Privacy Policy

Last updated: July 2025

At ExamAI, we take your privacy seriously. This policy explains what data we collect, how we use it, your choices, and how we keep it safe. We encourage you to read it carefully.

Information We CollectCookies & Tracking TechnologiesHow We Use Your InformationData Storage & SecurityThird-Party ServicesData Sharing & DisclosureYour Rights & ChoicesContact Us

This Privacy Policy applies to the ExamAI web application ("we", "us", "our") operated at examai.com and all related subdomains. It does not apply to third-party services that we link to or integrate with — please review their respective policies.

1. Information We Collect

We collect information you provide directly and information generated automatically when you use ExamAI.

Information You Provide

  • Account information: Name, email address, and password (hashed) when you register. If you sign up with Google, we receive your Google profile name and email.
  • Profile data: Avatar image, display preferences, and theme settings.
  • Uploaded files: PDF documents you upload for exam pattern analysis. Files are processed server-side and not stored permanently.

Information Generated Automatically

  • Activity data: Exam scores, question responses, time spent per question, coding challenge submissions, and interview performance summaries.
  • Gamification data: XP points, streak counts, earned badges, and leaderboard rankings.
  • Exam sessions: In-progress exam state (answers, current question, time remaining) is saved so you can resume interrupted exams.
  • Shared content: Exam results and presets you choose to share via unique links, including a view count.

2. Cookies & Tracking Technologies

We use cookies and similar technologies for essential functionality and, with your consent, analytics.

CategoryPurposeConsent
EssentialAuthentication sessions, CSRF protection, theme preferencesAlways active
Analytics (GA4)Page views, feature usage, performance metricsYour choice

Google Analytics 4

When you accept analytics cookies, we use Google Analytics 4 (GA4) to understand how users interact with ExamAI. GA4 uses Google Consent Mode v2 — analytics storage is denied by default and only enabled after you click "Accept analytics" in our cookie banner.

  • Data collected: Page views, session duration, device/browser type, approximate location (country/city level), and custom events listed below.
  • Custom events we track: exam generation, exam submission, interview start/completion, coding submission, sign-up, sign-in, result sharing, and PDF upload. These events include metadata like question count, score, and difficulty — never personal data.
  • Data retention: Google retains GA4 event data for 14 months by default, after which it is automatically deleted.

For more details, see Google's Privacy Policy and How Google uses data in GA4.

Local Storage

We use your browser's localStorage and sessionStorage for client-side preferences that never leave your device:

  • Cookie consent choice (examai_cookie_consent)
  • Theme preference
  • Saved exam presets
  • Solved coding problem IDs
  • Active exam session data (cleared after submission)

Managing Your Cookie Preferences

You can change your cookie consent choice at any time from your profile settings page. The Cookie Preferences section lets you accept or decline analytics cookies and reset your preference to re-show the consent banner on your next visit.

3. How We Use Your Information

  • Provide and operate ExamAI — generating exams, running interviews, evaluating code submissions
  • Save and resume in-progress exam sessions
  • Track your performance history, streaks, and achievements
  • Send password reset emails and email verification links via Resend
  • Generate aggregated, anonymized analytics to improve the platform
  • Enable sharing of exam results via unique, non-guessable links (only when you choose to share)
  • Prevent abuse through rate limiting on API endpoints

4. Data Storage & Security

  • Database: Your data is stored in MongoDB Atlas with encrypted connections (TLS). Passwords are bcrypt-hashed — we never store plaintext passwords.
  • Authentication: Session tokens are managed by NextAuth.js with JWT-based sessions stored in HTTP-only cookies.
  • Email service: Transactional emails (password reset, email verification) are sent via Resend. We do not send marketing emails.
  • AI processing: Exam questions, interview responses, and code evaluations are processed by Google Gemini AI. Prompts are stateless — we do not store your inputs in Google's systems beyond the processing request.
  • Uploaded PDFs: Files are parsed server-side for text extraction and immediately discarded. We do not retain uploaded files after processing.
  • Rate limiting: API endpoints are rate-limited to prevent abuse. Rate limit metadata is stored in memory on the server and not persisted.

While we take reasonable measures to protect your data, no system is perfectly secure. We encourage you to use a strong, unique password and to enable available security features.

5. Third-Party Services

ServicePurposeData Shared
Google OAuthSign-in / sign-upName, email, profile picture
Google Gemini AIExam generation, interview simulation, code evaluationContextual prompts (no personal data)
Google Analytics 4Usage analytics (with your consent)Anonymized usage data, custom events
ResendPassword reset & email verificationEmail address, reset link
MongoDB AtlasDatabase storageAll stored user data (encrypted in transit)

6. Data Sharing & Disclosure

  • We do not sell your personal data to anyone.
  • We share data with third-party services only as described in Section 5 above, strictly to operate the platform.
  • Shared results: When you share exam results, a unique, non-guessable link is generated. Anyone with the link can view the shared data. You can delete shared links at any time from your dashboard.
  • Leaderboard: User names and scores may appear on the public leaderboard. You can opt out in your profile settings.
  • We may disclose data if required by law or to protect the rights and safety of our users and the public.

7. Your Rights & Choices

  • Cookie consent: You can accept or decline analytics cookies via the cookie banner or from the Cookie Preferences section in your profile settings. Your choice is remembered across sessions. You can also reset your preference from profile settings to re-show the consent banner.
  • Access your data: You can view your profile, activity history, and exam results from your dashboard at any time.
  • Update your data: You can edit your name, email, avatar, and other profile information from the profile settings page.
  • Delete your account: You can permanently delete your account and all associated data from the profile settings page. This action is irreversible.
  • Opt out of analytics: Decline analytics cookies, use browser tracking protection, or install a GA4 opt-out extension.
  • Data portability: You can export your activity data by contacting us.

8. Contact Us

If you have questions about this privacy policy or your personal data, please contact us at:

ExamAI Privacy Team

Email: privacy@examai.com

We will respond to your request within 30 days. If you are not satisfied with our response, you have the right to lodge a complaint with your local data protection authority.

Changes to This Policy

We may update this privacy policy from time to time. We will notify you of any material changes by posting the new policy on this page and updating the "Last updated" date. Your continued use of ExamAI after changes are posted constitutes your acceptance of the updated policy.

← Back to HomeTerms of Service →