Privacy Policy

This Privacy Policy explains how ExamForge ("ExamForge," "we," "us," or "our") collects, uses, shares, and protects personal information when you use ExamForge (the "Service"). Contact: [email protected]. Location: Abu Dhabi, United Arab Emirates. The Service is still evolving, and this notice may be updated as features, providers, and legal requirements change.

1) Information We Collect

Information you provide: account data such as email address, username, profile details, billing/support communications, and any content you submit within the Service, including prompts, uploaded files, question banks, flashcards, notes, and feedback.

Information collected automatically: device and usage data such as IP address, browser/device type, approximate location from IP, referral URLs, ad/campaign measurement data, timestamps, interactions with pages/features, and diagnostics needed for security and troubleshooting.

Email delivery and engagement data: when we send account, billing, support, or subscription emails, our email provider (Resend) may process delivery status, bounce/complaint data, timestamps, message identifiers, and whether an email was opened or links in the email were clicked.

Authentication, cookies, and local storage data: session/auth cookies, CSRF/security tokens, preferences such as theme and locale, and certain locally stored settings or cached data used to preserve progress and app behavior.

Subscription/payment information: Payments are processed by PayPal, and we may receive limited billing metadata such as subscription status, transaction IDs, plan, renewal dates, and country. We do not store full payment card details.

Notifications and device permissions: if you opt into push notifications, we may store your push subscription details and notification preferences in order to send reminders and account-related notifications you request.

Please do not submit personal information you do not want processed or material you do not have the right to share with us.

2) How We Use Information

• Provide and operate the Service
• Manage accounts and subscriptions
• Provide customer support
• Confirm subscription status and payment events (via PayPal)
• Deliver notifications, reminders, and security/account messages you request or expect
• Monitor email deliverability, diagnose delivery failures, and understand whether important account or subscription messages are working
• Operate AI-powered generation, explanation, and analysis features you choose to use
• Improve and secure the Service (fraud prevention, abuse detection, troubleshooting)
• Review, investigate, and enforce suspected abuse, infringement, plagiarism, or other policy violations
• Comply with legal obligations

3) Legal Bases (Where Applicable)

Processing may be based on contract (providing the subscription service), legitimate interests (security, fraud prevention, improvement), consent (where required for certain cookies/communications), or legal obligation (tax/accounting/compliance).

4) Sharing and Disclosure

We may share information with payment processors (PayPal); hosting and infrastructure providers; database, storage, and authentication providers; advertising-measurement tools (Google); error-monitoring tools (Sentry); email and support tools (Resend); push-notification services; and AI/model providers that process prompts, uploads, or outputs on our behalf in order to provide requested features. We may also disclose information to legal authorities when required, to protect rights and safety, or in connection with a permitted business transfer. We do not sell personal information, and we do not use your prompts, uploads, or generated content to train our own models.

ExamForge is not a healthcare provider and is not a HIPAA "Business Associate." Please do not upload protected health information (PHI) or other identifiable patient data; any clinical material you submit should be de-identified study content only.

5) International Transfers

Information may be processed in other countries (for example, where hosting providers operate). Where required, appropriate safeguards are used.

6) Retention

We retain personal information only as long as needed for the purposes described, including while your account is active, and longer if needed for legal, tax, compliance, security, backup, or dispute-resolution purposes.

If you export or delete your account from your profile settings, some information may still be retained where required for billing records, fraud prevention, legal compliance, backup integrity, or service continuity. Published community content may also remain available in anonymized form because other users may rely on it.

7) Your Choices and Rights

Depending on your location, you may have rights to access, correct, delete, object, restrict processing, or request portability. To make a request, contact [email protected].

You can also manage certain requests yourself through the Service, including exporting your data, deleting your account, managing your subscription, or adjusting notification preferences. See our Account & Data Rights page for more detail.

You can control optional marketing or reminder communications where those controls are offered. Security, billing, and account-service emails may still be sent when needed to operate your account. Some email clients let you block remote images, which may limit open tracking.

8) Cookies, Local Storage, and Similar Technologies

We use cookies and similar storage technologies for essential functionality such as login/session management, CSRF and security protections, preferences, performance, app behavior, and Google Ads measurement. We may also use local storage, service workers, or related browser storage to remember theme, locale, onboarding state, notification preferences, autosave data, or supported offline/cache behavior.

You can control many of these technologies through your browser/device settings and in-product controls. See our Cookie Notice for more detail and to change your advertising-measurement choice for this browser.

9) AI Features, Uploads, and Community Content

If you use AI-powered or import features, the prompts, uploaded files, generated outputs, and related metadata may be processed by us and our service providers solely to provide, secure, moderate, and troubleshoot those features.

You are responsible for ensuring you have permission to submit the materials you upload. If you believe content on the Service infringes your rights, contact [email protected]. Additional rules for uploads, moderation, reports, and copyright complaints are described in our Content & Copyright Policy. Public community content may continue to be hosted or displayed after account closure in line with our Terms and this Privacy Policy.

10) Security

Reasonable technical and organizational safeguards are used to protect data, but no system is perfectly secure. You are responsible for keeping your account credentials confidential and notifying us if you suspect unauthorized access.

11) Children

The Service is not intended for children under 13. If you believe a child has provided personal information, email [email protected] to request deletion.

12) Changes

We may update this Privacy Notice by posting a new version and updating the “Last updated” date.

13) Contact

Privacy questions, rights requests, and account/data concerns can be sent to [email protected].