PRIVACY POLICY

KIRU+ app / MedSurgery Academy

Important links:

Suscriptions and EULA Policy by KIRU+ Pro: https://www.medsurgery.academy/politica-de-suscripciones-kiru-app

Terms and Conditions of Use KIRU+ Policy: https://www.medsurgery.academy/terminos-y-condiciones-kiru-app

Privacy KIRU+ Policy: https://www.medsurgery.academy/politica-de-privacidad-kiru-app

Last Updated: May 18, 2026

This Privacy Policy explains how MedSurgery Store For Digital Health S.A.S. de C.V. (“MedSurgery,” “KIRU+,” “MedSurgery Academy,” “we,” “us,” or “our”) collects, uses, stores, protects, discloses, and otherwise processes personal information when you access or use our mobile application KIRU+, our website, digital platforms, educational services, subscription features, artificial intelligence-assisted tools, and related services collectively referred to as the “Service.”

By accessing or using KIRU+, MedSurgery Academy, or any related Service, you acknowledge that you have read and understood this Privacy Policy.

If you do not agree with this Privacy Policy, you must not use the Service.

1. Data Controller

The data controller responsible for the processing of your personal information is:

MedSurgery Store For Digital Health S.A.S. de C.V.
Country: Mexico
Website: https://www.medsurgery.academy/kiru
Support email: customer_service@medsurgery.academy
Privacy contact: customer_service@medsurgery.store

For privacy rights requests, account deletion, data access, correction, objection, limitation, portability, or related matters, please contact:

customer_service@medsurgery.academy

2. Scope of This Privacy Policy

This Privacy Policy applies to information collected through:

• The KIRU+ mobile application.

• The MedSurgery Academy website.

• KIRU+ Pro subscription services.

• Account registration and login.

• Educational content and premium features.

• Artificial intelligence-assisted educational tools.

• Voice, text, or interactive learning features.

• Customer support communications.

• External store links or physical product flows.

• Analytics, diagnostics, crash reporting, and security systems.

• Any other digital service operated by MedSurgery.

This Privacy Policy does not apply to websites, applications, platforms, payment processors, or third-party services that are not owned or controlled by us.

3. Nature of the Service

KIRU+ is an educational and professional development platform focused on medical, surgical, and healthcare-related learning.

The Service may include medical education content, academic modules, clinical summaries, study tools, artificial intelligence-assisted learning, subscription-based premium content, profile features, voice interaction tools, external links to physical products, and support services.

KIRU+ does not provide medical diagnosis, individualized medical treatment, emergency medical care, patient-specific clinical decisions, prescription recommendations, or replacement for professional medical judgment.

4. Personal Information We May Collect

Depending on how you use the Service, we may collect the following categories of information.

4.1 Account Information

When you create an account or use authenticated features, we may collect:

• Full name.

• Email address.

• Username or display name.

• Password or authentication credentials, stored securely through authentication providers.

• Profile photo, if provided.

• Professional or academic profile information, if provided.

• Language preferences.

• Subscription status.

• Account creation date.

• Login history and session data.

• Account deletion or data request records.

4.2 Contact and Support Information

When you contact us, we may collect:

• Name.

• Email address.

• Phone number, if provided.

• Organization or institution, if provided.

• Support request details.

• Communications with our support team.

• Attachments or screenshots you voluntarily provide.

4.3 Subscription and Purchase Information

For KIRU+ Pro subscriptions and premium features, we may process:

• Subscription status.

• Product identifier.

• Subscription plan type.

• Renewal status.

• Trial status.

• Expiration date.

• Purchase validation data.

• App Store transaction identifiers.

• RevenueCat customer identifiers.

• Entitlement status.

• Refund or cancellation status.

For iOS subscriptions, payments are processed by Apple. We do not receive your full payment card number from Apple.

4.4 Device and Technical Information

When you use the Service, we may automatically collect:

• Device type.

• Operating system.

• App version.

• Browser type.

• IP address.

• Approximate location derived from IP address.

• Time zone.

• Device identifiers or app instance identifiers.

• Language and region settings.

• Network information.

• Crash logs.

• Performance data.

• Diagnostic logs.

• Security events.

• Date and time of access.

4.5 Usage Information

We may collect information about how you interact with the Service, including:

• Screens or pages viewed.

• Features used.

• Buttons tapped.

• Search terms.

• Content accessed.

• Session duration.

• Subscription flow interactions.

• Paywall interactions.

• App navigation behavior.

• Error events.

• Referral source.

• Website pages viewed.

• Products or links viewed in external store sections.

4.6 Educational and User-Generated Content

Depending on the features you use, you may provide or generate:

• Notes.

