PROTOQUIZ
Home For Agencies Terms MSA DPA
LEGAL // PRIVACY POLICY

Privacy Policy

Effective: 2026-05-20 Version: 1.0 Owner: Teach Me to Live LLC, d/b/a ProtoQuiz
This Privacy Policy describes how Teach Me to Live LLC ("ProtoQuiz", "we", "us") collects, uses, and protects information in connection with the ProtoQuiz B2B platform offered to organizational Customers under a Master Services Agreement or these Terms (including the B2B subdomains of protoquiz.com). The standalone consumer iOS application is covered by a separate consumer privacy policy. This Policy is a disclosure of our practices; the contractual relationship between Customer and ProtoQuiz is governed by the MSA or B2B Terms of Service.
CONTENTS
  1. Information We Collect
  2. How We Use Information
  3. When We Share Information
  4. Subprocessors
  5. Data Retention
  6. Security
  7. Your Rights & Choices
  8. HIPAA & Clinical Data
  9. Children's Privacy
  10. Changes to This Policy
  11. Contact

1. Information We Collect

Account & Authentication Information

When you sign in via Google OAuth, we receive: your email address, display name, profile photo URL, and a unique Google user identifier. We do not receive or store your Google password.

Organization & Role Information

For each user, we store the organization identifier (e.g., highland), assigned role (user, supervisor, training officer, admin, developer), certification level (e.g., EMT, Paramedic), and access status (pending, approved, rejected).

Usage & Performance Data

Quiz attempts, scenario responses, leaderboard scores, flashcard progress, page visits, and time spent in various parts of the Platform. This data is tagged with your organization identifier and user identifier to enable per-org leaderboards and analytics.

Technical Data

Browser type, device type, IP address (recorded transiently for security and abuse prevention; not used for tracking across sites), and crash/error reports. Page-view pings and error reports are sent to our observability backend (api.protoquiz.com) and may include a session identifier, the visited URL, browser user agent, and the organization identifier.

Customer-Uploaded Content

Protocol PDFs, quiz templates, and other content uploaded by an Organization's administrators. We treat this content as the property of the uploading Organization and use it only to provide the Platform to that Organization.

What We Do NOT Collect

2. How We Use Information

We use the information we collect to:

We do not use your data to train external AI models, sell your data to third parties, or display third-party advertising in the Platform.

AI processing of protocol content. The Platform uses third-party large-language-model ("LLM") services — currently Google AI (Gemini) — to generate quiz questions, scenario branches, drug-comparison summaries, and similar study content from Customer-uploaded protocol PDFs. Protocol content is sent to the LLM provider only for the purpose of generating that content, under provider terms that prohibit training the provider's models on Customer Content (Google AI / Vertex AI no-training contract). Generated content is stored under the Customer's Organization. We do not send User personal information (email, name, photo) to the LLM provider as part of content generation.

3. When We Share Information

We share information only as needed to operate the Platform:

We do not sell or rent personal information to third parties.

4. Subprocessors

We rely on the following trusted subprocessors to deliver the Platform:

Google Cloud / Firebase
Authentication (OAuth), database (Firestore), file hosting, and web hosting. Region: United States. Purpose: storing user accounts, quiz attempts, organization data, and Customer Content.
Vercel, Inc.
Backend API hosting (api.protoquiz.com) and billing infrastructure (billing.protoquiz.com). Region: United States. Purpose: serving requests, processing webhooks, and routing observability telemetry.
Cloudflare, Inc.
DNS, email routing for *@protoquiz.com addresses, and edge protection. Region: Global edge network.
Stripe, Inc.
Payment processing, invoicing, and ACH bank-transfer collection. Region: United States. Purpose: handling fees from Organizations. Stripe is PCI-DSS Level 1 certified.
Brevo (Sendinblue)
Transactional email delivery (invoices, password reset, system notifications). Region: European Union with US data residency option.
Discord, Inc.
Internal operational alerts sent via webhook from our backend. Discord receives summarized event data (e.g., "new sign-up at south-metro"); user-identifying information is minimized.
Google AI / Vertex AI (Gemini)
Large-language-model content generation: quiz questions, scenario branches, drug-comparison summaries, and related study content derived from Customer-uploaded protocols. Region: United States. No-training contract: Google does not train its foundation models on Customer Content submitted through these APIs.
Documenso, Inc.
Contract e-signature workflow for Master Services Agreement and Order Form execution. Processes the signing party's name, email address, and applied signature image. Region: United States.

An up-to-date list of subprocessors is maintained at this URL. We will notify Customers of new subprocessors at least thirty (30) days before they begin processing Customer data, except in emergencies where a substitution is necessary to maintain service continuity.

5. Data Retention

We retain user account data and quiz history for as long as the Organization maintains an active subscription. After an Organization's subscription ends, we retain Customer Content for up to ninety (90) days to allow export, after which it may be deleted from production systems.

Aggregated, de-identified analytics may be retained indefinitely. Backup snapshots may persist for up to thirty (30) days after deletion before being purged from backup storage.

You may request earlier deletion by emailing [email protected], subject to our legal obligations to retain certain records (e.g., financial records for tax purposes).

6. Security

We implement administrative, technical, and physical safeguards designed to protect user information, including:

No system is perfectly secure. If you discover a security vulnerability, please email [email protected] and we will respond promptly.

7. Your Rights & Choices

Depending on your jurisdiction, you may have the following rights regarding your personal information:

To exercise these rights, contact [email protected]. We will respond within thirty (30) days. For Users associated with an Organization, requests may need to be coordinated with your Organization's administrator since they control access to the tenant.

8. HIPAA & Clinical Data

ProtoQuiz is NOT a HIPAA-covered service and is NOT designed to store Protected Health Information (PHI). Users and Organizations must not upload patient charts, run sheets, or any patient-identifying clinical data. The Platform is intended solely for training, education, and continuing-education purposes using non-PHI content (such as the agency's published protocols and de-identified case scenarios).

If you believe PHI has been inadvertently uploaded to the Platform, contact [email protected] immediately so we can assist with removal. We may also scan or sample uploaded content for indicators of PHI and may reject, quarantine, or remove such uploads and notify the uploading administrator.

9. Children's Privacy

The Platform is intended for use by licensed or aspiring emergency medical professionals and is not directed to children under 13. We do not knowingly collect personal information from children under 13. If we learn that we have collected such information, we will delete it promptly.

10. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be posted at protoquiz.com/b2b/privacy with an updated effective date and, for active Customers, notice will be sent to the billing contact email at least thirty (30) days before the changes take effect.

11. Contact

Privacy questions, data requests, and security disclosures should be directed to:

Teach Me to Live LLC, d/b/a ProtoQuiz
Attn: Privacy
1500 N Grant St #10764, Denver, CO 80203
Email: [email protected]
Legal: [email protected]