Privacy Policy

SMU Training Inc. ("we", "us", "our") operates Sports Medicine Injections (the "Platform"), a continuing medical education resource for licensed healthcare professionals. This Privacy Policy explains what personal information we collect, how we use it, with whom we share it, and the choices you have.

This policy is written to meet our obligations under Canadian privacy law, including the Personal Information Protection and Electronic Documents Act (PIPEDA) and the Alberta Personal Information Protection Act (PIPA).

When you register and request access to the Platform, we collect the following information directly from you:

• Name (first and last)
• Email address
• Password (handled and stored by our authentication provider, Clerk — we do not see or store your password)
• Preferred language (English or French)
• Province of practice
• Medical specialty
• Medical license number
• A copy of your medical license or equivalent proof of professional credentials, uploaded for verification

While you use the Platform, we automatically record information about your activity so the product can function and so we can improve it:

• Watch history — which videos you viewed, how long you watched, and your last playback position (used to resume playback and show your recent activity)
• Saved videos — videos you have added to your library
• AI chat sessions — the messages you exchange with the in-video AI assistant, associated with your account and the related video
• Disclaimer acceptances — a record of which version of the medical disclaimer you accepted and when, for compliance purposes
• Account status history — pending, approved, rejected, or suspended, including the timestamps and the administrator who took the action

Like most web services, our hosting and security providers record technical information when you access the Platform, including IP address, browser type, device information, pages visited, and timestamps. This information is used to operate the service, detect abuse, and diagnose errors.

We use error monitoring (Sentry) to capture application errors. Error reports may include account identifiers and the URL you were viewing, but we do not intentionally include sensitive clinical content in error logs.

Authentication is provided by Clerk (clerk.com). Clerk stores your email address, your hashed password, and session tokens on our behalf. We never see your password in plain text. Clerk's own privacy practices apply to that data in addition to this policy.

If you reset your password, a one-time reset token is stored in our database until it is used or expires (within one hour).

We use your personal information to:

• Verify that you are a licensed healthcare professional and approve or deny access
• Provide the educational content, features, and personalization of the Platform
• Communicate with you about your account, access decisions, and material changes to the service
• Maintain security, prevent abuse, and meet our legal and regulatory obligations
• Understand how the Platform is used so we can improve content and features

We share limited personal information with service providers who help us operate the Platform. These providers are permitted to use your information only to perform services for us. Current providers include:

• Clerk — user authentication and account management
• Neon (PostgreSQL) — primary application database
• Vercel — application hosting and content delivery
• Mux — video hosting and streaming
• Cloudflare R2 — storage for uploaded license documents and other assets
• Resend — transactional email (verification decisions, password resets)
• Anthropic — large-language-model API that powers the in-video AI assistant; chat messages are sent to Anthropic to generate a response
• Sentry — application error monitoring

We retain your account information for as long as your account is active. Administrative records, including approval or rejection decisions and disclaimer acceptances, may be retained for a longer period to meet our compliance and audit obligations.

If you close your account or ask us to delete it, we will delete or de-identify the information associated with it within a reasonable period, except where we are required by law or by a legitimate business purpose (such as audit logs) to retain it.

You can exercise the following rights at any time:

• Access — request a copy of the personal information we hold about you, using the data export option in your account settings
• Correction — update your name, email, language preference, and professional details from your account settings, or contact us to correct information you cannot edit yourself
• Deletion — close your account and request deletion of your personal information, using the account deletion option in your account settings or by contacting us
• Withdrawal of consent — withdraw your consent to our processing of your personal information, which may result in loss of access to the Platform

We protect your information with technical and organizational measures that are appropriate to its sensitivity, including encryption in transit (HTTPS/TLS), encryption at rest by our service providers, access controls, and administrator audit logging. No system is perfectly secure; if you believe your account has been compromised, contact us immediately.

The Platform is intended for licensed healthcare professionals. It is not directed at children, and we do not knowingly collect personal information from anyone under 18.

We may update this policy from time to time. When we make material changes, we will update the "Last updated" date at the top of this page and, where appropriate, notify you through the Platform or by email. Your continued use of the Platform after the effective date constitutes acceptance of the updated policy.

If you have questions about this policy or want to exercise any of your rights, contact us at support@sportsmedinjections.com.

SMU Training Inc., 921 Na’a Drive SW #503, Calgary, AB T3H 6C1, Canada.