• Study progress.

• Saved content.

• Preferences.

• Responses to educational tools.

• Text prompts.

• Voice inputs.

• Audio recordings, if voice features are used.

• AI interaction history.

• Uploaded files or images, if enabled.

• Academic or professional learning records.

You are responsible for ensuring that any information you provide complies with applicable laws, professional duties, institutional rules, and confidentiality obligations.

4.7 Sensitive Information and Health-Related Data

KIRU+ is designed for medical education. However, unless expressly authorized and supported by appropriate safeguards, users must not upload, enter, store, or transmit identifiable patient data through the Service.

If you voluntarily provide information that may be considered sensitive, health-related, professional, academic, or confidential, we will process it only as necessary to provide the Service, comply with legal obligations, protect security, or fulfill the purposes described in this Privacy Policy.

Users must not upload patient-identifiable information unless they have all legally required authorizations, consents, and institutional approvals.

4.8 Cookies and Similar Technologies

When you use our website, we may use cookies, pixels, local storage, and similar technologies to:

• Maintain sessions.

• Remember preferences.

• Analyze website usage.

• Improve performance.

• Prevent fraud or abuse.

• Understand traffic sources.

• Provide security.

You may configure your browser to reject cookies. However, some website features may not function properly if cookies are disabled.

5. Information We Do Not Intentionally Collect

We do not intentionally collect:

• Full credit or debit card numbers through the iOS App.

• Government identification numbers unless legally required for a specific service.

• Biometric identifiers for identification purposes.

• Precise GPS location unless a specific feature requires it and you grant permission.

• Contacts from your address book unless a feature clearly requests permission.

• Patient-identifiable information, unless expressly authorized and legally permitted.

6. Why We Process Your Information

We process personal information for the following purposes:

6.1 To Provide the Service

• Create and manage user accounts.

• Authenticate users.

• Maintain login sessions.

• Provide educational content.

• Enable KIRU+ Pro features.

• Validate subscriptions.

• Restore purchases.

• Manage user preferences.

• Provide app functionality.

• Display legal, privacy, and medical disclaimer content.

6.2 To Process Subscriptions

• Verify purchase status.

• Manage premium access.

• Detect expired or canceled subscriptions.

• Enable subscription restoration.

• Prevent subscription abuse.

• Synchronize subscription status across devices.

6.3 To Operate AI-Assisted Features

• Process user prompts.

• Generate educational responses.

• Provide voice or text-based learning assistance.

• Improve reliability and safety of AI-assisted tools.

• Monitor misuse or unsafe behavior.

• Prevent prohibited use.

AI-assisted features are for educational purposes only and must not be used as a substitute for professional medical judgment.

6.4 To Improve and Secure the Service

• Analyze performance.

• Fix bugs.

• Monitor crashes.

• Improve usability.

• Detect fraud.

• Prevent unauthorized access.

• Protect our systems.

• Maintain service integrity.

• Conduct internal audits.

6.5 To Communicate With You

• Respond to support requests.

• Send account-related messages.

• Notify you of important updates.

• Provide legal notices.

• Communicate changes to policies.

• Respond to privacy rights requests.

6.6 To Comply With Legal Obligations

• Fulfill tax, accounting, consumer protection, platform, privacy, and regulatory obligations.

• Respond to lawful requests by authorities.

• Enforce legal claims.

• Investigate fraud or abuse.

• Comply with App Store, Google Play, payment processor, or third-party service requirements.

6.7 To Protect Rights and Safety

• Protect users.

• Protect MedSurgery.

• Prevent misuse of medical education content.

• Investigate violations of our Terms.

• Protect against security incidents.

• Enforce our legal agreements.

7. Legal Bases for Processing

Depending on your jurisdiction, we may process your personal information based on one or more of the following legal bases:

• Your consent.

• Performance of a contract with you.

• Compliance with legal obligations.

• Legitimate business interests.

• Protection of rights, safety, and security.

• Establishment, exercise, or defense of legal claims.

• Compliance with applicable consumer, privacy, tax, platform, or regulatory obligations.

For users in Mexico, we process personal data in accordance with applicable Mexican privacy laws, including principles of legality, consent, information, quality, purpose, loyalty, proportionality, and responsibility.

For users in the European Economic Area, United Kingdom, or other jurisdictions with similar privacy frameworks, additional rights may apply as described below.

8. How We Share Information

We do not sell your personal information.

We may share personal information only as necessary with the following categories of recipients:

8.1 Service Providers

We may share information with trusted providers that help us operate the Service, including:

• Cloud hosting providers.

