Legal
OralExam.AI is committed to protecting the privacy of students, educators, and institutions. This policy explains what information we collect, how we use it, and the rights you have over your data. We comply with the Family Educational Rights and Privacy Act (FERPA), applicable state student privacy laws, and, for international users, the EU General Data Protection Regulation (GDPR).
Effective Date: April 16, 2026
Last Updated: April 18, 2026
Navigate
Section 1
OralExam.AI, Inc. (“OralExam.AI,” “we,” “us,” or “our”) operates an AI-powered academic integrity verification platform designed for use by educational institutions. Our platform allows students to submit academic work and participate in AI-conducted oral interviews, enabling instructors to verify student understanding and assess academic integrity.
If you are a student, faculty member, or staff member of an institution that uses OralExam.AI, your institution (“the Institution”) is the primary controller of your education records. OralExam.AI processes your data as a service provider acting under the Institution's direction, consistent with our role as a “school official” under FERPA.
Section 2
When an institution deploys OralExam.AI, it may provide us with certain information about enrolled students and authorized users, including:
When you use the platform, you provide:
Our platform automatically generates the following data in connection with your use of the Services:
OralExam.AI does not collect Social Security Numbers, government ID numbers, health or medical information, financial account information, or biometric identifiers. We do not collect data from students for advertising, marketing, or commercial profiling purposes.
Section 3
We use the information described in Section 2 solely for the following purposes:
| Purpose | How We Use the Data |
|---|---|
| Provide the Services | Conduct AI oral assessments, generate interview records, and deliver assessment reports to instructors |
| Institutional reporting | Provide faculty and administrators with access to assessment results and platform analytics for their courses |
| Platform security and integrity | Detect unauthorized access, prevent fraud, and maintain the security of the platform |
| Technical support | Diagnose and resolve technical issues reported by institutions or users |
| Legal compliance | Comply with applicable law, court orders, and institutional contractual obligations |
| De-identified product analytics | Improve platform performance using aggregated, non-identifiable usage data from which no individual can be identified |
Section 4
OralExam.AI is committed to full compliance with the Family Educational Rights and Privacy Act (FERPA), 20 U.S.C. § 1232g. The following describes how we fulfill our obligations under FERPA.
Section 5
This section explains how OralExam.AI's AI systems interact with student data. We believe transparency about AI practices is essential for trust in educational settings.
OralExam.AI does not use Education Records, student submissions, AI Interview Records, or assessment outputs to train, fine-tune, or otherwise update any artificial intelligence or machine learning model, including large language models. This prohibition is absolute and is enforced through technical controls that segregate production student data from any model development environment.
We use only fully de-identified, aggregated data (from which no individual student can be identified) for product analytics and platform improvement.
Before any AI interview session, students are notified that:
No AI-generated output from OralExam.AI constitutes a final academic determination. All assessment reports, integrity scores, and interview evaluations are provided to instructors as inputs to human judgment, not as automated decisions. Institutions configure whether and how AI outputs are used in academic evaluation.
We conduct testing of our AI interview models to evaluate accuracy and fairness across student demographic groups, including students of different racial and ethnic backgrounds, gender identities, disability statuses, and native language profiles. Summary results of our most recent testing are available to institutions upon written request.
Section 6
We do not sell, rent, or trade your personal information. We share data only in the following limited circumstances:
We share assessment results, interview records, and usage data with the Institution's authorized faculty and administrators, as directed by the Institution.
We engage third-party service providers (“Sub-Processors”) to assist in delivering the Services, such as cloud hosting providers and AI inference services. Each Sub-Processor is contractually bound to: (a) use student data only for services provided to OralExam.AI; (b) maintain security standards equivalent to ours; and (c) not use student data for AI training or advertising.
A current list of our Sub-Processors is maintained in our Data Processing Agreements and is available to institutions upon request. We provide institutions with at least 14 days' advance notice before adding a Sub-Processor that will receive student data.
