ExamHero
Privacy Policy
Effective Date: January 12, 2025
Scope & Multi‑Exam Coverage
ExamHero is a study and practice platform that offers preparation content, sample tests, scoring helpers, and learning tools for multiple exams, including (but not limited to) CELPIP, IELTS, OET, TOEFL, PTE Academic, and other English‑language or professional communication exams. Exam names are the trademarks of their respective owners. ExamHero is an independent preparation resource and is not endorsed by, sponsored by, or formally affiliated with any official test administrator or governing body.
Privacy Policy
ExamHero, a product of Devxpert Inc. ("we", "us", or "our"), provides the ExamHero mobile application and related services (collectively, the "Service").
This Privacy Policy explains how we collect, use, disclose, transfer, and safeguard your information when you use the Service. It also describes your choices and rights with respect to that data.
By using the Service, you agree to the collection and use of information in accordance with this Privacy Policy. Terms not defined here have the meanings given in our Terms of Service below.
Key Definitions
Service – The ExamHero mobile application and related websites, APIs, analytics dashboards, and support channels operated by Devxpert Inc.
Personal Data – Information about a living individual who can be identified from that data alone or in combination with other information we hold or can reasonably access.
Usage Data – Technical and interaction data generated automatically when you use the Service (e.g., device type, app version, screens viewed, session duration).
Cookies / Similar Technologies – Small data files or device identifiers stored locally to enable core functionality, remember preferences, and help us understand usage.
Data Controller – Devxpert Inc. We determine the purposes and means of processing Personal Data for the Service.
Data Processors / Service Providers – Third parties that process data on our behalf to deliver functionality, payments, analytics, AI features, or support (e.g., Apple, Google, RevenueCat, Google Analytics, OpenAI API, Firebase).
Data Subject / User – Any individual who uses the Service and whose Personal Data is processed.
Information We Collect
We collect information in three main ways: (1) you provide it to us, (2) it’s collected automatically when you use the Service, and (3) we receive limited data from platform or analytics partners.
1. Personal Data You Provide
We may collect the following types of data when you interact with the Service, support, or opt‑in features:
- First and last name (optional in most cases)
- Email address (for support, account recovery, receipts, or mailing lists)
- Subscription or purchase records (via Apple/Google/RevenueCat transaction data)
- In‑app messages, prompts, notes, study answers, or practice responses you submit
- Support tickets or screenshots you send us
2. Usage & Device Data (Collected Automatically)
- Device type, operating system, and app version
- Country/region (approximate, derived from IP at request time—stored or aggregated depending on configuration)
- In‑app interaction events (screens viewed, features used)
- Crash logs and diagnostic information
3. Tracking Technologies
We use cookies, mobile identifiers, or SDK events to:
- Maintain login/session state (where applicable)
- Remember preferences (e.g., dark mode, language)
- Measure feature adoption & performance
- Improve quality and reliability
Trademark Notice
We process data to operate, secure, and improve ExamHero. Typical uses include:
| Purpose | Examples of Data Used | Legal Basis (GDPR)* |
|---|---|---|
| Provide core functionality | Subscription status, content access rights, prompts, scoring interactions | Contract; Legitimate Interests |
| Customer support | Email, support message content, screenshots | Legitimate Interests; Contract |
| Improve and personalize study experience | Usage analytics, anonymized prompt content | Legitimate Interests; Consent (where required) |
| Communications (service notices, updates) | Email address | Contract; Legitimate Interests |
| Improve and personalize study experience | Usage analytics, anonymized prompt content | Legitimate Interests; Consent (where required) |
| Marketing (news, offers) | Email (if opted in) | Consent |
| Security, fraud prevention, abuse monitoring | IP (ephemeral), usage patterns | Legitimate Interests; Legal Obligation |
| Payment / subscription validation | Store receipt / transaction ID | Contract; Legal Obligation |
*See GDPR Addendum for more detail.
AI Processing (OpenAI)
Some ExamHero practice features (e.g., AI scoring suggestions, writing feedback, speaking prompt generation) rely on the OpenAI API. When you submit text (a prompt, answer, or study note) in those features, that text is transmitted to OpenAI for processing and a response is returned to the app.
- We do not intentionally attach your name or email to AI prompts.
- Avoid including personally identifiable information in free‑text fields unless necessary.
- OpenAI processes your input to generate a response; handling is governed by OpenAI’s API terms and privacy commitments.
- We may log anonymized or truncated prompt/response pairs for quality and abuse prevention.
If you want us to delete specific AI submission history tied to your account (where stored), contact us.
Legal Bases for Processing (GDPR / UK GDPR)
We process Personal Data only where we have a lawful basis. Depending on the context, that may include:
- Consent – e.g., marketing emails, optional analytics where required by law.
- Contract – Delivering purchased subscriptions, enabling paid features, responding to support linked to your account.
- Legitimate Interests – Improving the Service, preventing fraud/abuse, measuring performance (balanced against your privacy rights).
- Legal Obligation – Tax, accounting, consumer law, regulatory inquiries.
- Vital Interests / Public Task – Not typically applicable; if ever required (e.g., safety reporting), we’ll document it.
Data Retention
We retain Personal Data only as long as necessary for the purpose collected, unless a longer period is required by law (e.g., tax records). Illustrative guidelines:
- Subscription / purchase records: retained per platform and statutory accounting rules (often 7 years in some jurisdictions).
