Privacy Policy
How we collect, use, and disclose your personal information
Our Privacy Policy outlines how we collect, use, and disclose your personal information, ensuring transparency and clarity about our practices.
Exam Insights is dedicated to safeguarding the privacy and confidentiality of our users’ information. We take our responsibility regarding the security and processing of user data seriously. This Privacy Policy, in conjunction with our Terms of Use, delineates the legal framework for the collection, processing, and protection of personal data obtained from you or provided by you.
Review this document to gain a comprehensive understanding of our views and practices regarding your personal data. Your visit to exam-insights.com signifies your explicit acceptance and consent to the practices outlined in this legally binding privacy policy. It is essential to acknowledge that any use of our services is subject to compliance with these terms, and we encourage you to contact us with any questions or concerns regarding your privacy at data-protection@exam-insights.com.
If you are under 18 years of age, we recommend reviewing this Privacy Policy with a parent or guardian and gain their consent prior to giving us your personal information.
Our Privacy Policy may be updated periodically. Exam Insights will contact users via email if any policy change diminishes privacy rights that they were entitled to prior to those policy changes.
Summary of Our Privacy Commitment
We are committed to protecting your privacy in accordance with the Australian Privacy Principles outlined in the Privacy Act. Ensuring a safe and secure online environment is our top priority, and we maintain transparency in all our practices. We do not sell personal information to third parties and use advanced technology to safeguard your data and prevent unauthorised access.
Exam Insights will not disclose your information to third parties without your explicit written consent, except when required by law. We collaborate with third-party service providers under strict agreements to ensure that our data security and privacy standards are upheld.
We collect personal information including first name, school, email address, password, subject(s), and role. This data is securely stored within Australia. Users must be at least 13 years old to use our service. User data can be deleted by contacting data-protection@exam-insights.com.
What Information Do We Collect?
Exam Insights collects the following information about you and your use of our services:
-
Personal Information: We collect personal information that you provide to us by completing forms on our site exam-insights.com. This includes information you provide when you register to use our site and when you report a problem with our site. The personal information that we collect includes first name, school, email address, password, subject(s) and role.
-
Technical Information: We automatically collect certain information when you visit, use, or navigate the Services, such as your IP address, browser and device characteristics, operating system, language preferences, referring URLs, device name, location, page response times, page errors, and the length of visits to certain pages. This information is primarily needed to maintain the security and operation of our Services and for our internal analytics and reporting purposes.
-
Use of Service Information: We collect usage information about your use of certain features of our services, such as the your subject matter performance, reflections of questions, questions you chose to add to a collection, Coverage you have attempted, and the amount of time spent to complete a question. This enables us to better tailor educational experiences that are most appropriate for you.
-
Information from Integrated Services: Exam Insights allows for a single-sign-on (SSO) sign in option to make it easier for students and educators to remember multiple passwords for various services. If you choose to sign in through SSO, Exam Insights may collect personal information that is already associated with your integrated service account. By choosing to provide such information during registration or otherwise, you are giving Exam Insights the permission to use, share and store it in a manner consistent with this Privacy Policy.
-
Non-Personally Identifiable Information: Exam Insights uses any non-personally identifiable information that you provide or that we collect from users in an aggregated format to understand and analyse the usage trends, learning behaviours and preferences of our users, to improve the way our services work and look, and to create new features and functionality.
How Do We Process Your Information
We process your personal information for various purposes, including:
-
Facilitating account creation, authentication, and managing user accounts for a seamless experience.
-
Delivering and facilitating requested services to users.
-
Responding to user inquiries and offering support.
-
Sending administrative information, such as product/service details and policy updates.
-
Requesting feedback to enhance our services and user experience.
-
Evaluating and improving our Services, products, and overall user experience.
-
Identifying usage trends to better understand and enhance the effectiveness of our Services.
Purposes for Collection, Use, and Disclosure of Personal Information
We collect, hold, use, and disclose your personal information for the following purposes:
- To create, maintain, and manage your account.
- To deliver our services and features as requested.
- To personalise your experience and improve our service offerings.
- To communicate with you about account-related matters, product updates, and customer support.
- To comply with legal obligations and enforce our terms.
- To assess and analyse usage data to improve our educational tools.
Access and Correction of Your Personal Information
You have the right to access personal information we hold about you and request correction of any inaccuracies. If you believe that any information, we are holding is incorrect or incomplete, please contact us at: data-protection@exam-insights.com.
We will promptly correct any information found to be incorrect in accordance with applicable data protection regulations.
Where Is Your Personal Data Stored?
Our web application is hosted and its data, including personal data, is stored in Australia. We abide by the Australian Privacy Act and the Privacy Principles governing data collection in Australia.
When And With Whom Do We Share Your Personal Information?
Exam Insights relies on third-party service providers to perform specific services on our behalf, such as content optimisation, functionality enhancement, infrastructure optimisation, and user account registration/authentication. These providers are instrumental in ensuring optimal website performance and user experience.
In limited cases, some non-personal data may be processed overseas by trusted third-party service providers to enable platform functionality. We do not share personal identifiers or student-specific information with any provider outside of Australia.
