Privacy Policy

Last Updated: March 28, 2026

1. Introduction

Socket Study, operated by Socket Study (ABN 71 405 901 933) ("we", "our", "us"), is committed to protecting your privacy. This Privacy Policy explains how we collect, use, and safeguard your personal information in accordance with the Australian Privacy Principles (APPs) under the Privacy Act 1988 (Cth). This policy forms part of our Terms of Service.

2. Information We Collect

Information you provide:

• Name and email address
• Account credentials
• Exam preparation preferences and target exam dates
• Study activity and performance data
• Payment information (see Section 6 for details on how this is handled)

Information collected automatically:

• IP address, browser type, device information, and operating system
• Pages visited, features used, and interactions with the platform
• Referring URLs and access times

3. How We Use Your Information

We use the information we collect to:

• Provide and improve our services
• Personalise your learning experience
• Track your progress and performance
• Send you important updates, notifications, and marketing communications
• Analyze usage patterns to improve the platform
• Respond to your questions and support requests
• Detect and prevent misuse of the platform

Your personal data is not used to train AI models. When AI services process your data (see Section 6), it is for providing the service only.

4. Data Security

We implement appropriate technical and organizational measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction.

5. Data Retention and Account Deactivation

We retain your personal information for as long as your account is active or as needed to provide you services.

If you deactivate your account, any active subscription will be cancelled immediately and your account will be disabled. Your personal information, study responses, exam performance records, and survey responses will be retained to enable account recovery and to support platform analytics and improvement. Payment details are managed by Stripe and are not stored on our servers (see Section 6).

If you wish to have your personal data deleted entirely, you may request this by emailing [email protected]. We will action deletion requests within 30 days, subject to any legal obligations requiring us to retain certain records.

6. Third-Party Services

We use third-party services to operate the platform. These services receive only the information necessary to perform their functions. Our key service providers are:

Payment processing: Stripe processes payments on our behalf. Your payment card details are collected and processed directly by Stripe — we do not store your full card number, expiry date, or CVC on our servers. Stripe's use of your data is governed by their Privacy Policy.

AI services: We use Anthropic (Claude) and Google (Gemini) to generate and improve learning content. These services process content data to provide their functions but do not receive your personal account information.

Analytics and error monitoring: We use PostHog for product analytics and Sentry for error monitoring. These services collect usage data and technical information to help us improve the platform and resolve issues.

Email: We use MailerSend for transactional emails (e.g. password resets, subscription confirmations) and MailerLite for marketing and engagement emails. These services receive your name and email address.

Hosting: The platform is hosted on Heroku (Salesforce), which runs on Amazon Web Services infrastructure.

7. Overseas Disclosure

The third-party services listed in Section 6 are based in the United States. By using Socket, your personal information may be transferred to, stored, and processed in the United States. We take reasonable steps to ensure that overseas recipients handle your information in accordance with the Australian Privacy Principles.

8. Cookies and Tracking

We use cookies and similar technologies for:

• Essential cookies: required for the platform to function (e.g. keeping you logged in).
• Analytics cookies: used by PostHog to understand how the platform is used, so we can improve it.

You can manage cookies through your browser settings. Disabling essential cookies may prevent the platform from functioning correctly.

9. Your Rights

Under the Australian Privacy Principles, you have the right to:

• Access your personal information
• Correct inaccurate information
• Request deletion of your account and data
• Export your data
• Opt out of marketing communications

To exercise any of these rights, email [email protected]. We will respond within 30 days.

If you are not satisfied with how we handle your request, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC).

10. Children's Privacy

Socket is intended for healthcare professionals and is not directed to individuals under 18 years of age. We do not knowingly collect personal information from individuals under 18.

11. Changes to Privacy Policy

We may update this Privacy Policy from time to time. We will give you at least 30 days' notice of material changes via email. Continued use of the service after the notice period constitutes acceptance of the updated Privacy Policy.

12. Governing Law

This Privacy Policy is governed by the laws of the State of Victoria, Australia. Any disputes arising from this policy are subject to the exclusive jurisdiction of the courts of Victoria.

13. Contact

If you have questions about this Privacy Policy, please contact us at:

Email: [email protected]

Socket Study (ABN 71 405 901 933)
Victoria, Australia