Privacy Policy
Last updated 17 June 2026
This policy explains what personal data Nilelor collects, why, and what rights you have over it. We have tried to keep it plain and honest.
1. Who we are
Nilelor (“Nilelor”, “we”, “us”, “our”) is an independent educational platform that helps doctors prepare for postgraduate medical examinations. It is operated from Ghana by its founder. Nilelor is not yet incorporated as a company — a formal legal entity is being established, and this policy will be updated to name it once registration is complete. For any question about this policy or your data, contact us at hello@nilelor.com.
2. What data we collect
Account and profile data: your email address; your first, last, other and preferred names; your training level and specialty; the exams you are preparing for and your target exam date; your phone and WhatsApp numbers; and whether you have used a question bank before.
Usage data: the study sessions you run, the questions you attempt and the answers you give, your confidence ratings, how long you spend on questions and explanations, questions you flag to revisit, recap attempts, issue reports you submit, and any feedback you send us.
Technical data: your IP address, browser and device type, and the pages you visit, collected automatically when you use Nilelor.
We do not collect your date of birth or home address. Nilelor is an exam-preparation tool — please never enter real, patient-identifying information into it.
3. How we collect it
Directly from you, when you sign up, complete your profile, and use the app. Automatically, through analytics and error-monitoring tools as you use the service. And from third parties — if you sign in with Google, Google provides your email address and name.
4. Our lawful basis
We process your account and usage data to provide the service you signed up for (performance of a contract). We process technical data to keep Nilelor secure and to improve it (our legitimate interests). Non-essential analytics are processed on the basis of your consent, which you can withdraw at any time.
5. What we use it for
- Operating your account and running the study experience.
- Personalising your dashboard, coverage map, and progress tracking.
- Improving question quality and the product itself.
- Communicating with you about your account, and — only if you opt in — about product updates.
- Detecting and preventing fraud and abuse.
6. Who we share it with
We use a small set of trusted service providers who process data on our behalf, under contract:
- Supabase — database, authentication, and storage
- Vercel — application hosting
- Cloudflare — DNS and network security
- Sentry — error monitoring
- PostHog — product analytics
- Resend — transactional email
- Anthropic and OpenAI — used to generate study content; they do not receive your personal data
Automated-abuse protection on our public forms is currently provided by rate limiting only — we do not run a client-side captcha or bot-detection widget on any user-facing form.
We do not sell your personal data, and we never will.
7. Where your data is stored
Your account and study data are stored with Supabase in London, United Kingdom. Some service providers process limited data in the European Union and the United States. Where data is transferred across borders, we rely on the standard contractual safeguards offered by those providers.
8. How long we keep it
While your account is active, we keep your data so the service works for you. If your account stays inactive for 24 months, we may delete it. When you delete your account, your personal data is removed and your study records are anonymised so they no longer identify you; residual copies in encrypted backups age out within our backup retention window.
9. Your rights
You have the right to access the data we hold about you, correct it, delete it, object to certain processing, and request a copy. You can edit your profile in the app, and delete your account at any time from Settings. You also have the right to complain to your data protection regulator — the Data Protection Commission in Ghana, or the Nigeria Data Protection Commission in Nigeria. To exercise any right, email hello@nilelor.com and we will respond within 30 days.
10. Cookies and tracking
Nilelor uses strictly necessary cookies to keep you signed in. The app cannot function without them, so they are always on.
We also use analytics and error-monitoring tools (PostHog and Sentry) that record how Nilelor is used — which features are opened, where people get stuck, and what errors occur. This exists only so we can find problems and improve the product. We do not use it for advertising, and we never sell it.
Nilelor is currently in an invited preview; how usage data is collected during the preview is explained to you when you are invited. A full cookie-consent control — including the ability to opt out of non-essential analytics — will be in place before Nilelor opens to the public.
11. Security
We protect your data with encryption in transit, access controls, row-level security on our database, and continuous monitoring. No system is perfectly secure, but we take measures appropriate to the sensitivity of the data we hold.
12. Children
Nilelor is intended for qualified doctors and medical students aged 18 and over. It is not directed at children, and we do not knowingly collect data from anyone under 18.
13. Changes to this policy
We may update this policy as Nilelor evolves. When we make a material change we will update the date above and, where appropriate, notify you in the app or by email.
14. Contact
Questions about this policy or your data: hello@nilelor.com.
This policy was drafted for Nilelor’s free preview release. It will be reviewed by a qualified lawyer before any paid service is launched.