 days, with an extension of up to 60 days for complex requests.

You also have the right to lodge complaints with applicable state attorney general offices — including the Arizona Attorney General's Office or the Federal Trade Commission (FTC) for matters related to U.S. privacy law.