Privacy Policy

What data BoardSim collects and what we do with it.

Effective May 12, 2026

1. Plain-English summary

BoardSim is built to collect as little personal data as possible. We do not sell your data, we do not run advertising trackers, and we do not share data with marketers. The only personal data tied to you is the access code you used to log in. We log usage events on our backend (Supabase / Netlify / Anthropic) only for the purposes of operating, securing, and improving the Service.

2. What we collect

Access codes (required)

When you use an access code to log in, we record:

  • The code itself (e.g. BETA-RESIDENT)
  • The label associated with the code (e.g. "Dr. Smith")
  • When the code was issued, when it was last used, and how many times it has been used

We do not collect your email, phone number, real name, or any direct identifier unless you give it to us voluntarily (for example, by typing it into the Performance Report download dialog).

Conversation content

Your responses to the AI examiner are sent to Anthropic's Claude API to generate the examiner's next response. We do not store your individual exam transcripts on our servers. Anthropic processes these messages according to their own privacy and data handling policies. See Anthropic's Privacy Policy.

Voice input (if you enable it)

Voice transcription is performed in your browser using the Web Speech API. Your audio does not leave your device. Text-to-speech of the examiner's questions is generated via OpenAI's TTS API; only the text being read is sent to OpenAI. See OpenAI's Privacy Policy.

Cookies

We use one cookie: aba_session, which contains a signed token proving you have entered a valid access code. The cookie is HttpOnly, Secure, SameSite=Lax, and expires after 30 days. We do not use third-party advertising cookies, analytics cookies, or cross-site tracking.

Server logs

Our hosting providers (Netlify, Supabase) automatically record standard server logs — your IP address, request paths, user-agent string, and timestamps — for security, abuse prevention, and operational troubleshooting. These logs are retained according to those providers' default policies and are not used for advertising or sold to third parties.

3. Why we collect it

  • Access codes: to enforce invite-only beta access and to see which cohorts are engaging.
  • Conversation content: to power the AI examiner. We send your messages to the Claude API to generate the next examiner turn. We do not retain copies on our servers.
  • Server logs: to keep the Service running, prevent abuse, and debug issues.

4. Who we share it with

We share data only with these service providers, only as needed:

  • Anthropic — to generate AI examiner responses
  • OpenAI — to generate the spoken voice of the examiner (text only; we do not send audio)
  • Netlify — to host the Service
  • Supabase — to store the access-code table and maintain session cookies

We do not sell or rent any data, ever. We do not share data with advertisers, brokers, or marketing networks.

5. Your rights

Because we do not collect direct identifiers, most data we hold cannot be linked to you personally. If you believe we have personal data associated with you and you want it deleted, email contactus@southernaisystems.com and we will delete it within 30 days.

EU/UK residents have additional rights under GDPR, including access, rectification, erasure, restriction, portability, and objection. CA residents have similar rights under CCPA/CPRA. To exercise any of these, contact us at the email above.

6. Children

BoardSim is intended for board-eligible anesthesiology residents and attending physicians. It is not directed to children under 13 and we do not knowingly collect data from children.

7. Security

We use industry-standard practices: HTTPS everywhere, HttpOnly + Secure cookies, signed session tokens (HS256 JWT), and least-privilege database access. No system is perfectly secure; we will notify affected users within 72 hours of confirming any material breach.

8. Changes to this policy

We may update this Privacy Policy. Material changes will be announced on this page with a new effective date.

9. Contact

Privacy questions or data requests: email us at contactus@southernaisystems.com.