- Support email threads: up to 24 months from last contact unless required longer.
- AI prompt logs (if stored separately): typically 90–180 days for quality & abuse review, then de‑identified or deleted.
- Aggregated analytics: retained in non‑identifiable form.
You may request deletion of Personal Data (subject to legal retention requirements). See Your Rights below.
International Data Transfers
Your data may be processed in Canada, the United States, the European Economic Area (EEA), or other jurisdictions where our service providers operate. Data protection laws may differ from those in your location.
Where required for EEA/UK transfers to countries lacking an adequacy decision, we rely on appropriate safeguards such as Standard Contractual Clauses (SCCs) or equivalent approved mechanisms. Copies or summaries of relevant transfer safeguards are available upon request (subject to confidentiality).
When We Share Data
We do not sell Personal Data. We may share data with:
- App stores & subscription processors: Apple, Google Play, Stripe, RevenueCat (for validating purchases).
- Analytics & performance tools: Google Analytics / Firebase Analytics (usage trends, crash reporting).
- AI provider: OpenAI (prompt processing).
- Infrastructure & cloud hosting: Firebase / Google Cloud and comparable vendors.
- Professional advisers: Legal, accounting, compliance consultants (only as needed, under confidentiality).
- Law enforcement / regulators: Where required by law or to protect rights, safety, or integrity of the Service.
Where possible, data is shared in minimized or pseudonymized form.
Security
We use commercially reasonable administrative, technical, and organizational safeguards proportionate to the type of data processed. Examples include encrypted transport (HTTPS), platform‑managed credential storage, access controls, and logging. No system is perfectly secure; transmission and storage risks remain. Report suspected security issues to us immediately.
Children’s Privacy / Under‑Age Users
ExamHero is designed for adult learners preparing for formal exams. The Service is not intended for individuals under 18 years of age (or the age of majority in your jurisdiction, if higher). We do not knowingly collect Personal Data from such users. If you are a parent/guardian and believe your child has used the Service and provided data, please contact us and we will take appropriate steps to remove it.
Your Privacy Rights
Your data protection rights vary by jurisdiction. Where applicable (e.g., under GDPR / UK GDPR / similar laws), you may have the right to:
- Access a copy of your Personal Data we hold.
- Correct incomplete or inaccurate data.
- Request deletion (erasure) of your data.
- Restrict or object to certain processing.
- Port your data to another provider (data portability).
- Withdraw consent at any time (where consent is the legal basis).
- Lodge a complaint with a supervisory authority.
To exercise any of these rights, contact us at Devxpert01@gmail.com. We may need to verify your identity before responding.
Complaints (EU/EEA/UK)
If you are located in the EEA, Switzerland, or the UK and believe we have not adequately addressed a privacy concern, you have the right to lodge a complaint with your local Data Protection Authority (DPA) or the UK Information Commissioner’s Office (ICO).
Changes to This Privacy Policy
We may update this Privacy Policy periodically. When we do, we will:
- Post the updated version in the app and/or on our site.
- Update the “Last reviewed” date at the top.
- Provide additional notice (email, in‑app banner) if changes are material.
Continued use of the Service after changes become effective constitutes acceptance of the revised Privacy Policy.
Contact Us (Privacy)
Questions, data requests, or privacy concerns? Contact:
Email: Devxpert01@gmail.com
(If you write regarding a data request, please include “Privacy Request” in the subject line.)
GDPR / UK GDPR Addendum
Applies to users in the European Economic Area (EEA), Switzerland, and the United Kingdom.
Controller Identity
Devxpert Inc. is the controller of Personal Data processed in connection with ExamHero.
EU / UK Representative
If we are required to appoint an EU and/or UK representative under Article 27 GDPR, the representative’s contact details will be posted here when available. Until then, please direct all requests to Devxpert01@gmail.com.
Lawful Bases – Expanded Detail
| Processing Activity | Data Elements | Lawful Basis |
|---|---|---|
| Granting exam prep content access after purchase | Transaction receipt, platform user ID | Contract |
| Syncing subscription status across devices | Store receipt ID, RevenueCat subscriber token | Contract; Legitimate Interests |
| Responding to email support | Email, user message content | Legitimate Interests; Contract |
| AI scoring / content generation | Prompt text, exercise metadata | Consent (user action); Legitimate Interests (service function) |
| Usage analytics & performance | Device + event data, crash logs | LegitLegitimate Interests (improve service); Consent where required under ePrivacy/cookie lawimate Interests; Consent (where required) |
| Marketing communications | Email (opt‑in list) | Consent |
| Fraud, abuse, and security monitoring | IP (ephemeral), usage anomalies | Legitimate Interests; Legal Obligation |
Below is a more specific mapping of our processing activities to GDPR legal bases International Transfers Outside the EEA / UK
Where we transfer Personal Data to a country lacking an adequacy decision, we rely on Standard Contractual Clauses (SCCs), the UK Addendum, or other approved safeguards. Additional technical measures (encryption in transit, access controls) are applied where feasible.
Your GDPR Rights Recap
You may exercise the following rights under GDPR: access; rectification; erasure; restriction; objection; portability; withdraw consent; and complaint to a supervisory authority. See contact instructions above.
Automated Decision‑Making
ExamHero does not make legally significant decisions about you solely by automated means. AI‑generated study feedback is advisory only and has no legal or contractual effect.