PRIVACY POLICY

This Privacy Policy ("Policy") governs the collection, processing, storage, utilization, and protection of personal data and related information ("Data") by CasharQuiz, an educational technology platform specializing in the conversion of portable document format files ("PDFs") into interactive pedagogical assessment tools ("Quizzes"), hereinafter referred to as "the Platform," "we," "us," or "our." This document outlines the principles, procedures, and safeguards implemented to ensure compliance with applicable data protection legislation, including but not limited to the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and other relevant jurisdictional frameworks.

By accessing, registering for, or utilizing the services provided by CasharQuiz, you ("User," "you," or "your") expressly acknowledge that you have read, comprehended, and consent to the practices described herein. If you do not agree with any aspect of this Policy, you must immediately cease all use of the Platform and refrain from submitting any personal data.

1. Definitions and Interpretation

For the purposes of this Policy, the following terms shall have the meanings ascribed to them:

  • "Personal Data" refers to any information relating to an identified or identifiable natural person, including but not limited to names, identification numbers, location data, online identifiers, or factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that person.
  • "Processing" encompasses any operation or set of operations performed on personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation, alteration, retrieval, consultation, use, disclosure by transmission, dissemination, or otherwise making available, alignment, combination, restriction, erasure, or destruction.
  • "Data Subject" denotes the natural person to whom the personal data relates.
  • "Controller" signifies the entity that determines the purposes and means of the processing of personal data; for the purposes of this Policy, CasharQuiz acts as the Controller.
  • "Processor" refers to any entity that processes personal data on behalf of the Controller.
  • "Consent" means any freely given, specific, informed, and unambiguous indication of the data subject's wishes by which they, by a statement or by a clear affirmative action, signify agreement to the processing of personal data relating to them.

2. Scope and Applicability

This Policy applies exclusively to the CasharQuiz platform, accessible via web browsers and associated applications, and governs all data processing activities conducted within the context of the Platform's core functionality: the transformation of user-uploaded PDF documents into algorithmically generated quizzes for educational and self-assessment purposes. It does not extend to third-party websites, services, or applications, even if accessible through links or references within the Platform.

3. Categories of Personal Data Collected

3.1 Data Voluntarily Provided by the User

In the course of utilizing the Platform, Users may elect to provide the following categories of personal data:

  • Account Registration Data: Upon creation of a user account, the Platform requires a valid email address and a user-selected password. The email address serves as the primary identifier for account access, communication, and password recovery procedures.
  • Document Upload Data: Users may upload PDF documents to the Platform for processing. These documents may contain text, images, and other embedded content. The Platform extracts textual elements from these documents solely for the purpose of quiz question generation. Original PDF files are stored temporarily and are not subjected to manual review or analysis beyond automated text extraction.
  • Pedagogical Interaction Data: As Users engage with quizzes generated from their uploaded documents, the Platform records responses, scores, time spent per question, accuracy rates, and progression through quiz modules. This data is aggregated to provide learning analytics and progress tracking.
  • Optional Profile Enhancement Data: Users may, at their discretion, supplement their profile with additional information such as a display name, educational institution affiliation, or areas of academic interest. Provision of such data is entirely optional and does not affect core Platform functionality.

3.2 Data Automatically Collected Through Technological Interaction

The Platform employs standard automated data collection mechanisms during User interaction:

  • Technical Log Data: Each access request generates server log entries containing the Internet Protocol (IP) address, browser type and version, operating system, device characteristics, timestamps, referring URLs, and pages visited. This data is essential for system administration, security monitoring, and diagnostic purposes.
  • Usage Metric Data: Anonymized and aggregated data regarding feature utilization, session duration, navigation paths, and interaction patterns are collected to inform user experience optimization and platform development.
  • Authentication Token Data: The Platform utilizes essential, session-based cookies to maintain authentication state and preserve user session continuity. These cookies contain no personally identifiable information and are automatically invalidated upon session termination or browser closure.

