William MarrowWilliam Marrow

Privacy Policy

Last updated: 11 March 2026

1.Introduction

William Marrow ("we", "our", or "us") respects your privacy and is committed to protecting your personal information in accordance with the Australian Privacy Principles (APPs) contained in the Privacy Act 1988 (Cth). This Privacy Policy describes the types of information we collect, how we use it, and your rights regarding that information when you use williammarrow.com and our related services ("the Service").

ABN 44 696 205 526 · ACN 696 205 526

2.Information We Collect

We collect the following types of information:

Information you provide

  • Account details: name, email address, and profile photo when you register (including via Google Sign-In).
  • Profile information: title, specialty, and target exam date if you choose to provide them.
  • Payment information: processed securely by Stripe. We receive your Stripe Customer ID and subscription status but never store your credit card number.
  • User-generated content: notes, bookmarks, and issue reports you create within the Service.

Information collected automatically

  • Usage data: questions answered, session results, and progress statistics.
  • Anonymous answer submissions: aggregated per-question answer tallies used for poll-style breakdowns. These do not contain any user identifiers.
  • Device and connection information: browser type, operating system, IP address, and referring URL.
  • Analytics data: page views and interactions collected by Vercel Analytics (see section 6).

3.How We Use Your Information

  • To provide, maintain, and improve the Service, including personalised progress tracking.
  • To process payments and manage your subscription.
  • To communicate with you about your account, subscription status, and service updates.
  • To respond to your support requests and issue reports.
  • To generate aggregated, anonymised analytics about Service usage to improve question quality.
  • To detect and prevent fraud, abuse, or security incidents.

4.Data Sharing and Disclosure

We do not sell your personal information. We may share your information with:

  • Stripe — for payment processing. Stripe's privacy policy applies to data they process.
  • Firebase (Google Cloud) — for authentication, database storage, and file storage.
  • Vercel — for hosting and analytics. Vercel Analytics collects anonymised usage data.
  • Sentry — for error monitoring. Sentry may receive technical error data to help us diagnose issues.
  • Law enforcement or regulatory bodies — if required by law or to protect our legal rights.

5.Data Retention

We retain your personal data for as long as your account is active or as needed to provide the Service. After account deletion:

  • Account data and profile information are deleted within 30 days.
  • Anonymised answer submissions (which contain no user identifiers) are retained for aggregate statistics.
  • We retain records as required to comply with legal obligations, resolve disputes, and enforce our agreements.

6.Cookies and Analytics

We use the following technologies:

  • Firebase Authentication tokens — stored in your browser to keep you signed in.
  • Vercel Analytics — collects anonymised page view and performance data. No personal information is collected.
  • Vercel Speed Insights — measures real-user page load performance anonymously.
  • Sentry — captures application errors with technical context to help us fix bugs.

We do not use advertising cookies or third-party tracking pixels.

7.Data Security

We implement appropriate technical and organisational measures to protect your information, including encryption in transit (HTTPS/TLS), Firebase security rules restricting data access, server-side input validation, and HTML sanitisation to prevent cross-site scripting. However, no method of electronic transmission or storage is 100% secure, and we cannot guarantee absolute security.

8.Your Rights

Under the Australian Privacy Act, you have the right to:

  • Access the personal information we hold about you.
  • Request correction of inaccurate or incomplete information.
  • Request deletion of your account and associated data.
  • Complain to the Office of the Australian Information Commissioner (OAIC) if you believe your privacy has been breached.

To exercise any of these rights, please contact us at the details below.

9.Children's Privacy

The Service is intended for medical professionals and trainees aged 18 and over. We do not knowingly collect personal information from anyone under 18. If we become aware that we have collected such data, we will take steps to delete it promptly.

10.International Data Transfers

Your data may be processed and stored in countries outside Australia, including the United States, through our use of Firebase (Google Cloud), Stripe, Vercel, and Sentry. These providers maintain appropriate data protection safeguards. By using the Service, you consent to the transfer of your information to these providers.

11.Changes to This Policy

We may update this Privacy Policy from time to time. We will notify registered users of material changes via email or through the Service. Your continued use of the Service after changes become effective constitutes acceptance of the revised policy.

12.Contact

Email: hello@williammarrow.com

Address: Brisbane, Queensland, Australia

You may also contact the Office of the Australian Information Commissioner (OAIC) at www.oaic.gov.au if you have a privacy complaint.