Skip to main content

Privacy Policy

Last updated: June 15, 2026

1. Information We Collect

When you create an account, we collect your email address, school, year, and role (student or resident). For residents, we also collect your NPI number to verify your identity. Resident Insider itself does not store your full legal name, phone number, or physical address.

Residents additionally complete identity verification through Stripe Identity, which involves submitting a government-issued photo ID directly to Stripe. Resident Insider never receives or stores the ID document or the legal name on it — only a pass-or-fail verification result. Residents also connect a bank account through Stripe Connect to receive payouts; those banking details are held by Stripe, not by us.

Externship Ratings. When a verified DPM student submits an externship rating, we store the structured letter grades, a 'would rank' response, and the externship's academic year. Your identity is linked to a rating only to enforce one rating per program, let you edit or withdraw it, and prevent abuse — it is never shown to other users. Ratings are surfaced to other students only as anonymized, pooled aggregates (averages and counts) per program; individual ratings and submission dates are never publicly displayed.

Find Your Fellowship. When a verified DPM resident saves a fellowship to their shortlist in Find Your Fellowship, we store the saved program references linked to your account so the list persists across sessions. The list is visible only to you, you can remove saved programs at any time, and it is deleted when you delete your account.

2. How We Use Your Information

Your information is used to:

  • Verify your identity as a student or resident
  • Match you with the correct programs and degree track
  • Process payments and payouts
  • Communicate important account updates
  • If you opt in, send you the Resident Insider Weekly newsletter (one-click unsubscribe in every issue)

For the newsletter specifically, we store your email address, the source you signed up from (e.g., the homepage signup card or platform signup), your opt-in / unsubscribe state, and bounce / spam-complaint metrics needed for deliverability hygiene. This data lives in a separate table from your account profile — newsletter unsubscribes and bounces never affect your account, payout, or verification emails.

3. Anonymity

Resident Insider is built on anonymity. Students never see a resident's name, email, or NPI number. Residents never see a student's name, email, school, or year. This anonymity is enforced at the database level via row-level security policies and cannot be bypassed by client requests.

Public listings of residents (e.g. the public program directory) are served from a restricted database view that exposes only the program a resident belongs to and, optionally, their PGY year if they choose to display it. Email, NPI, school, bio, and other identifying fields are never exposed publicly.

4. NPI Verification

We verify resident NPI numbers against the publicly available NPPES registry maintained by the U.S. Department of Health & Human Services. We store your NPI number securely but never display it to other users.

5. Payment Information

Payments, resident payouts, and identity verification are all handled through Stripe — Stripe Payments for card processing, Stripe Connect for resident payouts, and Stripe Identity for government-ID verification. We never store your full card number, CVV, bank account details, or government ID on our servers; Stripe handles payment security in compliance with PCI-DSS standards.

Question content is never sent to Stripe as part of payment metadata. The text of your question is held in our own database during the checkout round-trip and is not visible in the Stripe dashboard.

6. Data Storage & Security

Your data is stored securely using Supabase with row-level security policies. All data is encrypted in transit via HTTPS. Access to personal information is strictly limited and role-based.

7. Third-Party Services

We use the following third-party services:

  • Supabase — Authentication and database
  • Stripe — Payment processing, resident payouts, and identity verification
  • Resend — Transactional and newsletter email delivery
  • Vercel — Hosting, infrastructure, and privacy-friendly usage analytics
  • NPPES Registry — NPI verification

8. Data Retention

Your account data is retained as long as your account is active. If you delete your account, your identifying information — your name-linked profile, email, and verification data — is permanently erased. Past question-and-answer content and any ratings you submitted are retained with your identity severed: the text of the exchange stays so the other party keeps the Q&A they paid for or the ratings they earned, but it is no longer linked to you. We also keep an anonymized deletion record (role, degree, and school, with no identifying information) for analytics.

9. Your Rights

You may request to view, update, or delete your personal data at any time by contacting us at support@myresidentinsider.com. We will respond within 30 days.

10. The Lounge

The Lounge is a private discussion space for verified MD/DO and DPM residents. Conversations there are visible only to other verified residents — never to students, residency programs, hospitals, or the public. MD/DO and DPM members are kept in separate audience-segregated Lounges — a verified MD/DO resident never sees DPM activity, and vice versa. This access restriction is enforced at the database level and cannot be bypassed by client requests.

Within the Lounge, residents post under an automatically assigned pseudonym. Your real name, email, and program are never attached to your posts.

Resident Insider does not monitor or read Lounge conversations. The only exception is a message a member reports for a House Rules violation, which an administrator then reviews.

11. Contract Decoder

When you upload a contract to the Contract Decoder, the file is read in memory on our server to extract its text and is never written to disk or any storage — we do not keep the file or its contents. Only the resulting plain-English analysis is saved, encrypted at rest (AES-256-GCM) and protected by row-level security so that only you can access it. You can delete any analysis at any time from the tool, every analysis is automatically and permanently deleted 30 days after you run it, and deleting your account deletes your analyses.

12. Cookies & Tracking

Resident Insider uses a small number of essential cookies and browser storage items: a session cookie to keep you signed in, and a cached copy of your role in your browser’s local storage to speed up page loads. We do not use advertising cookies or cross-site trackers.

For usage analytics we use Vercel Analytics, which collects privacy-friendly, aggregate metrics (such as page views and referrers) without cookies and without personally identifying you.

13. Children’s Privacy

Resident Insider is intended only for users who are at least 18 years old (see our Terms of Service). We do not knowingly collect personal information from anyone under 18. If you believe a minor has provided us with information, contact us and we will delete it.

14. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify users of material changes via email. Continued use of the platform after changes constitutes acceptance.

Contact

Questions about privacy? Email us at support@myresidentinsider.com