4. Purposes and Legal Bases for Processing

All processing of personal data by CasharQuiz is conducted under a clearly defined purpose and a corresponding lawful basis as required by data protection regulations:

  • Contractual Performance (Article 6(1)(b) GDPR): Processing of account data, PDF content, and quiz interaction data is necessary for the execution of the service agreement between the User and CasharQuiz, enabling core functionalities such as account management, document processing, quiz generation, and progress tracking.
  • Legitimate Interests (Article 6(1)(f) GDPR): Processing of technical log data and usage metrics is conducted pursuant to the legitimate interests of CasharQuiz in ensuring platform security, preventing fraudulent or abusive activities, maintaining system integrity, and improving service quality, provided such interests are not overridden by the User's fundamental rights and freedoms.
  • Legal Obligation (Article 6(1)(c) GDPR): In limited circumstances, processing may be required to comply with statutory obligations, such as responding to lawful requests from judicial or regulatory authorities.

Note on Consent: CasharQuiz does not rely on consent as a primary legal basis for processing core service data. For optional processing activities (e.g., marketing communications), separate, explicit consent will be obtained where required.

5. Data Retention and Storage Protocols

CasharQuiz adheres to a strict data minimization and storage limitation principle. Personal data is retained only for the duration necessary to fulfill the purposes outlined in Section 4, after which it is securely erased or anonymized.

  • Account Data: Retained for the lifetime of the user account. Users may initiate account deletion at any time via platform settings, triggering the irreversible erasure of associated personal data, subject to technical processing latencies not exceeding 30 days.
  • Uploaded PDF Documents: Original PDF files are retained for a maximum period of 30 calendar days from the date of upload. Following this period, files are permanently deleted from active storage and backup systems. Extracted textual content used for quiz generation may be retained in anonymized, aggregated form for model improvement purposes.
  • Quiz Interaction Data: Retained indefinitely to provide longitudinal learning progress tracking, unless deleted by the User via account deletion or specific data erasure requests.
  • Technical Log Data: Retained for a period of 90 days for security and operational analysis, after which logs are rotated and purged.

6. Data Sharing and Third-Party Disclosures

CasharQuiz maintains a fundamental policy of non-disclosure of user personal data. No personal data collected through the Platform is sold, leased, traded, or otherwise commercially exploited.

Data may be disclosed only under the following circumscribed conditions:

  • Essential Service Providers: To a limited set of subcontracted data processors who provide infrastructure services critical to Platform operation, such as cloud hosting, database management, and email delivery. Such processors are bound by stringent contractual data processing agreements that mandate confidentiality, security, and processing only on documented instructions from CasharQuiz.
  • Legal Compulsion: Where required by a valid subpoena, court order, warrant, or other governmental or regulatory request, and only to the extent legally compelled. CasharQuiz will, where permissible by law, notify the affected User prior to such disclosure.
  • Corporate Transactions: In the context of a merger, acquisition, or sale of all or substantially all assets of CasharQuiz, user data may be transferred as part of the transaction assets. Affected Users will be notified via platform announcement and email prior to such transfer becoming effective.

Emphatic Statement: Beyond the explicitly enumerated scenarios above, under no circumstances is user personal data shared with, transmitted to, or made accessible by any third party, including advertisers, data brokers, or research entities.

7. Data Subject Rights and Exercising Procedures

Depending on your jurisdiction of residence, you may possess certain statutory rights regarding your personal data. CasharQuiz is committed to facilitating the exercise of these rights in accordance with applicable law.