Countries Where Data May Be Processed
We use carefully selected sub processors to ensure the reliability, performance, and security of Exam Insights. Each provider is reviewed for compliance with privacy standards and data handling practices.
OpenAI
- Organisation: OpenAI, Inc.
- Website: https://openai.com
- Purpose: Supports AI-powered feedback and content generation features
- Data Shared: Only non-identifiable, question-based content is sent (no personal information)
- Lawful Basis: Performance of a contract (platform functionality)
- Country of Processing: United States
DigitalOcean
- Organisation: DigitalOcean, LLC
- Website: https://www.digitalocean.com
- Purpose: Infrastructure and server hosting
- Data Shared: Full application and database hosting (Australian data centre)
- Lawful Basis: Performance of a contract
- Country of Processing: Australia
In certain circumstances, your personal information may be shared or transferred in the event of a business transfer, including negotiations, mergers, sale of company assets, financing, or acquisition of our business, either wholly or partially, by another company.
Safeguards and Ongoing Review
All third-party providers are subject to data processing agreements and are assessed to ensure alignment with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs). Any future processors will be disclosed as part of our ongoing privacy commitments.
Notification of Data Residency and Access Changes
Exam Insights is committed to transparency regarding where and how your data is stored and accessed.
If there is any planned relocation or expansion of:
- Our cloud infrastructure (including system components, personal data, or backups) to a new country; or
- Access permissions granted to vendors, cloud infrastructure personnel, or contractors that would allow them access to unencrypted personal data or encryption keys
we will notify affected customers in advance. This notification will:
- Identify the nature of the change
- Specify the country or organisation involved
- Provide details on relevant safeguards or contractual protections
This ensures our customers—particularly educational institutions—can assess the impact of such changes on their own data protection obligations.
How Do We Keep Your Information Safe?
We’ve implemented robust technical and organisational security measures to safeguard your personal information. Alongside encryption protocols, access controls, and advanced technologies, we regularly conduct comprehensive security audits and assessments to identify and address any vulnerabilities proactively. Additionally, we ensure data encryption both in transit and at rest, providing an added layer of protection against unauthorised access.
Continuous monitoring of our systems using automated tools and manual oversight allows us to promptly detect and respond to any suspicious activity or unauthorised access attempts in real-time. Furthermore, our secure development practices ensure that security is prioritised at every stage of product development, reducing the risk of potential vulnerabilities.
All data transmitted between users and our platform is encrypted using TLS 1.2 or higher to prevent interception or tampering during transfer.
In addition to regular audits, we engage independent security experts to conduct annual penetration testing. Identified vulnerabilities are prioritised and resolved based on risk severity to maintain strong protection.
We perform regular encrypted backups and store them using tamper-proof methods to ensure recoverability and data integrity. These safeguards protect against data loss and ensure we can restore service in the event of system failures or malicious attacks.
Despite these efforts, it’s essential to recognise that no system can offer absolute certainty, and users should remain cautious regarding potential risks.
Can You Export Your Data?
Schools with active licences may request a full export of their data at any time. Data will be provided in commonly used formats such as CSV or JSON to ensure compatibility and portability.
Is Your Data Sold To Third Parties?
We do not sell, share, or rent your personal information to any third party or use your e-mail address for unsolicited mail.
Anonymised Performance Data Sharing
Exam Insights may share anonymised, aggregated data to analyse collective performance trends at the school, local, and state levels. Individual data is never shared. Your name and email address are anonymised to ensure that no personally identifiable information (PII) is disclosed. While the name of your school may be included in these analyses, it cannot be used to identify individual users. Your personal information remains confidential and will never be disclosed without your explicit consent.
How Long Is Your Information Stored For?
During the active period of your account, we maintain your data securely. Once your account is created, we preserve the information for as long as it is necessary for the purpose for which it was collected and as required by applicable laws. When your account is active, we continuously assess the need for the data and its relevance to our services.
How Can I Remove My Information?
If you wish to remove your personal information, please note that this can only be done by deleting your entire account. Unfortunately, we cannot delete individual pieces of information separately; the entire account must be deleted to remove all associated data. If you wish to delete your account, please contact data-protection@exam-insights.com. Once your account is deleted, all associated personal information will be permanently removed from our database, along with any data related to third-party services.
We conduct regular reviews of stored personal data to ensure compliance with data minimisation principles. By default, the personal data and accounts of Year 12 students are subject to automatic deletion at the conclusion of each academic year, on the basis that they no longer require access to the platform.
An exception applies where a student has independently purchased a subscription plan. In such cases, the student’s account and associated personal data will be retained until the conclusion of their subscription period, even if that period extends beyond the end of the calendar year. Upon expiry of the subscription, data will be deleted in accordance with our standard data deletion protocols.
This retention approach ensures that personal information is not held for longer than is necessary and aligns with our obligations under applicable privacy laws.
How Can You Contact Us About This Notice?
If you have questions or comments about this notice, you may email us at data-protection@exam-insights.com.