A clear notice about how ExamCrow collects, uses, shares, and protects personal data

Data you provide directly

• Account and profile details such as name, email address, phone number, password or login credentials, profile information, and education or study interests.
• Content you submit, upload, or create, including assignments, notes, answers, study inputs, feedback, survey responses, support messages, and any material you provide through forms or communications.
• Purchase, billing, invoice, refund, or subscription information that you provide when you buy a paid product or service.
• Identity or verification information if a feature, legal obligation, anti-fraud review, or support workflow specifically requires it.

Learning, usage, and device data

• Course enrollments, learning progress, test and practice results, saved content, streaks, preferences, and activity within the service.
• Device, browser, app, and log data such as IP address, approximate location inferred from IP, device identifiers, operating system, browser type, pages or features used, timestamps, crash data, and diagnostic information.
• Cookie IDs, local storage data, and similar identifiers used for authentication, security, preferences, analytics, and feature measurement, subject to applicable consent rules.

Data from third parties

• Authentication information from single sign-on or social login providers if you choose to use those options.
• Limited payment and transaction status information from payment processors when you make a purchase; payment card details are generally collected and handled by the processor, not stored in full by us.
• Data from institutions, employers, sponsors, resellers, or partners where they provision access for you or connect your use of the service to a program, license, or sponsored seat.
• Security and fraud signals from service providers that help us protect the service and users.

Sensitive or third-party data

• We do not ask you to send special-category / sensitive personal data unless it is clearly necessary for a specific feature, a legal obligation, or a fraud-prevention / security purpose and we have an appropriate lawful basis.
• If you upload or submit content that contains personal data about another person, you must have the legal right and any required consents or notices needed to share that data with us and to allow us to process it for the relevant service purpose.

Core service operations

• To create and manage your account, authenticate you, and provide the website, dashboard, courses, practice features, learning paths, subscriptions, and related functionality.
• To process purchases, invoices, refunds, renewals, tax records, and related customer support.
• To personalize your experience, such as surfacing relevant content, saving preferences, or remembering settings.
• To communicate service notices, account messages, security alerts, transactional updates, and responses to your requests.

Improvement, analytics, and protection

• To troubleshoot, monitor performance, detect bugs, moderate misuse, enforce our Terms, and protect the service, our business, and our users from fraud, abuse, spam, and security threats.
• To understand how the service is used, improve features, measure effectiveness, and develop new offerings.
• To create aggregated or de-identified analytics and reports, where permitted by law, provided such outputs do not reasonably identify you.

Marketing, compliance, and legal obligations

• To send product updates, newsletters, events, promotional communications, or offers where allowed by law and subject to your choices and opt-out rights.
• To comply with applicable laws, tax and accounting requirements, lawful requests from authorities, court orders, and valid dispute, audit, or investigation requirements.
• To establish, exercise, or defend legal claims and to protect rights, safety, and property.

Legal bases we may rely on

• Performance of a contract — for providing the service you requested, including account access, purchases, learning features, and customer support.
• Consent — where we ask for it, including certain optional features, non-essential cookies where required, or specific communications.
• Legitimate interests — such as securing and improving the service, preventing fraud, understanding usage, and operating our business, balanced against your rights.
• Legal obligation / compliance — where we must process data to comply with law, regulation, or lawful requests.

We may use automated tools to recommend content, detect fraud or abuse, or moderate submissions. Unless expressly stated otherwise, these tools are not intended to make decisions that have legal or similarly significant effects on you without human review.

Service providers and operational partners

• Hosting, infrastructure, cloud storage, content delivery, security, logging, and backup providers.
• Authentication / identity providers, payment processors, invoicing providers, fraud-prevention vendors, email / messaging providers, analytics providers, customer-support tools, and content-moderation providers.
• Professional advisers such as lawyers, auditors, accountants, insurers, and compliance providers, where reasonably necessary and subject to appropriate confidentiality obligations.

Partners, institutions, sponsors, and program administrators

• If your access is provided, sponsored, reimbursed, or managed by a school, institution, employer, reseller, partner, or sponsor, we may share enrollment, usage, progress, billing, or account status data as necessary for that relationship and the relevant program.
• If you enroll in an offering operated with or by a partner, institution, or third party, that party may receive personal data relevant to delivering the offering, administering access, or tracking participation under its own legal terms.

Legal, safety, corporate, and public disclosures

• We may disclose data if reasonably necessary to comply with applicable law, court orders, legal process, or lawful requests from public authorities, or to protect rights, safety, property, and the integrity of the service.
• We may disclose data in connection with an actual or proposed financing, merger, acquisition, restructuring, sale of assets, insolvency, or other corporate transaction, subject to appropriate safeguards.
• If you choose to post or share content in public or shared areas (for example community, reviews, public profiles, comments, or collaborative spaces if offered), that information may be visible to others and may be copied, indexed, or further shared by third parties.

Important note on ad-tech and “sale / sharing” concepts

Privacy laws in some jurisdictions use broad definitions of “sale”, “sharing”, or “targeted advertising”. We will provide any notices, controls, or opt-out mechanisms that are required for our actual practices under the law that applies to you. You should not assume a particular legal classification applies in every jurisdiction based solely on labels used in other laws.

General rights and controls

• Access, review, and update certain account information through your account settings where available.
• Request access to, correction of, or deletion of your personal data, subject to lawful exceptions.
• Request portability of certain data where required by applicable law and technically feasible.
• Withdraw consent at any time where processing depends on consent. Withdrawal does not affect processing already lawfully carried out before withdrawal.
• Unsubscribe from marketing emails using the unsubscribe link or by contacting us.
• Control cookies and similar technologies using your browser settings or our cookie controls, where available.

Additional rights that may apply by jurisdiction

• If you are in the EEA, UK, or Switzerland, you may also have rights to restriction, objection, and complaint to your supervisory authority, subject to applicable conditions and exemptions.
• If you are in India, you may have rights under applicable law to access information about your personal data, request correction / erasure, withdraw consent, and seek grievance redressal, subject to the relevant statutory commencement, rules, and exceptions.
• If you are in California or another U.S. state with applicable privacy rights, you may have rights to know, access, correct, delete, and—where applicable—opt out of certain disclosures or uses, subject to thresholds, verification, and exceptions under the law.

How to make a request