ExamLock
ExamLock Back to Home

Privacy Policy

Last updated: February 2026

1. Overview

ExamLock is an exam and test integrity platform used by Australian schools. We are committed to protecting student privacy in accordance with the Australian Privacy Principles (APPs) under the Privacy Act 1988 (Cth) and applicable state education privacy legislation. This policy explains what data we collect, why, and how it is handled.

2. Data We Collect

  • Student number — a pseudonymous identifier assigned by the school. This is the only student identifier collected. Students do not have accounts, emails, or passwords.
  • Device identifier — a random device ID generated on first app launch, hashed (SHA-256) before being sent to the server. Used to associate check-ins with a specific device during an exam or test session. The server never sees the raw device ID.
  • Exam check-in timestamps — records when a student checks into an exam or test via QR code or NFC tag.
  • Phone lock status — whether the student's phone is locked during an exam or test, and when it was locked/unlocked.
  • Violation events — records of policy violations during an exam or test (e.g., leaving the app, unlock attempts). Includes timestamp and violation type only.
  • Teacher email address — used for account authentication and login. Collected only from teachers, not students.
  • Teacher name — used for display purposes within the platform (e.g., identifying who created an exam). Collected only from teachers.

3. Data We Do NOT Collect

  • Student names or personal identifiers
  • Phone numbers
  • Parent or guardian information
  • Location data or GPS coordinates
  • Browsing history or app usage outside of exams and tests
  • Contacts, photos, files, or any on-device content
  • Biometric data

4. How We Use Data

All collected data is used exclusively for exam and test integrity purposes:

  • Identifying students during exam or test sessions (via student number only)
  • Recording exam attendance and check-in status
  • Monitoring phone lock compliance during exams and tests
  • Logging and reporting violations to authorised school staff

5. Data Storage and Hosting

Data is stored in a Supabase-hosted PostgreSQL database with row-level security (RLS) policies ensuring that users can only access data they are authorised to view. All data is encrypted in transit (TLS 1.2+) and at rest. Authentication tokens are stored locally on devices using encrypted storage (Android EncryptedSharedPreferences, iOS Keychain).

6. Data Sharing

We do not sell, trade, or share student data with third parties. Data is accessible only to:

  • The student (their own records)
  • Authorised teachers and school administrators within the same school
  • ExamLock platform administrators for technical support purposes only

7. Data Retention

Exam and test session data (check-ins, violations) is retained for the duration of the school's subscription. Schools may request deletion of all associated data at any time. Student records can be removed by school administrators through the dashboard.

8. Your Rights

Under the Australian Privacy Principles, individuals have the right to:

  • Access the personal information we hold about them
  • Request correction of inaccurate information
  • Request deletion of their data
  • Lodge a complaint about privacy handling

To exercise these rights, contact your school administrator or reach out to us directly.

9. Children's Privacy

ExamLock is used in educational settings with students under 18. Students do not have accounts — they are identified solely by their school-assigned student number. We minimise data collection to only what is necessary for exam and test integrity, and we do not collect personal names, emails, phone numbers, or parent information.

10. App Permissions

The ExamLock student app requests the following device permissions, each with a specific purpose:

  • Usage Stats Access — monitors which app is in the foreground to enforce exam or test mode. No app usage data is stored or transmitted.
  • Display Over Other Apps — displays a blocking overlay to prevent app switching during exams and tests.
  • Camera — used solely for scanning QR codes during exam or test check-in.
  • NFC — used for NFC tag-based exam or test check-in.

11. Changes to This Policy

We may update this privacy policy from time to time. Changes will be posted on this page with an updated revision date. Schools will be notified of material changes via email.

12. IT Procurement

For IT procurement teams and IT directors, see our detailed Security & Compliance document covering infrastructure security, breach analysis, and Australian Privacy Principles compliance.

13. Contact

For privacy-related inquiries or complaints, please contact us at info@examlock.me.