Legal

Privacy Policy

OralExam.AI is committed to protecting the privacy of students, educators, and institutions. This policy explains how we collect, use, and safeguard your information.

Effective Date: March 26, 2026

Overview

Introduction and Scope

This Privacy Policy (“Policy”) describes how OralExam.AI (“Company,” “we,” “us,” or “our”) collects, uses, discloses, and protects information obtained through our website, platform, and related services (collectively, the “Service”).

This Policy applies to all users of the Service, including students, instructors, administrators, and institutional representatives. By accessing or using the Service, you acknowledge that you have read, understood, and agree to be bound by this Policy.

OralExam.AI provides AI-powered oral examination tools designed for use in accredited educational institutions. Given the nature of our Service, we handle student education records and take our obligations under applicable privacy laws, including the Family Educational Rights and Privacy Act (FERPA), extremely seriously.

Data collection

Information We Collect

Personal Information

We collect personal information that you provide directly when creating an account or using the Service, including:

Name, email address, and institutional affiliation
Role designation (student, instructor, or administrator)
Course enrollment information and institutional identifiers
Profile information you choose to provide

Educational Records

In the course of providing oral examination services, we process the following educational records:

Written submissions (essays, papers, and other coursework uploaded for examination)
Oral examination transcripts and audio recordings
AI-generated assessment results, evaluation reports, and examiner feedback
Student learning outcome (SLO) tracking data

Usage and Technical Data

We automatically collect certain technical information when you use the Service, including:

Browser type, operating system, and device information
IP address and approximate geographic location
Pages visited, features used, and interaction patterns
Cookies and similar tracking technologies for session management and analytics

Data use

How We Use Your Information

Service Delivery

Generate personalized oral examination questions based on student submissions
Conduct and record AI-facilitated oral examinations
Produce assessment reports, results, and feedback for instructors and students
Track student learning outcomes across courses and semesters

Service Improvement

Analyze aggregate, de-identified usage patterns to improve examination quality and fairness
Develop and refine our AI models using anonymized and aggregated data only
Monitor system performance, uptime, and reliability

Communication

Send transactional notifications related to examinations and account activity
Provide customer support and respond to inquiries
Communicate important updates regarding the Service or this Policy

Regulatory compliance

FERPA Compliance

OralExam.AI is designed to fully comply with the Family Educational Rights and Privacy Act (FERPA), 20 U.S.C. § 1232g, and its implementing regulations at 34 CFR Part 99. Institutions can deploy OralExam.AI with confidence that student education records are handled in accordance with federal law.

School Official Designation

When an educational institution contracts with OralExam.AI, we operate as a “school official” with a “legitimate educational interest” in student education records, as defined under FERPA (34 CFR § 99.31(a)(1)(i)). Our institutional agreements establish that OralExam.AI:

Performs an institutional service or function for which the institution would otherwise use its own employees
Has been determined to meet the institution's criteria for “school official” with “legitimate educational interest”
Is under the direct control of the institution with respect to the use and maintenance of education records
Complies with the conditions governing the use and re-disclosure of personally identifiable information (PII) from education records

Handling of Student Education Records

Student education records processed through OralExam.AI, including submissions, examination transcripts, and assessment results, are maintained with the following safeguards:

Access to education records is limited to authorized personnel at the contracting institution and OralExam.AI staff who require access to provide the Service
Education records are used solely for the purposes specified in our institutional agreements
Records are stored using encryption at rest and in transit, with access controls enforced at every layer
Institutions retain ownership of all student education records at all times

Directory Information

OralExam.AI does not treat any student information as “directory information” under FERPA. All student data received from institutions is treated as protected education records, regardless of whether the institution has designated certain fields as directory information in its own FERPA policy.

No Re-Disclosure Without Consent

OralExam.AI does not re-disclose personally identifiable information from student education records to any third party without prior written consent from the student (or parent, if applicable), unless such disclosure is otherwise permitted under FERPA. This prohibition extends to our AI model providers, who receive only anonymized and de-identified data as described in the Data Sharing section below.

