Privacy Policy — ExamCrack AI

TL;DR (Plain Language): We collect only what's needed to run your account and improve your exam prep experience. We never sell your data. We use bank-grade encryption. You can delete your data anytime by emailing us.

1. Introduction

Welcome to ExamCrack AI ("we", "our", "us", "the Service", "the App"). This Privacy Policy explains how ExamCrack AI Technologies ("the Company") collects, uses, shares, and protects information when you use our mobile application, website (examcrackai.com), and related services (collectively, "the Service").

By accessing or using the Service, you agree to the collection and use of information in accordance with this policy. If you do not agree with any part of this policy, please do not use our Service.

2. Information We Collect

2.1 Information You Provide Directly

When you create an account or use our Service, we collect:

Identity Information: Full name, email address, mobile phone number (for OTP authentication)
Profile Information: Target exam (e.g., SSC CGL, IBPS PO, UPSC), preferred language (Hindi/English), profile photo (optional)
Educational Information: Current education status, exam preparation history (optional)
Communication Data: Messages you send us via contact forms, email, or support channels
Payment Information: Transaction records, subscription status (payment details are processed by Razorpay — we do NOT store card numbers or UPI credentials)

2.2 Information We Collect Automatically

Usage Data: Quiz attempts, answer selections, time spent per question, accuracy rates, streaks, topics studied
Device Information: Device model, operating system version (Android 7.0+), unique device identifiers, mobile network info
Performance Data: Crash logs, error reports, app performance metrics (to debug and improve the app)
Log Data: IP address, access times, pages viewed, app sessions

2.3 Information We Do NOT Collect

❌ Location data (GPS/precise location)
❌ Contacts list
❌ SMS messages or call logs
❌ Browsing history outside our app
❌ Biometric data (fingerprint, face ID)

2.4 Photos & Camera Access (Optional)

When you choose to use these features, we access your camera or gallery:

Profile Photo: When you set or update your profile picture (optional — you can use the app without setting one)
AI Doubt Solver: When you upload a photo of a question paper or doubt for AI-powered explanation

How we handle your photos:

Photos are uploaded securely (HTTPS/TLS encryption) to our servers
Profile photos are stored linked to your account, accessible only to you
AI Doubt Solver photos are processed for the explanation, then auto-deleted within 30 days
We never share your photos with third parties for marketing or advertising
You can delete uploaded photos anytime from Profile → Settings → Manage Photos

Permissions you control:

Camera and gallery access is requested only when you tap a "camera" or "upload" button
You can deny permission and continue using the rest of the app
You can revoke permissions anytime from Android Settings → Apps → ExamCrack AI → Permissions

3. How We Use Your Information

We use collected information for the following purposes:

Service Delivery: Create and manage your account, authenticate login via OTP, deliver personalized quiz content
Personalization: Adapt question difficulty based on your performance, recommend topics based on weak areas, show relevant exam notifications
Analytics: Calculate accuracy, track progress, generate leaderboards, measure streak consistency
Communication: Send account-related notifications, exam alerts, customer support responses, billing receipts
Payments: Process subscription payments via Razorpay, manage renewals, issue refunds
Security: Detect fraud, prevent abuse, ensure account integrity, comply with legal obligations
Improvement: Debug crashes, fix bugs, develop new features based on usage patterns
Marketing (Optional): Send promotional offers, exam tips newsletter (you can opt out anytime)

4. Legal Basis for Processing (GDPR/DPDP)

We process your personal information based on:

Consent: You've agreed to our terms when signing up
Contractual Necessity: To provide the services you've subscribed to
Legitimate Interest: To improve our services and prevent fraud
Legal Obligation: To comply with Indian laws (IT Act 2000, DPDP Act 2023)

5. Data Sharing and Disclosure

We do NOT sell, rent, or trade your personal data to third parties. We share information only with:

5.1 Service Providers

Razorpay: Payment processing (they handle card/UPI data, not us)
Hostinger: Server infrastructure and data storage
Email service providers: For transactional and promotional emails
OpenAI/AI providers: Anonymous question generation (no personal data shared)
Analytics providers: Aggregated, anonymized usage statistics only

5.2 Legal Disclosures

We may disclose information if required by Indian law, government request, court order, or to protect rights, property, or safety of users or the public.

5.3 Business Transfers

If ExamCrack AI is acquired or merged with another company, user data may be transferred. Users will be notified 30 days in advance via email.

6. Data Security

We implement industry-standard security measures:

🔒 Encryption in transit: All data transmitted uses HTTPS/TLS 1.3 encryption
🔒 Encryption at rest: Sensitive data in our databases is encrypted using AES-256
🔒 Password security: Passwords are hashed using bcrypt (we never store plain text passwords)
🔒 OTP authentication: Two-factor verification for sensitive account actions
🔒 Access controls: Only authorized personnel can access user data, with audit logs
🔒 Regular audits: Periodic security reviews and vulnerability assessments
🔒 Secure payment: PCI-DSS compliant processing via Razorpay

Breach notification: In the unlikely event of a data breach, we will notify affected users within 72 hours via email and in-app notification.

7. Data Retention

Active accounts: Data retained as long as your account is active
Inactive accounts: After 3 years of inactivity, we send notification and delete data after 90 days
Deleted accounts: Personal data erased within 30 days; anonymized usage data may be retained for analytics
Payment records: Retained for 7 years per Indian tax laws
Support communications: Retained for 2 years for dispute resolution

8. Your Rights

Under Indian DPDP Act 2023 and GDPR (for EU users), you have these rights:

✓ Right to Access: Request a copy of data we hold about you
✓ Right to Correction: Update inaccurate information in your profile
✓ Right to Erasure: Request complete data deletion ("right to be forgotten")
✓ Right to Data Portability: Export your data in machine-readable format (JSON/CSV)
✓ Right to Object: Opt out of marketing emails and analytics tracking
✓ Right to Restrict Processing: Limit how we use your data
✓ Right to Grievance Redressal: Contact our Grievance Officer (details below)

How to exercise these rights: Email us at privacy@examcrackai.com or use in-app Settings → Account → Data & Privacy. We respond within 30 days.

9. Children's Privacy (18+ Only)

ExamCrack AI is designed for users aged 18 years and older. We do not knowingly collect information from children under 18. If you are under 18, please do not use our Service or provide any personal information.

If we discover that a child under 18 has provided personal information, we will delete it immediately. Parents/guardians who believe their child has used our Service can contact us at privacy@examcrackai.com.

10. Cookies and Tracking

Our website uses cookies and similar technologies:

Essential cookies: Required for login sessions (cannot be disabled)
Functional cookies: Remember preferences like language, theme
Analytics cookies: Understand how users navigate (anonymous, can be disabled)

Our mobile app does not use tracking cookies. It uses secure local storage for session tokens only.

11. Third-Party Services

Our Service may contain links to third-party websites or services (news sources, exam notifications). We are not responsible for their privacy practices. Review their policies separately.

12. International Data Transfers

Your data is primarily stored in India (Hostinger Indian servers). If data is transferred internationally, we ensure adequate protection through standard contractual clauses and compliance with applicable laws.