This Privacy Policy explains what information Waters Molecular & Surgery LLC (“Waters Molecular,” “we,” “us,” or “our”) collects, how we use it, and the choices you have. It applies to our website at watersmolecularandsurgery.com and all of our applications and services, including Chalk Dust, Medicinal, Doctor’s Note, and Procedure Hunter (collectively, the “Services”).
The short version: we collect the minimum we need to run the Services — your email, account data, usage counts, and subscription status. Payments are handled by Stripe (we never see your full card number). We don’t sell your personal information, we don’t run third-party advertising, and our study and reference tools are not designed to collect patient health information.
Payments are processed by Stripe, Inc. When you subscribe, you provide your payment details directly to Stripe; we receive only limited information (such as confirmation of payment, subscription status, and the last four digits of your card). We never receive or store your full card number. Stripe’s handling of your information is described in Stripe’s Privacy Policy.
We share personal information only in these situations:
We use a small set of infrastructure providers to run the Services:
| Provider | What they do for us | Data involved |
|---|---|---|
| Supabase | Account authentication and user database | Email, hashed password, account metadata |
| Cloudflare | Hosting, content delivery, serverless compute, and databases | Technical/log data, usage meters, entitlement records |
| Stripe | Payment processing and subscription billing | Payment details (collected by Stripe directly), subscription status |
| Resend | Transactional email delivery (confirmations, password resets) | Email address, message content |
Each provider processes data under its own privacy policy and security program, and only as needed to provide its service to us.
We use cookies and browser storage for functionality, not advertising:
We do not use third-party advertising or cross-site tracking cookies. Because these cookies are strictly functional, the Services do not respond differently to browser “Do Not Track” signals — there is no tracking to turn off. Note that clearing your browser storage will erase locally stored study progress.
We take reasonable technical and organizational measures to protect your information: connections to the Services are encrypted in transit (HTTPS/TLS); passwords are hashed by our authentication provider; payment collection is handled by a PCI-DSS-compliant processor (Stripe); and access to production systems is restricted. No method of transmission or storage is 100% secure, so we cannot guarantee absolute security — but we design the Services to hold as little sensitive data as possible in the first place.
You can, at any time:
To exercise any of these, email us at the address in Section 15. We will verify the request came from the account holder and respond within a reasonable time (and within any period required by applicable law). We will not discriminate against you for exercising privacy rights.
The Services are not directed to children under 13, and we do not knowingly collect personal information from children under 13. If you believe a child under 13 has created an account, contact us and we will delete it. Users aged 13–17 may use the Services only with a parent or guardian’s consent, as described in the Terms of Service.
Our products are educational and professional reference tools. They are not designed to collect, store, or process patient health records, and we ask that you do not enter patient-identifiable information into them. We are not a “covered entity” or “business associate” under HIPAA, and the Services are not intended for uses that would make us one. Search queries you run (for example, looking up a drug in Medicinal or a practice topic in Chalk Dust) are processed to return results and for the operational purposes described in Section 2.
We are based in the United States, and our service providers process data primarily in the U.S. (with content delivery at edge locations worldwide). If you use the Services from outside the U.S., you understand that your information will be transferred to and processed in the United States, where privacy laws may differ from those in your jurisdiction.
Some U.S. states (including California, Texas, and others) grant residents specific rights over personal information — such as the right to know, access, correct, delete, and obtain a portable copy, and the right to opt out of “sales” or “sharing” of personal information. We do not sell or share personal information as those terms are defined in those laws, and we do not use sensitive personal information for purposes requiring an opt-out. You may exercise your rights using the contact in Section 15; authorized agents may submit requests on your behalf where permitted. If we deny a request, you may appeal by replying to our decision and we will re-review it.
We may update this Policy as the Services evolve. If we make a material change, we will give notice (by email or in-app) before it takes effect. The “Effective date” above reflects the latest revision. Your continued use of the Services after a change takes effect means the updated Policy applies to you.
Privacy questions, data requests, or concerns:
Waters Molecular & Surgery LLC
Email: [email protected]
Web: watersmolecularandsurgery.com