Privacy Policy

Last updated: May 8, 2026

1. Who we are

Nucleus is an AI study tool for the American Board of Radiology (ABR), operated by VENDRA LABS Limited Liability Co. (“Nucleus,” “we,” “us”). For questions about this policy, contact edgarcia3712@gmail.com.

2. Who Nucleus is for

Nucleus is for adult medical professionals (medical physicists and radiation oncologists) preparing for ABR certification exams. Account creation requires self-attestation that you are 18 years of age or older.

Children under 13. Nucleus is not directed at children. We do not knowingly collect personal information from anyone under the age of 13. If you believe a child under 13 has created an account or submitted personal information, contact us at the address above and we will delete the account and any associated data without delay.

3. What we collect

  • Account information:name, email, password hash, account type (medical physicist or radiation oncologist), and the ABR exam you’re preparing for.
  • Study activity: the topics you ask about, the practice problems generated, your answers, the AI feedback returned, and the timestamps of each session.
  • Billing information:handled by Stripe. Nucleus stores only your Stripe customer ID and subscription status — never your card number, CVV, or full billing address.
  • Operational logs: IP address (used for rate limiting), browser type, request timestamps, and AI token usage for cost accounting.

4. How we use it

  • To provide the study service: generate sessions calibrated to your selected exam, grade answers, save your library.
  • To bill you accurately and prevent abuse of free trials and top-up packs.
  • To debug errors, monitor service health, and improve the quality of AI explanations.
  • To send transactional email related to your account (verification, billing, security).

We do not sell your data. We do not show advertising. We do not share your study history with third parties for marketing.

5. Sub-processors

Nucleus runs on a small set of trusted infrastructure providers:

  • Supabase (database + authentication)
  • Vercel (web hosting + edge runtime)
  • Stripe (payment processing)
  • Anthropic (Claude AI for study session generation and grading)

Each sub-processor receives only the data needed for its function (e.g. Anthropic receives the topic + problem text; Stripe receives your name and email at checkout).

6. Retention and deletion

We keep your account and study history for as long as your account is active. You can request account deletion at any time by emailing us — we’ll delete your profile, study sessions, and billing records (except records we’re legally required to retain, such as Stripe payment receipts) within 30 days.

7. Security

Passwords are hashed by Supabase Auth (bcrypt). Database access is gated by row-level security policies that restrict users to their own rows. All traffic is HTTPS. Stripe handles all card data under PCI-DSS.

8. Your rights

You can access, correct, export, or delete your data by contacting us. If you’re in the EU/UK, you have GDPR rights including data portability and the right to object to processing. If you’re a California resident, you have CCPA/CPRA rights. To exercise any of these, email us.

9. Changes

When we materially change this policy we’ll update the “Last updated” date at the top and, for significant changes, notify you by email.

Terms of Service →Contact →
Designed byVENDRA LABS