Child privacy

COPPA Compliance

OralExam.AI is designed for use in higher education and is generally not intended for children under the age of 13. However, we recognize that certain institutional deployments may involve younger users, and we take our obligations under the Children's Online Privacy Protection Act (COPPA) seriously.

If we become aware that a user is under 13 years of age, we will not knowingly collect personal information from that user without verifiable parental consent. In cases where an educational institution has contracted with OralExam.AI and provides consent on behalf of parents under the COPPA school consent exception, we will rely on that institutional consent and limit data collection to what is reasonably necessary to provide the educational Service.

Parents and guardians may contact us at any time to review, delete, or refuse further collection of their child's personal information by emailing hello@oralexam.ai.

Third parties

Data Sharing and Third Parties

OralExam.AI does not sell, rent, or trade your personal information or student education records to any third party, under any circumstances.

AI Model Providers

Our oral examination and assessment features utilize third-party AI language models. When student data is processed through these models, we employ the following protections:

Personally identifiable information is stripped or anonymized before transmission to AI model providers
We maintain data processing agreements with all AI providers that prohibit them from using input data for model training
AI providers do not retain examination data beyond the processing window necessary to generate responses

Cloud Infrastructure

We use industry-standard cloud service providers to host the Service. These providers are contractually bound to maintain appropriate security measures and are prohibited from accessing or using your data for their own purposes. Our infrastructure providers maintain SOC 2 Type II certification and comply with applicable data protection regulations.

Legal Requirements

We may disclose information when required by law, subpoena, or other legal process, or when we believe in good faith that disclosure is necessary to protect our rights, your safety, or the safety of others. In such cases involving student education records, we will comply with FERPA's requirements regarding lawful disclosure and will notify the contracting institution when permitted by law.

Data lifecycle

Data Retention and Deletion

We retain your information only for as long as necessary to fulfill the purposes described in this Policy, or as required by our agreements with educational institutions and applicable law.

Student education records are retained for the duration of the institutional agreement, plus a reasonable wind-down period to allow for data export. Upon termination of the agreement, education records are securely deleted within 90 days unless the institution requests an earlier deletion or an extension for data migration.
Account information for individual users is retained for as long as the account is active. Users may request account deletion at any time.
Usage and analytics data is retained in aggregate, de-identified form and is not subject to individual deletion requests.

Institutions and individual users may request data deletion by contacting us at hello@oralexam.ai. We will process deletion requests within 30 days of receipt, subject to any legal obligations to retain certain information.

Data protection

Security

OralExam.AI implements administrative, technical, and physical safeguards designed to protect the confidentiality, integrity, and availability of your information. These measures include:

Encryption of data at rest (AES-256) and in transit (TLS 1.2+)
Role-based access controls with the principle of least privilege
Regular security assessments and vulnerability scanning
Audit logging of all access to student education records
Incident response procedures with defined notification timelines

For a comprehensive overview of our security architecture, certifications, and practices, please visit our Security page.

User rights

Your Rights

Depending on your jurisdiction and role, you may have the following rights with respect to your personal information and education records:

Access: Request a copy of the personal information we hold about you, including any education records processed through the Service
Correction: Request correction of inaccurate or incomplete personal information
Deletion: Request deletion of your personal information, subject to legal and contractual retention obligations
Data Portability: Request a machine-readable export of your data in a commonly used format
Objection: Object to certain processing activities where permitted by applicable law

For students at FERPA-covered institutions, rights to access and amend education records are exercised through your institution as required by FERPA. We will cooperate with your institution to fulfill such requests promptly.

To exercise any of these rights, please contact us at hello@oralexam.ai. We will respond to all requests within 30 days.

Updates

Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, the Service, or applicable law. When we make material changes, we will:

Update the “Effective Date” at the top of this Policy
Notify institutional administrators via email at least 30 days prior to the changes taking effect
Post a prominent notice on the Service for all users

For changes that materially affect the handling of student education records, we will provide institutions with sufficient advance notice and, where required by our institutional agreements, obtain written consent before implementing such changes.

Get in touch

Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

OralExam.AI

Email: hello@oralexam.ai

We aim to respond to all privacy-related inquiries within five (5) business days. For urgent matters related to student education records or potential data incidents, please include “URGENT” in the subject line of your email.