These documents govern your use of MilestonesIQ. They are initial drafts prepared for review by qualified legal counsel. For questions, contact [email protected].
Effective April 19, 2026 · Last updated April 19, 2026
MilestonesIQ is committed to protecting the privacy of all users of our platform, with particular care for the educational records of GME trainees. This Privacy Policy explains what information we collect, how we use it, with whom we share it, and what rights you have.
Account and Identity Information includes names, institutional email addresses, professional roles, PGY level, specialty, and program affiliation.
Trainee Performance Data includes milestone scores across ACGME competency domains, EPA observation records, rotation evaluation data, ITE scores, procedure logs, research milestone progress, and self-reflection entries.
Learning Plan and Support Data includes ILP goals and progress, PIP records and SMART goals, and digital acknowledgment records.
Automatically Collected Information includes IP address, browser type, pages visited, and session identifiers — used for security and performance monitoring only.
What We Do Not Collect: MilestonesIQ does not collect patient health information (PHI), Social Security numbers, financial account information, or biometric data.
We use collected information to operate the Platform, generate AI-assisted summaries, compute milestone trajectory scores, send in-app notifications and meeting reminders, maintain security and audit logs, and produce de-identified aggregate research data. We do not send marketing communications without your consent.
MilestonesIQ acts as a "school official" with a "legitimate educational interest" as permitted under 34 C.F.R. § 99.31(a)(1). We process education records solely to provide services to the Program. Trainees have the right to inspect their records, request corrections, and consent to disclosures. These rights are administered by the Program and the institution.
We do not sell, rent, or trade personal information or trainee data. We share data only with: (a) service providers under data processing agreements, (b) our AI model provider (Anthropic) under a data processing agreement that prohibits model training on customer data, (c) legal authorities when required by law, and (d) successors in a business transfer with appropriate notice.
Trainee performance data is retained for the duration of the Program's subscription and for seven (7) years thereafter, unless a shorter period is required by law or requested by the Program. Audit logs are retained for seven (7) years.
We implement encrypted data transmission (TLS), encrypted data storage, role-based access controls, session timeout enforcement, and immutable audit logging. In the event of a data breach, we will notify affected Programs and regulatory authorities as required by applicable law.
Depending on your jurisdiction and role, you may have rights to access, correct, delete, or port your personal information. Trainees may contest AI outputs through their Program Director. To exercise your rights, contact [email protected] or your Program Director.
For users in the European Economic Area or United Kingdom, we process personal data on the legal bases of contractual necessity, legitimate interests, and legal compliance. You may have additional rights under GDPR or UK GDPR.
We will provide at least thirty (30) days' notice of material changes via email or in-Platform notification.
Privacy Office: [email protected] | General: [email protected]
This Privacy Policy is an initial draft prepared for review by qualified legal counsel. It is not a substitute for advice from a licensed attorney.