• Database and authentication providers.

• Subscription management providers.

• Analytics providers.

• Error monitoring providers.

• Email or communication providers.

• Customer support tools.

• AI infrastructure providers.

• Security and fraud prevention providers.

These providers may process information only as necessary to provide services to us and are expected to protect the information according to applicable laws and contractual obligations.

8.2 Platform and Payment Providers

For iOS subscriptions, Apple processes payments and subscription transactions.

We may receive subscription validation information from Apple, RevenueCat, StoreKit, or related systems, but we do not receive your full payment card details from Apple.

8.3 External Store and Physical Goods Providers

If you access an external store or purchase physical goods through external checkout, the third-party store, payment processor, shipping provider, or ecommerce platform may collect and process information under its own privacy policy.

We are not responsible for third-party privacy practices outside our control.

8.4 Legal and Compliance Disclosures

We may disclose information if required or permitted by law, including to:

• Comply with legal process.

• Respond to lawful government requests.

• Protect our rights.

• Protect user safety.

• Investigate fraud.

• Enforce our Terms.

• Respond to security incidents.

• Comply with platform requirements.

8.5 Business Transfers

If MedSurgery is involved in a merger, acquisition, restructuring, financing, sale of assets, or similar transaction, personal information may be transferred as part of that transaction, subject to appropriate confidentiality and legal safeguards.

9. Third-Party Services

The Service may integrate or interact with third-party services, including but not limited to:

• Apple App Store.

• Apple In-App Purchase.

• RevenueCat.

• Supabase.

• Stripe or external checkout providers.

• AI service providers.

• Analytics providers.

• Error monitoring tools.

• Hosting providers.

• External websites.

Each third-party service may process information according to its own terms and privacy policy.

We encourage users to review the privacy policies of any third-party services they access.

10. International Data Transfers

Your information may be processed in Mexico, the United States, Canada, the European Union, or other countries where we, our service providers, or infrastructure partners operate.

These countries may have data protection laws different from those in your place of residence.

When required by applicable law, we use appropriate safeguards for international transfers, which may include contractual protections, technical safeguards, organizational controls, and reliance on legally recognized transfer mechanisms.

11. Data Retention

We retain personal information only for as long as necessary to fulfill the purposes described in this Privacy Policy, unless a longer retention period is required or permitted by law.

Retention periods may depend on:

• Account status.

• Subscription status.

• Legal obligations.

• Tax and accounting requirements.

• Security needs.

• Dispute resolution.

• Fraud prevention.

• Backup cycles.

• Platform requirements.

• User deletion requests.

When information is no longer required, we will delete, anonymize, or securely restrict it, unless retention is legally necessary.

12. Account Deletion

Users may request deletion of their KIRU+ account through the App, where available, or by contacting:

privacidad@medsurgery.academy

After an account deletion request, we may delete or anonymize personal information associated with the account, subject to legal, tax, security, fraud prevention, compliance, dispute resolution, and legitimate recordkeeping obligations.

Important: deleting your KIRU+ account does not automatically cancel an Apple-managed subscription. You must cancel your subscription through your Apple ID account settings.

13. Your Privacy Rights

Depending on your jurisdiction, you may have the right to:

• Be informed about how your data is processed.

• Access your personal information.

• Correct inaccurate or incomplete information.

• Request deletion of your personal information.

• Object to certain processing.

• Restrict processing.

• Request data portability.

• Withdraw consent, where processing is based on consent.

• Opt out of certain analytics or marketing communications.

• Object to automated decision-making or profiling where legally applicable.

• File a complaint with a competent data protection authority.

To exercise your rights, contact:

privacidad@medsurgery.academy

We may need to verify your identity before fulfilling a request.

14. Mexican Privacy Rights

Users in Mexico may have rights of Access, Rectification, Cancellation, and Opposition (“ARCO Rights”), as well as the right to revoke consent where legally applicable.

To exercise ARCO Rights or revoke consent, please send a request to:

customer_service@medsurgery.academy

Your request should include:

• Full name.

• Email associated with your account.

• Specific right you wish to exercise.

• Clear description of your request.

• Documents or information necessary to verify your identity, where legally required.

We will respond in accordance with applicable Mexican privacy law.

15. European, UK, and Similar Jurisdiction Rights

If you are located in the European Economic Area, the United Kingdom, Switzerland, or another jurisdiction with similar data protection laws, you may have rights under applicable privacy laws, including:

• Right of access.

• Right to rectification.

• Right to erasure.

• Right to restrict processing.

• Right to data portability.

• Right to object.

• Right to withdraw consent.

• Rights related to automated decision-making and profiling.