  • Right of Access: You may request confirmation as to whether personal data concerning you is being processed and, if so, access to that data and related information (purposes, categories, recipients, retention periods, etc.).
  • Right to Rectification: You may request the correction of inaccurate or incomplete personal data.
  • Right to Erasure ("Right to be Forgotten"): You may request the deletion of your personal data under specific conditions (e.g., data no longer necessary, withdrawal of consent, unlawful processing).
  • Right to Restriction of Processing: You may request the temporary suspension of processing under certain circumstances (e.g., contesting accuracy, unlawful processing but opposing erasure).
  • Right to Data Portability: Where processing is based on consent or contract and carried out by automated means, you may receive your provided data in a structured, commonly used, machine-readable format and have it transmitted to another controller.
  • Right to Object: You may object, on grounds relating to your particular situation, to processing based on legitimate interests. CasharQuiz will cease such processing unless compelling legitimate grounds override your interests.
  • Right to Withdraw Consent: Where processing is based on consent, you may withdraw consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal.

To exercise any of these rights, please submit a verifiable request to contact@casharquiz.com. We will respond within the timeframe stipulated by applicable law (typically 30 days). We may require additional information to verify your identity before processing certain requests.

8. Data Security and Protection Measures

CasharQuiz implements a comprehensive, multi-layered security framework designed to protect personal data against unauthorized access, alteration, disclosure, or destruction. Our technical and organizational measures include, but are not limited to:

  • Cryptographic Protocols: All data transmissions between the User's device and our servers are encrypted using Transport Layer Security (TLS) 1.2 or higher protocols.
  • Storage Encryption: Personal data at rest is encrypted using industry-standard AES-256 encryption.
  • Access Control: Strict role-based access control (RBAC) policies limit internal access to personal data to authorized personnel on a need-to-know basis, authenticated via multi-factor authentication.
  • Network Security: Firewalls, intrusion detection/prevention systems, and regular vulnerability scans are employed to protect network perimeters.
  • Physical Security: Data center facilities housing our servers adhere to rigorous physical security standards, including biometric access controls, 24/7 monitoring, and environmental safeguards.
  • Incident Response: A formal incident response plan is maintained to address potential data breaches, including procedures for notification of supervisory authorities and affected individuals where legally required.

Notwithstanding these measures, no method of transmission over the Internet or method of electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your personal data, we cannot guarantee its absolute security.

9. International Data Transfers

CasharQuiz operates as a global service. Consequently, personal data may be transferred to, stored, and processed in countries other than your country of residence, which may have data protection laws that differ from those in your jurisdiction.

For transfers of personal data from the European Economic Area (EEA), the United Kingdom, or Switzerland to countries not deemed to provide an adequate level of data protection, CasharQuiz relies on appropriate safeguards as defined in Article 46 of the GDPR, primarily the European Commission's Standard Contractual Clauses (SCCs), complemented by rigorous transfer impact assessments.

10. Children's Privacy

The CasharQuiz Platform is not designed for, targeted at, or intended to be used by individuals under the age of 16 ("Children"). We do not knowingly collect personal data from Children. If you are a parent or guardian and become aware that your Child has provided us with personal data, please contact us immediately at contact@casharquiz.com. If we learn that we have collected personal data from a Child without verification of parental consent, we will take steps to delete that information from our servers promptly.

11. Modifications to This Policy

CasharQuiz reserves the right to amend, modify, or update this Privacy Policy from time to time to reflect changes in our data practices, legal requirements, or service features. Material changes will be communicated to Users through a prominent notice on the Platform's homepage or via direct email notification prior to the change becoming effective. We encourage Users to periodically review this page for the latest information on our privacy practices.

Your continued use of the Platform following the posting of any revised Privacy Policy constitutes your acceptance of such changes.

12. Contact Information and Regulatory Authority

For any questions, concerns, or requests regarding this Privacy Policy or our data handling practices, please contact our designated data protection contact point:

Data Protection Officer
CasharQuiz
Email: contact@casharquiz.com

If you reside in the European Economic Area and believe that our processing of your personal data infringes data protection laws, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work, or place of the alleged infringement.

Disclaimer: This Privacy Policy is a legal document. While it aims to be comprehensive and clear, it does not constitute legal advice. Users are advised to consult with independent legal counsel for advice regarding their specific circumstances.