Privacy Policy
How Testlaa collects, uses, shares, and protects personal information.
Last updated: 2026-05-24
1. Introduction
This Privacy Policy explains how Testlaa ("we", "us", "our"), operated by or on behalf of Freshbix, collects, uses, discloses, and protects personal information when you visit our websites, use our applications, participate in assessments, or interact with us for sales and support.
This Policy applies to personal information we process as a controller (for example, website visitors, demo requests, and direct billing contacts) and describes our practices when we process personal information on behalf of institutions as a processor or service provider (for example, student roster data uploaded by a college).
2. Controller and processor roles
When an institution provisions student or staff accounts, uploads rosters, or configures exams, the institution typically determines the purposes and means of processing that personal information and acts as the data controller (or equivalent under applicable law). We process that information on the institution's documented instructions to provide the Service.
For website analytics, marketing leads, and account administration relating to institution contracts, we may act as an independent controller. Where required, we enter into data processing agreements with institutions.
3. Information we collect
We collect information you provide directly, information generated through use of the Service, and information from third parties where permitted.
- Identity and contact data: name, email, phone, registration number, role, department, cohort, and profile photo where uploaded.
- Account and authentication data: hashed credentials, session tokens, login timestamps, and multi-factor settings where enabled.
- Assessment data: exam responses, code submissions, scores, proctoring signals where enabled, timestamps, and activity logs.
- Study plan and collaboration data: tasks, comments, mentions, notifications, and mentor interactions.
- Institution and billing data: organisation name, billing contacts, tax identifiers where provided, subscription tier, and usage metrics.
- Technical data: IP address, device type, browser, operating system, crash logs, and security audit events.
- Marketing and support data: demo requests, support tickets, and communication preferences.
4. How we use personal information
We use personal information to provide, maintain, and improve the Service; authenticate users; deliver exams and study plans; generate analytics for authorised administrators; send transactional and in-app notifications; prevent fraud and abuse; comply with law; and, with appropriate basis, send product updates to institutional contacts.
We do not sell personal information. We do not use institution student exam content to train public third-party AI models unless explicitly disclosed and permitted under a separate agreement and institutional configuration.
- Provide core platform functionality requested by users and institutions.
- Generate institution-facing analytics, cohort insights, and audit logs.
- Operate optional AI-assisted study recommendations as described in the AI Usage and Disclaimer Policy.
- Secure the Service, investigate incidents, and enforce policies.
- Process payments and fulfil contractual obligations.
- Respond to support requests and communicate service changes.
5. Legal bases for processing
Depending on jurisdiction and context, we rely on one or more of: performance of a contract; legitimate interests (such as security, product improvement, and B2B communication); compliance with legal obligations; and consent where required (for example, certain marketing cookies or optional features).
Institutions are responsible for establishing lawful bases for student data they control and for providing required notices to students and staff.
7. International transfers
We may process and store information in India and other countries where we or our subprocessors operate. Where required, we implement appropriate safeguards such as standard contractual clauses, data processing agreements, and technical controls for cross-border transfers.
8. Data retention
We retain personal information for as long as necessary to provide the Service, fulfil contractual and legal obligations, resolve disputes, and enforce agreements. Retention periods vary by data category and institutional settings.
Institutions may request export or deletion subject to contractual notice periods, active exam integrity requirements, and legal retention obligations. Backup copies may persist for a limited period after deletion.
- Account data: retained while the account is active and for a defined period thereafter.
- Exam and assessment records: retained according to institutional configuration and contract terms.
- Audit and security logs: retained for a period appropriate to security and compliance needs.
- Marketing leads: retained while relevant and until opt-out or deletion request, subject to legal limits.
9. Security
We implement administrative, technical, and organisational measures designed to protect personal information, including access controls, encryption in transit, monitoring, and least-privilege access for personnel. No method of transmission or storage is completely secure; institutions should also implement appropriate internal controls.
Report suspected security issues to support@testlaa.com. We will investigate and notify affected parties and institutions where required by law.
10. Your privacy rights
Depending on your location, you may have rights to access, correct, delete, restrict, or object to certain processing, and to data portability. Students at institutions should often direct requests to their institution first because the institution controls much of the data.
To exercise rights where we act as controller, contact legal@testlaa.com. We may verify your identity before responding. We aim to respond within timelines required by applicable law.
11. Children and students
The Service may be used by students who are minors when authorised by an educational institution. Institutions are responsible for obtaining any required parental or guardian consents and for configuring age-appropriate use.
We do not knowingly collect personal information directly from children under 13 outside an institutional relationship without appropriate consent. Contact legal@testlaa.com if you believe we have collected such information improperly.
13. Changes to this Policy
We may update this Privacy Policy from time to time. Material changes will be communicated through the Service or to institutional contacts. The "Last updated" date at the top indicates the latest revision.
14. Contact and grievances
Privacy and data-protection questions: legal@testlaa.com
General support (non-privacy): support@testlaa.com
Automated service emails may be sent from noreply@testlaa.com; that address is not monitored for inbound requests.
If you are in India and have concerns about our processing, you may also have rights to lodge a complaint with the relevant supervisory authority.
