These documents are provided for transparency and operational clarity. They are not a substitute for advice from qualified legal counsel. Institutions with enterprise agreements should also follow their executed order form or MSA.

← All legal documents

Privacy Policy

How Testlaa collects, uses, shares, and protects personal information.

Last updated: 2026-05-24

1. Introduction

This Privacy Policy explains how Testlaa ("we", "us", "our"), operated by or on behalf of Freshbix, collects, uses, discloses, and protects personal information when you visit our websites, use our applications, participate in assessments, or interact with us for sales and support.

This Policy applies to personal information we process as a controller (for example, website visitors, demo requests, and direct billing contacts) and describes our practices when we process personal information on behalf of institutions as a processor or service provider (for example, student roster data uploaded by a college).

2. Controller and processor roles

When an institution provisions student or staff accounts, uploads rosters, or configures exams, the institution typically determines the purposes and means of processing that personal information and acts as the data controller (or equivalent under applicable law). We process that information on the institution's documented instructions to provide the Service.

For website analytics, marketing leads, and account administration relating to institution contracts, we may act as an independent controller. Where required, we enter into data processing agreements with institutions.

3. Information we collect

We collect information you provide directly, information generated through use of the Service, and information from third parties where permitted.

  • Identity and contact data: name, email, phone, registration number, role, department, cohort, and profile photo where uploaded.
  • Account and authentication data: hashed credentials, session tokens, login timestamps, and multi-factor settings where enabled.
  • Assessment data: exam responses, code submissions, scores, proctoring signals where enabled, timestamps, and activity logs.
  • Study plan and collaboration data: tasks, comments, mentions, notifications, and mentor interactions.
  • Institution and billing data: organisation name, billing contacts, tax identifiers where provided, subscription tier, and usage metrics.
  • Technical data: IP address, device type, browser, operating system, crash logs, and security audit events.
  • Marketing and support data: demo requests, support tickets, and communication preferences.

4. How we use personal information

We use personal information to provide, maintain, and improve the Service; authenticate users; deliver exams and study plans; generate analytics for authorised administrators; send transactional and in-app notifications; prevent fraud and abuse; comply with law; and, with appropriate basis, send product updates to institutional contacts.

We do not sell personal information. We do not use institution student exam content to train public third-party AI models unless explicitly disclosed and permitted under a separate agreement and institutional configuration.

  • Provide core platform functionality requested by users and institutions.
  • Generate institution-facing analytics, cohort insights, and audit logs.
  • Operate optional AI-assisted study recommendations as described in the AI Usage and Disclaimer Policy.
  • Secure the Service, investigate incidents, and enforce policies.
  • Process payments and fulfil contractual obligations.
  • Respond to support requests and communicate service changes.

6. How we share information

We share personal information only as described below and subject to appropriate safeguards.

  • With the institution that provisioned or manages the user account, including administrators and authorised cohort admins.
  • With subprocessors that help us host, deliver email, monitor uptime, process payments, or provide AI infrastructure, under contractual confidentiality and security obligations.
  • With professional advisers, auditors, and insurers under confidentiality duties.
  • With law enforcement or regulators when required by law or to protect rights, safety, and security.
  • In connection with a merger, acquisition, or asset sale, subject to continued protection consistent with this Policy.

7. International transfers

We may process and store information in India and other countries where we or our subprocessors operate. Where required, we implement appropriate safeguards such as standard contractual clauses, data processing agreements, and technical controls for cross-border transfers.

8. Data retention

We retain personal information for as long as necessary to provide the Service, fulfil contractual and legal obligations, resolve disputes, and enforce agreements. Retention periods vary by data category and institutional settings.

Institutions may request export or deletion subject to contractual notice periods, active exam integrity requirements, and legal retention obligations. Backup copies may persist for a limited period after deletion.

  • Account data: retained while the account is active and for a defined period thereafter.
  • Exam and assessment records: retained according to institutional configuration and contract terms.
  • Audit and security logs: retained for a period appropriate to security and compliance needs.
  • Marketing leads: retained while relevant and until opt-out or deletion request, subject to legal limits.

9. Security

We implement administrative, technical, and organisational measures designed to protect personal information, including access controls, encryption in transit, monitoring, and least-privilege access for personnel. No method of transmission or storage is completely secure; institutions should also implement appropriate internal controls.

Report suspected security issues to support@testlaa.com. We will investigate and notify affected parties and institutions where required by law.

10. Your privacy rights

Depending on your location, you may have rights to access, correct, delete, restrict, or object to certain processing, and to data portability. Students at institutions should often direct requests to their institution first because the institution controls much of the data.

To exercise rights where we act as controller, contact legal@testlaa.com. We may verify your identity before responding. We aim to respond within timelines required by applicable law.

11. Children and students

The Service may be used by students who are minors when authorised by an educational institution. Institutions are responsible for obtaining any required parental or guardian consents and for configuring age-appropriate use.

We do not knowingly collect personal information directly from children under 13 outside an institutional relationship without appropriate consent. Contact legal@testlaa.com if you believe we have collected such information improperly.

12. Cookies and similar technologies

We use cookies and similar technologies for authentication, session management, preferences, analytics, and security. You can control cookies through browser settings; disabling essential cookies may affect Service functionality.

13. Changes to this Policy

We may update this Privacy Policy from time to time. Material changes will be communicated through the Service or to institutional contacts. The "Last updated" date at the top indicates the latest revision.

14. Contact and grievances

Privacy and data-protection questions: legal@testlaa.com

General support (non-privacy): support@testlaa.com

Automated service emails may be sent from noreply@testlaa.com; that address is not monitored for inbound requests.

If you are in India and have concerns about our processing, you may also have rights to lodge a complaint with the relevant supervisory authority.