The Residency Consult ("we," "us," "our") operates the website at theresidencyconsult.com. This Privacy Policy explains what information we collect, how we use it, and your choices.
1. What We Collect
Account information
When you create an account, we collect your email address and a hashed password. We use this to authenticate you and associate you with your reviews. We do not collect your name, phone number, or mailing address.
Reviews and ratings
When you submit a review, we collect the content you provide: your overall rating, whether you would recommend the program, your reviewer category (e.g., resident, attending, interviewee), optional demographic information (gender, training status, PGY level or graduation year), and your free-text review. Reviews are displayed publicly but are not associated with your email or identity.
Analytics data
We use Plausible Analytics, a privacy-respecting analytics service that does not use cookies and does not collect personal data. Plausible collects aggregate, anonymous usage data including page views, referrer sources (including AI-based referrers), browser type, and country. This data cannot be used to identify individual users.
Server logs
Our hosting provider (Vercel) may collect standard server logs including IP addresses, request timestamps, and URLs accessed. These logs are used for operational purposes and are subject to Vercel's privacy policy.
2. How We Use Your Data
- Authentication and account management. Your email and password are used to sign you in, verify your identity, and associate you with your reviews.
- Review display. Your review content (rating, recommendation, category, and text) is displayed publicly on program profile pages after moderation. Your email is never shown.
- Moderation. Review text is sent to the Anthropic API (Claude) for automated moderation to detect policy violations, spam, and inappropriate content. See Section 4 below for details.
- Aggregate statistics. We compute aggregate ratings, recommendation percentages, and review counts per program. These are derived from individual reviews but do not identify individual reviewers.
- Service improvement. We use anonymous analytics data to understand how people use the site and to prioritize features.
3. Data Storage and Infrastructure
We use the following third-party services to operate the site:
- Supabaseprovides our database (PostgreSQL) and authentication system. Your account information and review data are stored in Supabase's infrastructure. Supabase encrypts data at rest and in transit. See Supabase's privacy policy.
- Vercel hosts the website and handles server-side rendering. See Vercel's privacy policy.
- Plausible Analytics processes anonymous analytics data in the EU. No personal data is transferred. See Plausible's data policy.
4. Automated Review Moderation (Anthropic API)
When you submit or edit a review, the text of your review is sent to the Anthropic API (Claude) for automated content moderation. This process evaluates the review for policy compliance, spam, personally identifiable information, and inappropriate content.
- Only the review text and reviewer category are sent to Anthropic. Your email address and account information are not shared.
- Anthropic's API does not use customer inputs to train its models, per its privacy policy.
- Automated moderation produces a recommendation (approve, flag, or reject). Flagged reviews are reviewed by a human moderator before a final decision is made.
5. Cookies and Local Storage
We use a minimal number of cookies, strictly for functionality:
- Authentication cookies. Supabase Auth sets secure, HTTP-only cookies to maintain your login session. These are essential for the Service to function and cannot be disabled while logged in.
- No tracking cookies. We do not use any advertising cookies, third-party tracking pixels, or social media trackers. Plausible Analytics operates without cookies entirely.
6. Your Rights
You have the following rights regarding your data:
- Access. You can view your submitted reviews by visiting the program pages where you left them.
- Edit. You can edit your review at any time by returning to the review form for that program. Edited reviews go through moderation again.
- Account deletion. You may request deletion of your account and all associated data by emailing us. We will process your request within 30 days. Upon deletion, your reviews will either be permanently deleted or fully anonymized (disassociated from any account data) at your preference.
- Data export. You may request a copy of all data we hold about you (account information and reviews) by emailing us. We will provide this in a machine-readable format within 30 days.
- Email changes. You can update your email address through your account settings. A verification email will be sent to the new address.
To exercise any of these rights, contact us at hello@theresidencyconsult.com.
7. Data Retention
We retain your account data for as long as your account is active. Reviews remain published for as long as they comply with our Terms of Service. Server logs are retained according to our hosting provider's policies (typically 30 days). If you delete your account, we will remove or anonymize your data within 30 days, except where we are legally required to retain it.
8. Children's Privacy
The Service is not directed at children under 13. We do not knowingly collect personal information from children under 13. If we learn that we have collected data from a child under 13, we will delete that information promptly.
9. Changes to This Policy
We may update this Privacy Policy from time to time. When we make material changes, we will update the effective date at the top of this page. Your continued use of the Service after changes are posted constitutes acceptance of the revised policy.