• Right to lodge a complaint with a supervisory authority.

Where required, we process your information under recognized legal bases such as contractual necessity, legitimate interests, consent, legal obligation, and protection of legal claims.

16. California and Other U.S. Privacy Rights

If you are a resident of California or another U.S. state with applicable privacy laws, you may have rights to know, access, correct, delete, or opt out of certain uses of personal information.

We do not sell personal information as the term “sell” is commonly understood. If applicable law defines “sale” or “sharing” more broadly, we will comply with applicable opt-out requirements.

To exercise applicable rights, contact:

customer_service@medsurgery.academy

17. Children’s Privacy

KIRU+ is not intended for unsupervised use by children.

We do not knowingly collect personal information from children under the age required by applicable law without appropriate consent.

If you believe a child has provided personal information to us without proper authorization, please contact us at:

customer_service@medsurgery.store

If we become aware that we collected personal information from a child in violation of applicable law, we will take appropriate steps to delete it.

18. App Permissions

Depending on features used, KIRU+ may request certain device permissions.

Microphone

The App may request microphone access to enable voice-based educational interactions, dictation, or AI-assisted learning features.

Speech Recognition

The App may use speech recognition features to convert voice input into text for educational interaction.

Notifications

The App may request permission to send notifications, such as reminders, educational alerts, subscription updates, or service-related messages.

Photos or Files

If enabled, the App may request access to photos or files only when you choose to upload or attach content.

We request permissions only when necessary for specific features. You may manage permissions through your device settings.

19. Analytics, Crash Reporting, and Diagnostics

We may use analytics, crash reporting, and diagnostic tools to understand performance, improve reliability, detect errors, and secure the Service.

These tools may collect technical information such as app version, device type, operating system, crash logs, performance metrics, and feature usage.

Where required, analytics or tracking technologies will be used in accordance with applicable consent, platform, and privacy requirements.

20. Tracking and Advertising

KIRU+ does not use your personal information to provide medical diagnosis, sell sensitive health data, or make unauthorized disclosures of health-related data.

If the App ever uses tracking technologies subject to Apple’s App Tracking Transparency or similar requirements, we will request permission where required before tracking you across apps or websites owned by other companies.

We do not knowingly sell sensitive health information.

21. Security

We use reasonable administrative, technical, and physical safeguards designed to protect personal information against unauthorized access, loss, misuse, alteration, disclosure, or destruction.

Security measures may include:

• Secure authentication.

• Encryption in transit.

• Access controls.

• Role-based restrictions.

• Logging and monitoring.

• Secure cloud infrastructure.

• Data minimization.

• Security reviews.

• Incident response processes.

However, no method of transmission over the internet or electronic storage is completely secure. We cannot guarantee absolute security.

22. Data Breach and Security Incidents

If we become aware of a security incident affecting personal information, we will take appropriate steps to investigate, mitigate, and notify affected users or authorities where required by applicable law.

23. User Responsibilities

You are responsible for:

• Keeping your login credentials confidential.

• Using a secure password.

• Not sharing your account.

• Logging out from shared devices.

• Avoiding upload of unauthorized patient data.

• Ensuring that any information you provide is lawful.

• Verifying educational or AI-generated content before relying on it.

• Maintaining compliance with professional and institutional obligations.

24. Medical, Educational, and AI Data Notice

Because KIRU+ operates in a medical education context, users must exercise special caution when entering information into the Service.

You must not input identifiable patient data, confidential medical records, protected health information, or sensitive third-party data unless you have legal authorization and the feature expressly permits such use.

AI-assisted tools may process user-provided prompts or voice inputs to generate educational responses. Such outputs are not medical advice and must not be used as the sole basis for clinical decisions.

25. External Links

The Service may contain links to websites, products, services, stores, articles, or platforms that are not owned or controlled by us.

We are not responsible for the privacy practices, content, security, or availability of external websites or third-party services.

We encourage you to review the privacy policies of every third-party website or service you access.

26. Do Not Track Signals

Some browsers transmit “Do Not Track” signals. Because there is no uniform industry standard for responding to such signals, we may not respond to them unless required by applicable law.

27. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, platform rules, or Service features.

When changes are material, we may notify users through the App, website, email, or other reasonable means.

The “Last Updated” date at the top of this Privacy Policy indicates the latest revision.

Continued use of the Service after the updated Privacy Policy becomes effective means you acknowledge the updated policy.

28. Contact Information

If you have questions, concerns, requests, or complaints regarding this Privacy Policy or the processing of your personal information, contact us at:

© MedSurgery Store For Digital Health S.A.S. de C.V.