We may disclose data if required by applicable law, court order, or governmental authority. Where permitted by law, we will notify the relevant institution before complying with such a request.
We may share information in other circumstances with your explicit written consent.
Section 7
We retain Education Records only for as long as necessary to provide the Services and to fulfill our legal obligations under each institutional agreement. Our default retention periods are:
| Data Category | Default Retention | Deletion Method |
|---|---|---|
| Student submissions and AI interview transcripts | 12 months after end of academic term | Secure deletion from our production database and object storage, both of which are encrypted at rest. Automated backup copies expire on our cloud provider's standard retention schedule (typically 7 days for point-in-time recovery). |
| Assessment reports and scores | 12 months after end of academic term | Secure deletion per institutional DPA, subject to the same backup retention schedule described above. |
| Access and security logs | Up to 3 years (security and audit purposes), subject to the retention settings of our analytics and log-processing vendor | Automatic expiration per vendor retention configuration |
| De-identified analytics data | Indefinitely (not personal data) | N/A — cannot be linked to individuals |
Upon contract termination, we will return or securely destroy all Education Records within 60 days, at the Institution's election, and provide written certification of deletion. Institutions may also request deletion of records for individual students at any time.
Section 8
We implement and maintain a comprehensive information security program that includes:
We are actively pursuing SOC 2 Type II certification. Our current security attestation status is available to institutions upon written request. For a comprehensive overview of our security architecture and practices, visit our Compliance page.
Section 9
In the event of a confirmed or reasonably suspected unauthorized access to student data, we will notify the affected institution within 72 hours of discovery, consistent with our contractual obligations and applicable law. Notification will include a description of the incident, the categories of data affected, the likely consequences, and the steps we are taking to address the situation.
We will cooperate fully with the institution in any required notification to students or regulatory authorities.
Section 10
OralExam.AI is designed for use in post-secondary educational settings and is not directed at children under the age of 13. We do not knowingly collect personal information from children under 13, and the service is not deployed in K-12 environments.
Institutions considering K-12 use — including community colleges or dual-enrollment programs where students under 13 may participate — must contact us before deployment so that we can establish appropriate parental-consent and data-handling controls.
Section 11
Students have the following rights with respect to their Education Records held by OralExam.AI on behalf of their institution:
If you are located in the European Union or United Kingdom, the GDPR or UK GDPR may apply to the processing of your personal data. Subject to applicable law and your institution's role as a data controller, you may have rights to:
To exercise these rights, contact your institution's data protection officer or privacy office. OralExam.AI processes data as a data processor under the direction of the Institution as data controller and will cooperate with institutions in fulfilling these requests.
California residents may have additional rights under the California Consumer Privacy Act (CCPA) and the California Student Privacy Alliance Act. To the extent OralExam.AI processes personal information subject to California law outside of FERPA's scope, California residents may request disclosure of data categories collected and purposes of use. Contact us at contact@oralexam.ai for more information.
Section 12
OralExam.AI is based in the United States. If your institution is located outside the United States, personal data may be transferred to and processed in the United States, where data protection laws may differ from those in your jurisdiction.
For institutions in the European Union or United Kingdom, we execute Data Processing Agreements that include the European Commission's Standard Contractual Clauses (SCCs) or their UK equivalent, as required by GDPR and UK GDPR.
Please contact us at contact@oralexam.ai to discuss international data transfer mechanisms applicable to your institution's deployment.
Section 14
We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or platform features. We will notify institutions of material changes by:
For changes required by law with no advance notice period, we will notify institutions as promptly as possible.
Section 15 — Get in touch
If you have questions about this Privacy Policy or our data practices, please contact:
OralExam.AI, Inc.
Privacy & Compliance — Darryl
6173 Canal Blvd.Email: contact@oralexam.ai
Website: https://oralexam.ai/privacy
We aim to respond to all privacy-related inquiries within five (5) business days. For urgent matters related to student education records or potential data incidents, please include “URGENT” in the subject line of your email.