Privacy Policy
Last updated: 2026-06-06 (version v1)
Casus is a study practice tool for PA (and, eventually, medical) students. We're a small cohort pilot at this stage. This page describes what we collect, why, who we share it with, and how to reach us if anything here surprises you.
Not legal advice.This policy is engineering documentation. We're committed to the practices it describes, but we have not had it reviewed by a privacy lawyer. If you have a specific legal concern, please email us and we'll work it out together.
What we collect
- Your email, when you sign in. We use it to authenticate you (via magic-link email) and to keep your study data associated with your account.
- Study session interactions — which vignettes you answer, the option you pick, the order you tackle them, whether you flag or bookmark a question. We use this to build features (history, spaced repetition, collections).
- Source material you upload — your lecture slides, PDFs, notes. We send the contents to OpenAI to generate vignettes for you. We do not share your uploaded material with anyone else.
- Generated vignettes + your answers — kept so you can revisit your history, share specific questions with classmates, or import them into collections.
- Aggregate product analytics (only if you accept the cookie banner) — which routes you visit, which features you use, roughly how long things take. Never the text of vignettes, answers, or your uploaded material. See the allowlist details below.
- Error reports — when something crashes, we capture the stack trace + a release identifier so we can debug. The scrubbing allowlist strips message text and frame source lines before transmission.
Sub-processors
The vendors below help us run Casus. Each is contracted directly by us; you don't need to interact with them. Region columns reflect where the data physically rests.
| Vendor | Purpose | Region |
|---|---|---|
| Vercel | Hosting + edge runtime + CDN | US (iad1) |
| OpenAI | Vignette + explanation generation | US |
| Sentry | Error monitoring + structured logs | US (rux-capital org) |
| PostHog | Product analytics (post-consent only) | US (us-east-1) |
| Resend | Magic-link auth + transactional email | US |
| Upstash Redis | Sessions + collections + ratelimits | US |
| Vercel Blob | Storage for uploaded source material + images | US |
| Telegram Bot API | Operator alerts only (no user-data egress) | Cloud (Telegram-managed) |
We are not currently set up to host data in EU regions. If you're an EU resident and Casus needs to handle your data, please reach out first.
Cookies
The cookies below land on your device when you use Casus. Names are the cookie's technical name; you can inspect them in your browser's developer tools.
| Cookie | Purpose | Lifespan |
|---|---|---|
| next-auth.session-token | Cohort sign-in session (strictly necessary) | Session |
| casus_guest_id | Anonymous receiver — saves collections you create from a share link before you sign in | 1 year |
| ph_<token>_posthog | Product analytics anonymous distinct ID (only set if you accept the banner) | 1 year |
| casus_consent | Your cookie-banner decision so we don't re-ask | 1 year |
Retention
- Account + study data — kept while your account exists. Email us to delete.
- Uploaded source material — kept while you have it referenced by a collection or generated question. Delete the referencing object to delete the upload.
- Product analytics events (PostHog) — PostHog free tier retains events for up to 1 year. We can delete your events on request.
- Error events (Sentry) — Sentry Developer plan retains events for 30 days.
- Vercel logs — Vercel retains deploy + runtime logs for the configured retention window (typically 30 days at our plan tier).
Your rights
Wherever you are in the world, you can ask us to:
- Tell you what data we have about you (access).
- Correct anything that's wrong (correction).
- Delete your account and associated data (erasure).
- Export your data in a machine-readable format (portability).
- Stop processing for a specific purpose (objection).
- Withdraw your cookie consent at any time by clearing the banner cookie or contacting us.
To exercise any of these, email hello@casus.fyi. We'll respond within a week, usually faster.
Allowlist + scrubbing details (technical)
Both Sentry (error monitoring) and PostHog (product analytics) ship with a default-deny allowlist. Only stable identifiers, categorical labels, and quantitative metrics survive the scrubbing layer. Vignette stem text, option text, explanation text, uploaded markdown, and raw LLM prompts are never transmitted. URL paths that contain share-link IDs are stripped and replaced with a high-level route name.
The allowlist contract lives in code at config/sentry.ts and lib/analytics/scrub.ts. A round-trip integration test runs on every build to catch regressions.
Changes to this policy
When we update this page, we bump the version (currently v1) and the cookie banner re-shows so you can review and re-decide. We'll also email the cohort with a heads-up before any change that materially expands what we collect.
Contact
Operator: hello@casus.fyi.