Medicine Quiz logoBlitzMed

← Back to home

Privacy Policy

Last updated: March 21, 2026

1. Introduction

BlitzMed (“we,” “us,” or “our”) operates this website and related services (together, the “Services”). This Privacy Policy explains how we collect, use, disclose, and safeguard personal information when you visit our website or use our applications that link to this policy.

By using the Services, you agree to this Privacy Policy. If you do not agree, please do not use the Services.

2. Information we collect

2.1 Account sign-in (Google OAuth)

Sign-in is available only through Google OAuth. We do not offer a separate email-and-password registration on our consumer app. When you choose “Continue with Google” (or equivalent), Google shares certain information with our authentication provider (Supabase) according to your Google account settings and Google’s policies.

For the purpose of providing your account within BlitzMed, we rely on your email address and name to identify your account and display your profile. We do not require or use other Google profile fields for core account functionality.

Additional data may be transmitted by Google or stored by our auth infrastructure as part of the OAuth flow (for example, tokens used to keep you signed in). We use such data only as needed to operate secure authentication and your session.

2.2 Usage and technical data

Like most websites and apps, we automatically collect certain technical information, which may include IP address, device type, browser type, operating system, approximate location derived from IP, and dates/times of access. We also use cookies and similar technologies where necessary for the site to function (for example, theme preferences stored locally in your browser).

2.3 Information you provide directly

If you contact us (for example by email), we process the information you send (such as your name, email address, and message content) to respond to you.

3. How we use your information

We use personal information to:

  • Create and maintain your account
  • Authenticate you via Google OAuth
  • Provide, operate, and improve the Services
  • Communicate with you about the Services (e.g., support)
  • Protect the security and integrity of the Services
  • Comply with legal obligations

We do not sell your personal information.

4. Legal bases (EEA, UK, Switzerland)

If applicable law requires a “legal basis,” we rely on: performance of a contract (providing the Services you request); legitimate interests (security, improvement, communications), where not overridden by your rights; consent where we ask for it; and legal obligation where required.

5. How we share information

We share personal information only as described in this policy:

  • Service providers. We use trusted providers to host and operate the Services, including Supabase (authentication and database) and infrastructure that may process data on our behalf. They are permitted to use your information only as instructed by us.
  • Google. When you sign in with Google, Google’s processing is governed by your agreement with Google and Google’s privacy policy.
  • Legal and safety. We may disclose information if required by law, court order, or government request, or if we believe disclosure is necessary to protect rights, safety, or security.
  • Business transfers. If we are involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction, subject to appropriate safeguards.

6. Data retention

We retain personal information for as long as your account is active or as needed to provide the Services, comply with legal obligations, resolve disputes, and enforce our agreements. Retention periods may vary depending on the type of data and applicable law.

7. Security

We implement appropriate technical and organizational measures designed to protect personal information. No method of transmission over the Internet or electronic storage is 100% secure; we cannot guarantee absolute security.

8. Your rights and choices

Depending on where you live, you may have rights to access, correct, delete, or export your personal information; object to or restrict certain processing; withdraw consent where processing is consent-based; and lodge a complaint with a data protection authority. For Google account data, you may also manage permissions in your Google account settings.

To exercise rights related to your BlitzMed account, contact us at blitzmedapp@gmail.com. We may need to verify your identity before fulfilling certain requests.

To request deletion of your account and data, you can use our Remove my data page.

9. Children’s privacy

The Services are not directed at children under the age where parental consent is required in your jurisdiction. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us and we will take appropriate steps.

10. International transfers

We and our service providers may process information in countries other than your own. Where required, we use appropriate safeguards (such as standard contractual clauses) for transfers of personal data from the EEA, UK, or Switzerland.

11. Third-party links

Our website may link to third-party sites or app stores. We are not responsible for their privacy practices. We encourage you to read their privacy policies.

12. Changes to this policy

We may update this Privacy Policy from time to time. We will post the updated version on this page and update the “Last updated” date. If changes are material, we will provide additional notice as required by law.

13. Contact us

For questions about this Privacy Policy or our data practices, contact us at blitzmedapp@gmail.com.