Privacy Policy | Bone Wizardry

Who we are

Bone Wizardry is an independently operated educational service. In this policy, "Bone Wizardry," "the company," "we," "us," and "our" refer to the operator of bonewizardry.com. For privacy questions, contact support@bonewizardry.com.

What we collect

When you create an account

Your email address. We use passwordless sign-in: instead of a password, we email you a one-time sign-in code when you log in, so there is no password for us to store.
Account preferences and settings you choose.

When you subscribe or purchase tutoring

Payment information is collected and processed by our payment processor, not by Bone Wizardry. We never see or store your full card number, security code (CVC), or bank details.
We receive from the payment processor: subscription or purchase status, billing email, the last four digits of your card, and transaction history.

When you use the site

Your progress through study content, including decks, quizzes, and interactive tools, so you can pick up where you left off.
Usage and analytics data: which pages you view, features you use, approximate session activity, and aggregate performance metrics. We use this to understand how the service is used, fix problems, and improve content.
Standard server and edge logs: IP address, browser type, pages visited, and timestamps. These are used for security, fraud prevention, and debugging, and are not used to build advertising profiles.

When you submit reviews or other content

If you submit a review, rating, comment, correction, or topic request, we collect the content you provide and associate it with your account. Reviews you choose to post may be displayed publicly on the site. Do not include sensitive personal or patient information in anything you submit.

When you email us

The contents of your message and your email address, so we can reply.
Corrections and topic requests you submit may be used to improve site content. We do not publish your email address.

How we use what we collect

To run your account and deliver the service you signed up for, including subscriptions and tutoring.
To send you one-time sign-in codes and account notices.
To process payments through our payment processor.
To save your study progress so the site remembers where you left off.
To analyze usage so we can improve content, features, and reliability.
To display reviews and other content you choose to submit.
To respond when you email us.
To detect abuse, prevent fraud, debug errors, and keep the site running.
To comply with legal obligations when required.

We do not sell your personal data

We do not sell, rent, or trade your personal information to data brokers, advertisers, or anyone else for money or other valuable consideration.
We do not share your personal information for cross-context behavioral advertising.
We do not use advertising trackers or cross-site tracking pixels.

Service providers we share data with

We share data only with the service providers needed to run the site. These providers process data on our behalf under their own privacy terms and are not permitted to use it for their own marketing:

Payment processing: a third-party payment processor handles subscriptions, tutoring purchases, fraud prevention, and billing. Card details are entered with and stored by that processor, not by Bone Wizardry.
Hosting and edge delivery: our hosting and content-delivery provider runs the infrastructure that serves the site to you and helps protect it from abuse.
Email delivery: our transactional email provider delivers sign-in codes, receipts, account notices, and support replies.

We may also disclose information if required by law, subpoena, or court order, or to protect the rights, property, or safety of the company, our users, or others.

Tutoring

Tutoring sessions are delivered by independent physician contractors engaged by the company. To schedule and run a session, the company may share the limited information needed to coordinate it, such as your name, email, and the topics you want to cover. Tutors are required to keep this information confidential and to use it only to provide the session you booked. Tutoring is educational only and does not create any clinical or treatment relationship.

Third-party links and image sources

Some lessons include image credits, source manifests, citations, or links to third-party sites such as Creative Commons or Wikimedia Commons, public chemistry or government databases, journals, or other educational sources. In-page images may be served by Bone Wizardry from local copies, so viewing a lesson does not necessarily contact the original image host. If you click an external source, credit, license, or citation link, you leave Bone Wizardry and the destination site's privacy practices apply.

We do not control third-party websites and are not responsible for their privacy practices, content, or security. We do not send your Bone Wizardry sign-in codes or payment information to image source sites.

Email updates

We may offer optional email updates about new content and site changes. These are always opt-in. We will never add you to a marketing list without your explicit consent, and every update email includes a one-click unsubscribe link. If you unsubscribe, we remove your address from the marketing list within 48 hours and will not email you again unless you re-subscribe. Transactional emails (sign-in codes, receipts, and account notices) are separate and not affected by your marketing preferences.

Cookies and session storage

We use only the cookies and similar storage necessary to keep you signed in and to make the site work, plus limited storage used for the usage analytics described above. These are primarily session and authentication cookies. We do not use advertising cookies, and there is no cross-site tracking. We honor the Global Privacy Control (GPC) signal where it applies.

How long we keep your data

Active accounts: as long as your account exists.
After account deletion: we delete your personal data within 30 days of receiving your request, except where retention is required by law (for example, payment and tax records that our payment processor and tax authorities require us to keep, and auto-renewal consent records retained for at least three years where required by law).
Server and edge logs: 90 days.
Support emails: up to 2 years, then deleted.

Your rights

Regardless of where you live, you can:

Request a copy of the personal data we have about you.
Correct inaccurate data.
Delete your account and associated personal data by emailing support@bonewizardry.com with "Account Deletion Request" in the subject line. We will process it within 30 days.
Export your study progress data.

To exercise any of these rights, email support@bonewizardry.com. We will respond within 30 days. We will not discriminate against you for exercising these rights.

California residents (CCPA and CPRA)

If you live in California, you have specific rights under the California Consumer Privacy Act, as amended:

Right to know what personal information we collect and how we use it (see above).
Right to delete personal information.
Right to correct inaccurate personal information.
Right to opt out of the sale or sharing of personal information. We do not sell or share your personal information for advertising, so there is nothing to opt out of, but you have this right under California law.
Right to limit the use of sensitive personal information. We do not use sensitive personal information beyond what is necessary to deliver the service.
Right to non-discrimination for exercising these rights.

To exercise these rights, email support@bonewizardry.com with "California Privacy Request" in the subject line. You may designate an authorized agent to make a request on your behalf.

EU and UK residents (GDPR)

If you live in the EU or UK, the legal bases we rely on are:

Contract performance: to deliver the service you signed up for.
Legitimate interests: site security, analytics, debugging, and fraud prevention.
Consent: for optional marketing emails, which you can withdraw at any time.
Legal obligation: tax records and breach notifications.

You have the rights listed above plus the right to lodge a complaint with your local data protection authority. International transfers of EU and UK data to the United States rely on appropriate safeguards, including Standard Contractual Clauses where required.

Children

Bone Wizardry is intended for adult learners and is not directed to children. The service is not directed to anyone under 16, and we do not knowingly collect personal information from anyone under 16. Our Terms require account holders to be at least 18. If you believe a child under 16 has provided personal information, email us and we will delete it.

Security

We use industry-standard security measures including encrypted connections (HTTPS), passwordless one-time-code sign-in, and access controls. No system is perfectly secure. If we discover a breach affecting your personal data, we will notify affected users without unreasonable delay and in accordance with applicable data breach notification laws.

International transfers

The site is hosted in the United States. If you access it from outside the US, your data is transferred to and processed in the US, which may have different data-protection laws than your country of residence.

Changes to this policy

If we make material changes, we will update the "Last updated" date at the top and notify active subscribers by email. Continued use after changes means you accept the updated policy.

Contact

Questions, requests, or corrections to this policy: support@bonewizardry.com.

Bone Wizardry is an independent educational resource for visual learning in the medical sciences. It is not affiliated with, endorsed by, or sponsored by any licensing or examination board, contains no real or recalled examination questions, and does not guarantee any educational or examination outcome.