Privacy Policy
How ExamStack collects, uses, shares, protects, and retains personal data for public exam-prep users, paid subscribers, and SaaS institute workspaces in India.
We collect only the data needed to run exam preparation, subscriptions, institute workspaces, security, support, and legally required records.
Institutes control the student, parent, teacher, attendance, and classroom records they upload or create inside their workspace.
You can contact us to access, correct, erase, withdraw consent, or raise a privacy grievance.
1. Who We Are
ExamStack operates ExamStack through https://examstack.in. For public students and subscribers, ExamStack generally acts as the Data Fiduciary for account, learning, payment, support, security, and product analytics data. For institute workspaces, the institute generally determines why student, parent, teacher, attendance, exam, and classroom records are processed, and ExamStack provides the hosted platform and related processing services.
- Registered office
- India
- Support
- Support: [email protected]
- Privacy contact
- Privacy and data rights: [email protected]
- Grievance contact
- Consumer grievance officer: [email protected]
2. Data We Collect
- Account data such as name, email address, phone number, password credentials, OAuth identifiers, language, target exams, profile settings, and communication preferences.
- Learning data such as attempted questions, mock-test activity, scores, rankings, bookmarks, notes, revision signals, streaks, AI study requests, and feedback.
- Payment and subscription data such as plan, billing cycle, payment status, Razorpay order/payment/refund identifiers, receipts, GST details provided by you, and support records. We do not store full card, UPI, net-banking, or wallet credentials.
- SaaS institute data such as institute profile, owner/admin/teacher accounts, student records, parent or guardian contact details, batches, attendance, assignments, exams, question banks, public profile settings, reviews, uploaded files, and operational audit logs.
- Device, security, and usage data such as IP address, browser, device identifiers, session data, cookies, approximate location from request metadata, error logs, abuse signals, and service-worker/offline sync events.
- Support data such as messages, attachments, call notes, dispute records, refund reasons, and complaint history.
3. Why We Use Data
- To create and secure accounts, authenticate users, prevent abuse, manage sessions, and protect tenant data.
- To deliver exam preparation features including MCQs, mock tests, notes, current affairs, leaderboards, analytics, AI study help, and revision recommendations.
- To run institute workspaces including teacher access, attendance, assignments, parent views, reports, uploads, public institute profiles, notifications, and operational dashboards.
- To process subscriptions, receipts, refunds, disputes, invoices, taxes, support requests, and account administration.
- To send service, security, payment, attendance, assignment, support, and legally required communications through email, in-app, web push, WhatsApp, SMS, or other configured channels.
- To comply with Indian law, enforce terms, respond to lawful requests, preserve evidence, and resolve disputes.
4. Consent, Choices, and Public Visibility
Where we rely on consent, we aim to make the request specific, clear, and limited to the stated purpose. You can withdraw consent where the feature permits it, but some services may stop working if the data is required for that service.
Students can use available privacy settings to control public ranking visibility. Institutes can configure public profile and review visibility for their own workspace where the product provides those controls.
5. Children and Students
ExamStack is used by students, including minors, for educational preparation. Where a child or minor uses ExamStack directly, parent or lawful guardian involvement may be required. Where an institute adds or manages student data, the institute is responsible for having the required authority, notices, and consents from students, parents, or guardians.
For institute use, attendance, progress, assignment, parent-notification, and safety workflows are restricted to educational, administrative, security, and legitimate institute purposes.
6. Sharing and Processors
We share data only as needed to provide ExamStack, comply with law, protect the platform, or follow valid institute instructions.
- Institute administrators, teachers, and permitted members can access workspace data according to their role permissions.
- Payment processors such as Razorpay handle checkout, verification, refunds, dispute data, and provider receipts.
- Infrastructure, storage, database, email, WhatsApp/SMS, web-push, analytics, logging, backup, OCR, and AI providers may process data on our behalf under contractual and security controls.
- Government, court, regulator, law-enforcement, tax, or consumer-forum requests may be handled where legally required or permitted.
- Business transfer, merger, financing, or restructuring events may involve data transfer subject to continuity of privacy obligations.
7. AI, OCR, and Uploaded Material
AI and OCR features may process prompts, answers, uploaded papers, images, PDFs, extracted text, metadata, and generated outputs. Do not upload personal data, copyrighted materials, medical records, financial records, or highly sensitive information unless you have authority and the upload is necessary for the educational purpose.
AI-generated content is assistive and must be reviewed by the user or institute before use in official teaching, testing, or publication.
8. Security Safeguards
- Authentication, role-based access, tenant checks, audit logs, rate limits, signed tokens, secure payment verification, and emergency disable controls.
- Encryption or equivalent safeguards where appropriate, access controls for production systems, backup and restore procedures, and monitoring for unauthorized access.
- Operational controls for file uploads, AI usage, payment webhooks, abuse detection, and suspicious attendance activity.
9. Retention and Deletion
We retain personal data for as long as needed for the relevant account, institute workspace, subscription, educational record, support case, security purpose, legal claim, audit trail, tax record, or statutory requirement. Where the specified purpose is complete and retention is not required by law, we erase or anonymize data according to the applicable retention schedule.
Payment, invoice, refund, dispute, audit, security, and processing logs may be retained for legally required periods. Backups are overwritten or deleted according to the configured backup lifecycle.
10. Your Rights and Grievances
Subject to applicable law and account verification, you may request access, correction, completion, updating, erasure, withdrawal of consent, grievance redressal, and nomination where available under Indian data protection law. Institute-managed student records should usually be requested first from the institute because the institute controls the education record.
- Privacy requests
- Privacy and data rights: [email protected]
- Consumer grievances
- Consumer grievance officer: [email protected]
- General support
- Support: [email protected]
11. Data Breach Notice
If we become aware of a personal-data breach that requires notification, we will notify affected users and the Data Protection Board of India in the form and timeline required by applicable law, and will take reasonable steps to reduce risk and prevent recurrence.
12. International Processing
ExamStack may use service providers located in India or other jurisdictions. We will apply contractual, technical, and organizational safeguards and will follow any India-specific transfer restrictions that are notified under applicable law.
13. Changes
We may update this Privacy Policy when the product, law, providers, or business practices change. Material changes will be posted on this page, and where required we will provide additional notice.