Privacy Policy
Transparent data practices for exams, proctoring, AI-assisted authoring, and coding evaluation.
HTTPS encryption
Disclosed monitoring
Role-based access
Private platform
Information we collect
Account information
When you register or sign in, we collect your name, email address, role (student, educator, or developer), and password hash for email-based accounts. Students may sign in with Google OAuth, in which case we receive your Google profile name and email.
Exam & session data
During exams we store answers (MCQ selections, descriptive text, and code submissions), timestamps, session status, autosave checkpoints, and grading results. Educators can view responses for exams they manage.
Monitoring & integrity logs
When proctoring is enabled, we log session events such as tab switches, window blur/focus, fullscreen exit, inactivity, and violation scores. These logs support fair assessment and educator review — not general browsing surveillance.
Device & technical data
We collect browser type, device capabilities, and connection metadata needed to run exams, request camera/microphone permissions, and execute code in a sandbox. We do not access unrelated files on your device.
Camera, microphone & proctoring
Permission-based access
Before some exams, students may be asked to allow camera and/or microphone access in the browser. This verifies that proctoring hardware is available and may show a local preview during the session.
Deterrent preview (not recording)
SafeExam's deterrent camera shows a live preview in the student's browser to encourage compliance. By default this stream is not uploaded or permanently recorded unless your institution configures additional recording as part of a custom deployment.
What we do not do
We do not monitor personal files, unrelated applications, or browsing outside the exam session. Monitoring is limited to the exam window and events explicitly logged to your session.
AI question generation (educators)
Question Intelligence Engine (QIE)
Educators may use AI-assisted tools to generate MCQ and coding questions. Prompts (subject, difficulty, counts) are sent to configured third-party AI providers (e.g. via OpenRouter). Generated content is stored in our database for review before publishing.
Educator review required
AI-generated questions are drafts. Educators must review, edit, and approve content before it is used in live exams. Do not publish exam content that your institution has not verified.
Optional explanations
MCQ explanations may be generated on demand in a separate step. This reduces bulk token usage and keeps educator control over final wording.
How we use data
Delivering exams
Data is used to authenticate users, run timed sessions, autosave answers, grade submissions (including sandboxed code execution), and produce results for educators.
Academic integrity
Monitoring logs help educators detect suspicious behavior and maintain fair assessments. Institutions decide how to act on flagged sessions.
Product improvement
Aggregated, non-exam usage metrics may help us improve reliability and UX. We do not sell personal exam content to advertisers.
Coding submissions & execution
Sandboxed judging
Student code is transmitted to our backend and run in an isolated execution environment (e.g. Judge0) against test cases. Source code is retained with the exam attempt for grading and educator review.
Retention
Coding submissions follow the same retention rules as other exam responses, subject to your institution's policies.
Security
Encryption & access
Traffic is encrypted in transit (HTTPS/TLS). Passwords are stored hashed. Role-based access limits who can view exams, responses, and monitoring data.
Session security
Exam sessions use server-validated tokens. Critical actions (start, submit, monitoring events) are verified on the backend, not trusted from the browser alone.
Third-party services
Google OAuth
Optional student sign-in via Google. Google shares basic profile fields needed to create your account; we do not receive your Google password or unrelated Google data.
AI providers
When educators use AI generation, prompts are processed by configured model providers (e.g. OpenRouter and underlying model hosts). Review your institution's AI policy before use.
Infrastructure
We use cloud hosting and managed database services to operate the platform. Providers process data under our instructions for storage and delivery.
Data retention
Exam responses
Retained according to institutional needs and exam configuration. Educators and admins may export or delete data per their organization's policy.
Monitoring logs
Session events are retained for integrity review and educator dashboards. Retention periods may be configured by deployment; contact your institution for specifics.
Account deletion
You may request account deletion by contacting support. Some records may be kept where required for academic or legal obligations.
Your rights
Access & correction
You may request a copy of personal data we hold or correction of inaccurate account information via [email protected].
Institutional control
If your institution manages your account, data requests may need to be coordinated with your school or college admin.
Complaints
Contact [email protected] if you believe your data was mishandled. You may also lodge a complaint with your local data protection authority where applicable.
Privacy questions or data requests?
Our team can help with access, correction, or deletion requests.
Last updated: 2026-05-25. Applies to https://safexam.in and affiliated deployments. See also our Terms of Service.
Affordable secure exams for your campus
We built SafeExam because our own club couldn't pay enterprise prices. Talk to us about institutional onboarding, custom deployments, or partnership opportunities for your college or organization.