Privacy Policy
Article 1: Preamble
This policy informs users about the collection of personal data, defined as any information that can identify a user (surnames, first names, age, address, email, location, IP address). It details users' rights, identifies the data controller, lists the recipients of the data and explains the cookie policy.
This policy supplements the Legal Notice and the Terms of Use.
Article 2: Principles relating to the collection and processing of personal data
In accordance with European Regulation 2016/679, personal data must be:
Processed lawfully, fairly and transparently
Collected for specified, explicit and legitimate purposes
Adequate, relevant and limited to what is necessary
Accurate and kept up to date where necessary
Kept in a form permitting identification for an appropriate period
Processed with appropriate security against unauthorised or unlawful processing
Processing is lawful if at least one of the following conditions is met:
Consent of the data subject
Performance of a contract
Compliance with a legal obligation
Protection of vital interests
Performance of a task carried out in the public interest
Legitimate interests of the data controller or a third party
Article 3: Personal data collected and processed
Article 3.1: Data collected
The personal data collected includes:
Identification data (surname, first name, email address)
Documents uploaded by users (exam subjects, students' exam papers)
Application usage data (login history, actions performed)
Browsing data (cookies, IP address)
The purposes of the processing are:
Creation and management of the Examino account
Provision of the requested services (upload, storage and processing of documents)
Assistance with using the application
Improvement of the services and development of new features
Communication about updates and new features
Compliance with legal and regulatory obligations
Article 3.2: How data is collected
Data collected automatically includes:
IP address
Connection data (date, time)
Browser type
Strictly necessary cookies
Other data is collected during specific operations:
Registration: surname, first name, email (account creation)
Document upload: exam subjects and exam papers (provision of the service)
Use of features: interaction data (improvement)
Data is retained for a period of 6 years after the end of use of the services. The company may retain certain data beyond this period to fulfil its legal or regulatory obligations.
Article 3.3: Data hosting, processors and transfers
Personal data is stored within the European Union / European Economic Area:
Database: PlanetScale on AWS, Frankfurt region (eu-central-1, Germany), including backups
Files: Backblaze, eu-central-003 region (Amsterdam, Netherlands)
Application processing: Vercel, Paris (cdg1) and Frankfurt (fra1) regions
Some of our processors are companies established in the United States. Each is governed by a data processing agreement compliant with Article 28 of the GDPR and, for any processing involving access from a third country, by a valid transfer mechanism: certification under the EU-US Data Privacy Framework and/or the European Commission's Standard Contractual Clauses, supplemented by transfer impact assessments.
Content transmitted to artificial intelligence model providers is subject to the minimisation measures described in Article 3.4 (automatic redaction, submissions of the original version limited to the minimum necessary) and to a contractual no-training commitment: providers do not use the submitted content to train their models and retain it only for a limited period (30 to 55 days depending on the provider), solely for security and abuse-detection purposes, before deletion.
The complete and up-to-date list of our processors - including the named list of artificial intelligence model providers, with each one's role, country, data location and contractual safeguards - is published and kept up to date on the dedicated page: https://examino.ai/en/legal/subprocessors. Any change to this list is subject to prior notice in accordance with Article 28(2) of the GDPR.
Security measures include:
Strict access control and logging
Regular backups for integrity and availability
Article 3.4: Minimisation - automatic redaction of students' exam papers
Examino applies specific minimisation measures to students' exam papers uploaded by users:
Automatic redaction: upon upload, the student's name and any directly identifying elements detected are automatically masked, and it is this redacted version that is used for most of the artificial intelligence processing. Certain initial operations, first and foremost the very detection of the elements to be masked, nevertheless require submitting the original exam paper to an artificial intelligence model: these submissions are limited to the minimum necessary, before the redacted version takes over. The teacher continues to view the original exam paper in the application.
Neutralisation of handwriting: whenever the nature of the exam paper allows, the identifying character of the student's handwriting is neutralised before analysis.
No training and limited retention by model providers: the artificial intelligence model providers to which this content is transmitted contractually undertake not to use the submitted data to train their models; they retain it only for a limited period (30 to 55 days depending on the provider), solely for security and abuse-detection purposes, before deletion.
These measures constitute pseudonymisation within the meaning of the GDPR, not anonymisation: the teacher, who holds the exam papers and knows their students, remains able to re-identify them, and identifying elements may exceptionally escape redaction. Any user noticing a missed redaction is invited to report it to dpo@examino.ai.
Article 3.5: No solely automated decision-making (Article 22 GDPR)
Examino makes no decision producing legal effects or significantly affecting a person that would be based solely on automated processing, within the meaning of Article 22 of the GDPR.
In particular, no grade or comment is assigned to a student automatically: the results produced by the artificial intelligence models are proposals, systematically submitted for review by the teacher, who may freely modify or discard them and who remains the sole decision-maker regarding the grade and the comments given. The application is designed to make this human review effective (criterion-by-criterion detail, free editing, traceability of what was generated by the AI and what was decided by the teacher).
For any question about a grade or a comment, the student or their legal guardians should contact the teacher or the school, which has access to the details of the grading. How the artificial intelligence works is described in our transparency notice: https://examino.ai/fr/legal/ia.
Article 4: Data controller and data protection officer
Article 4.1: The data controller
EXAMINO, a simplified joint-stock company (société par actions simplifiée) with a share capital of €1,000, registered office: 49 RUE DE PONTHIEU 75008 PARIS, registered with the Paris Trade and Companies Register under number 989 510 375, represented by Mr Dimitri NICOLAS.
Contact:
Post: EXAMINO, 49 RUE DE PONTHIEU 75008 PARIS
Email: dpo@examino.ai
Article 4.2: The data protection officer
EXAMINO has appointed a data protection officer (DPO), who can be reached:
by email: dpo@examino.ai
by post: EXAMINO - DPO, 49 rue de Ponthieu, 75008 Paris
The DPO is the point of contact for any question relating to the protection of personal data and the exercise of the rights of data subjects (users, students and their legal guardians). The DPO performs their duties fully independently, in accordance with Articles 37 to 39 of the GDPR.
Anyone who, after contacting EXAMINO, considers that their rights are not being respected may lodge a complaint with the CNIL (French data protection authority) (3 place de Fontenoy, TSA 80715, 75334 Paris Cedex 07 - www.cnil.fr).
Article 5: Users' rights regarding data collection and processing
In accordance with European Regulation 2016/679 and the French Data Protection Act (Law 78-17 of 6 January 1978), users have the following rights:
Right of access, rectification and erasure of data
Right to data portability
Right to restriction of and objection to processing
Right not to be subject to a decision based solely on an automated process
Right to determine what happens to one's data after death
Right to lodge a complaint with the competent supervisory authority
To exercise these rights, send a request to EXAMINO or by email to dpo@examino.ai.
The data controller may request information such as: surname and first name, email address, account, personal space or subscriber number.
For more information, visit www.cnil.fr.
Article 6: Conditions for amending the privacy policy
EXAMINO reserves the right to amend this Policy to ensure its compliance with applicable law.
Amendments do not apply retroactively to prior purchases, which remain subject to the Policy in force at the time of purchase.
Users are invited to review this Policy each time they use the services.
Published: 20 October 2024
Last updated: 7 July 2026