PRIVACY POLICY

1. Introduction

This Privacy Policy explains how ExamSync collects, uses, and protects information when institutions use the Service.

2. Data Controller

The educational institution using the Service is typically the data controller for any personal data entered.

ExamSync acts as a data processor where applicable.

Contact:
info@examsync.net

3. Information Collected

Account Information

• Institution name
  
• Administrator email address
  
• Country
  
• Authentication data (handled securely by Firebase)
  

Operational Data

• Exam session information
  
• Access codes and identifiers
  
• Timing data
  
• Configuration settings
  
• Announcements entered by administrators
  
• Device/session identifiers
  

Technical Data

Automatically collected:

• IP address
  
• Browser and device type
  
• Log data for security and diagnostics
  

Student Data

The Service is designed to operate without student personal data.

If institutions choose to enter such data, they are responsible for lawful processing.

4. Use of Data

Data is used solely to:

• Provide and operate the Service
  
• Authenticate users
  
• Synchronize exam sessions
  
• Maintain security
  
• Provide support
  
• Improve reliability
  

Personal data is not sold.

5. Legal Basis (Where Applicable)

Processing may be based on:

• Performance of a contract
  
• Legitimate interests
  
• Legal obligations
  
• Consent where required
  

6. Data Sharing

Data may be processed by trusted service providers necessary to operate the platform, such as:

• Cloud hosting providers
  
• Authentication services
  
• Database services
  
• Security and monitoring services
  

These providers act under contractual safeguards.

7. International Transfers

Data may be processed in countries outside your own. Appropriate safeguards are applied where required.

8. Data Retention

Data is retained only as long as necessary to provide the Service and meet legal obligations.

Institutions may request deletion of their data.

9. Security

We implement appropriate technical measures, including:

• Encrypted connections (HTTPS/TLS)
  
• Secure authentication
  
• Access controls
  
• Database security rules
  

No system can be guaranteed completely secure.

10. User Rights

Depending on applicable law, users may have rights to:

• Access their data
  
• Correct inaccuracies
  
• Request deletion
  
• Restrict processing
  
• Object to processing
  
• Lodge complaints with authorities
  

Requests should be sent to the contact below.

11. Cookies and Tracking

The Service uses only essential technologies required for functionality and authentication. No advertising tracking is used.

12. Children’s Data

The Service is intended for institutional use, not direct use by children.

13. Changes to Policy

We may update this Policy periodically. Continued use constitutes acceptance of updates.