Privacy Policy

Last updated: November 12, 2024

Examdojo GmbH ("we," "us," or "our") operates the ExamDojo mobile application and website (collectively referred to as the "Service"). We are committed to protecting the privacy and personal data of our users and ensuring compliance with the General Data Protection Regulation (GDPR) and other applicable laws. This Privacy Policy explains how we collect, use, share, and protect your personal data when you use the Service.

By accessing or using the Service, you agree to the collection and use of your personal information in accordance with this Privacy Policy.

1. Data We Collect

We collect several types of personal data to provide and improve the Service, including:

1.1 Personal Data You Provide

  • Account Information: When you register for the Service, we collect your name, email address, password, and other details necessary to create and manage your account.
  • Tutoring Sessions: If you participate in on-demand live tutoring sessions through our Service, we collect audio, video, and any other interaction data from those sessions via the Zoom SDK.
  • Support Requests: When you contact our customer support (via Zendesk), we collect your email address, contact information, and any additional information you provide to resolve your request.

1.2 Automatically Collected Data

  • Usage Data: We collect data on how the Service is accessed and used, such as device information (IP address, device type, operating system), browsing activity, and mobile app activity. This helps us improve the functionality and security of the Service.
  • Analytics Data: We use Rudderstack and Posthog to collect and analyze behavioral data on the website and mobile app, such as user interactions and event tracking.

1.3 Data from Third-Party Services

  • AI Tutoring Data: We use the OpenAI API for AI-powered tutoring. This means that certain user queries and interactions are processed through OpenAI's servers to deliver personalized tutoring responses.
  • Cookies: We use cookies to track user preferences, improve the Service, and analyze website traffic. You have the option to opt in or out of cookies when accessing the website.

2. Purpose of Data Processing

We process personal data for the following purposes:

  • Providing the Service: To facilitate access to our platform, including the question bank, AI tutoring, grading, and live tutoring sessions.
  • Personalized Learning: To deliver personalized tutoring recommendations based on your performance and learning patterns.
  • Improving the Service: To analyze user behavior using Rudderstack and Posthog, optimize platform features, and ensure a better user experience.
  • Communication: To send service-related communications (e.g., updates, system notifications), respond to support requests, and provide customer service.
  • Marketing: With your explicit consent, we may send marketing emails or newsletters. You can opt in or out of marketing communications at any time.

3. Legal Basis for Data Processing

Under the GDPR, we process your personal data based on one or more of the following legal grounds:

  • Consent: Where you have given explicit consent for processing (e.g., for cookies or marketing communications).
  • Contract: Processing is necessary to fulfill a contract with you (e.g., providing access to the Service or tutoring).
  • Legitimate Interests: Processing is necessary for our legitimate interests, such as improving the Service, securing the platform, and performing analytics.
  • Legal Obligation: Where we are required to comply with legal or regulatory obligations.

4. Data Retention

We retain your personal data as long as your account remains active or as necessary to provide the Service. Data retention periods depend on account activity and legal obligations. Once the data is no longer needed for these purposes, it will be securely deleted or anonymized.

5. Sharing of Data

We do not sell or rent your personal data to third parties. We may share your data under the following circumstances:

  • Service Providers: We may share your data with third-party service providers (e.g., Zoom, Rudderstack, OpenAI) who assist in providing the Service. These providers are contractually bound to process your data securely and in compliance with the GDPR.
  • Legal Compliance: We may disclose your personal data to comply with legal obligations, court orders, or regulatory requests.
  • Business Transfers: In the event of a merger, acquisition, or sale of company assets, your personal data may be transferred as part of the transaction.

6. International Data Transfers

We may transfer your personal data outside the European Economic Area (EEA) if our service providers (e.g., OpenAI, Zoom) are located in countries that do not provide an equivalent level of data protection. In such cases, we ensure that appropriate safeguards, such as Standard Contractual Clauses (SCCs), are in place to protect your data.

7. Cookies and Tracking Technologies

We use cookies and similar technologies to collect information about your usage of the website. You have the right to opt in or out of non-essential cookies when you first visit the website. You can also modify your cookie preferences at any time. For more details, please refer to our Cookies Policy.

8. Children's Privacy

We are committed to protecting the privacy of children. Our Service is designed to comply with data protection laws regarding children, particularly for users under the age of 16. We collect and process personal data from minors only with explicit parental consent. If we become aware that we have collected personal data from a child without parental consent, we will take steps to delete such information.

9. Your Rights

Under the GDPR, you have the following rights concerning your personal data:

  • Right of Access: You have the right to request access to your personal data that we hold.
  • Right to Rectification: You can request correction of inaccurate or incomplete personal data.
  • Right to Erasure: You can request the deletion of your data where applicable (e.g., when the data is no longer necessary for the purpose it was collected).
  • Right to Data Portability: You can request a copy of your personal data in a structured, machine-readable format.
  • Right to Object: You have the right to object to the processing of your personal data in certain circumstances (e.g., for marketing purposes).
  • Right to Withdraw Consent: Where we rely on consent for processing, you have the right to withdraw that consent at any time.

You can exercise your rights by contacting our support team via Zendesk or by sending an email to legal@examdojo.com.

10. Data Security

We employ technical and organizational measures to protect your data against unauthorized access, alteration, disclosure, or destruction. This includes encryption, secure servers, and access controls. While we take all reasonable measures to protect your data, no system can guarantee complete security.

11. Changes to This Privacy Policy

We reserve the right to update this Privacy Policy as necessary. If we make material changes to how we handle your personal data, we will notify you through email or within the Service. The "Last Updated" date at the top of this policy will reflect any changes.

12. Contact Us

If you have any questions or concerns about this Privacy Policy or our data practices, you can contact us at:

Examdojo GmbH
Seydelstr. 10, 10117 Berlin
legal@examdojo.com

Consent

By using our Service, you acknowledge that you have read and understood this Privacy Policy and agree to the collection, use, and processing of your personal data as described.