Legal

Privacy Policy

Understand how Evalat collects, uses, secures, and retains data for safe and compliant exam operations.

1. Introduction

Evalat ("we", "us", "our") provides a multi-tenant online examination platform for institutions, coaching centers, teachers, and students. This Privacy Policy explains how we collect, use, disclose, and protect your personal information when you use Evalat.

2. Information We Collect

We collect account and usage data required for secure exam operations.

Identity data: name, email address, role, organization and institution details.
Contact data: phone country code, phone number, address, country/state/city.
Authentication and security data: hashed passwords, OTP and verification status, login attempts, IP address, user agent, and location context when available.
Assessment data: exams, questions, attempts, answers, scores, and certificates.
Integrity monitoring data: anti-cheat events, fullscreen violations, tab-switch events, and optional webcam monitoring metadata where enabled by institution policy.
Billing data: subscription plans, transaction references, payment provider metadata (Stripe/PhonePe references), and subscription status.

3. How We Use Information

To provide secure login, role-based access, and exam services.
To enforce exam integrity and investigate suspicious behavior.
To manage subscriptions, billing, and institutional account lifecycle.
To improve platform reliability, performance, and fraud prevention.
To comply with legal obligations and enforce our Terms.

4. Legal Basis and Consent

We process data for contractual necessity, legitimate interest in platform security, and legal compliance. Where optional processing applies, we collect consent in product workflows (for example, cookie preferences).

5. Cookies and Tracking Technologies

Evalat uses essential cookies required for session security and CSRF protection. Optional cookies are enabled only after explicit user consent. See our Cookies Policy.

6. Data Sharing

We do not sell personal information. We may share limited data with service providers used to run Evalat, such as email delivery, OTP providers, and payment processors. These providers process data on our instructions and under contractual protections.

7. Data Retention

We retain data only as long as necessary for exam records, security, compliance, and contractual commitments with institutions. Retention periods may vary by tenant policy and legal requirements.

8. Security Controls

Evalat applies layered controls including RBAC, CSRF, login throttling, audit logs, and tenant isolation. While no system is absolutely secure, we continuously improve safeguards against unauthorized access and misuse.

9. Your Rights

Depending on your jurisdiction, you may have rights to access, correct, delete, or restrict processing of your personal data. Institutional users should route requests through their institution admin first, then contact Evalat support if needed.

10. International Transfers

Where data is processed outside your local region, we use reasonable contractual and technical measures to protect personal information.

11. Children and Minors

Evalat is intended for educational institutions and authorized users. Institutions are responsible for obtaining any required guardian permissions for minors under applicable law.

12. Policy Updates

We may update this Privacy Policy periodically. Material updates will be reflected via the "Last updated" date and may be communicated through in-app notice where appropriate.

13. Contact

For privacy requests, contact your institution administrator or write to privacy@evalat.in.