Your privacy is important to us and so is being transparent about how we collect, use, and share information about you. This Privacy Policy explains our privacy practices for the activities described herein. Please read this Privacy Policy carefully to learn how we collect, use, disclose, store, and handle your personal information when you access our website or use any of our Services. Any reference to "Xamify," "we," "us," "our" or the "Company" is a reference to Xamify. When you access our Website or use our Services you agree to the terms of this Privacy Policy.

Sometimes we will need to update our Privacy Policy so it may change from time to time. By continuing to use our Website or Services after we make any changes, you will be deemed to have accepted those changes, so it is important that you read this Privacy Policy in its entirety and check this Privacy Policy regularly for any updates.

What is personal information?

'Personal information' is information we collect and hold which is identifiable as being about you.

This policy covers how we treat your information, including your personal information, that you provide when you access or use our services. Our services include Xamify, an AI-powered exam creation and grading platform for schools and teachers. We are not responsible for and our services don't extend to the services of any company we don't own or control, or people that we don't manage.

Types of information we collect

We collect personal information directly only when you provide it to us. The types of personal information we collect includes but is not limited to:

Identifying information such as name;
Contact information such as email address and phone number;
Professional information including qualifications and teaching curriculum;
Institution or school information;
Exam content and questions you create;
Student performance data (if applicable);
Usage data and analytics.

Any sensitive information you provide to us may be relevant to providing you with our services, and you acknowledge that we will use your sensitive information for this sole purpose. Your sensitive information will only be disclosed for another purpose where you would reasonably expect the sensitive information to be disclosed, and the disclosure is directly related to providing you with our services.

Data Ownership: For users accessing our Services through a school, institution, or paid subscription, all data you provide or upload to our platform remains your property. We act solely as a processor of this information to provide you with our services.

Cloud-based Data Storage and Management

We use secure cloud-based data storage solutions for managing files uploaded by users to our services. These documents are stored on secure cloud infrastructure which helps us organise data in a structured manner. Access to these documents is restricted to ensure that users can only access their own uploaded data.

Users have the capability to delete their data safely and completely. Our systems are designed to ensure data fetching is conducted securely, which enhances data retrieval processes and security. The AI systems involved in managing these documents process only the contents within the files necessary to provide our services.

Ways of collecting information

We have different ways of collecting information. We collect your personal information directly from you, including when you:

Access or use our Website;
Subscribe to, purchase or use our Services;
Use our Services as an authorised user (for example, as an employee of one of our customers who provided you with access to our services);
Sign up to receive marketing material including exclusive offers, promotions, or events;
Participate in surveys, competitions, promotions or request information or material from us;
Make inquiries about us or our Services or otherwise communicate with us by email, by telephone, in person, via the Website or otherwise; and
Apply to work with us or are engaged by us.

We may collect personal information about you which may be provided to us by a teacher or staff member working at a particular school to which we provide our Services.

How do we use cookies and analytics?

Certain information is collected automatically through your device, such as your computer address, computer type, operating system name and version, device manufacturer and model, language, Internet browser type and the websites you visit, including through cookies and analytics. We collect this information to analyse data, to track your experience on our Website and to improve the functionality and experience of Xamify products, services and our Website.

We use the following technologies to collect technical information and general analytics:

Cookies – these are type of data files that are placed on your device and often include an anonymous unique identifier;
Log files, which track actions occurring on our Website (which we collect anonymous data on and track); and
Web beacons, tags, and pixels, which are electronic files used to record information about how you browse our Website.

By using our Website and our Services, you are consenting to the use of these technologies in accordance with this Privacy Policy.

How we use and disclose information

In general, we use your personal information for purposes or legitimate interests connected with our business. We use your personal information strictly for the purposes of providing our Services to you. Specifically:

To enable the proper operation and functionality of our Services as requested by you or your organisation;
To verify your identity when you access our Services;
To communicate with you regarding our Services and to address any updates, issues or complaints;
To consider you for a job at Xamify (whether as an employee or contractor) or other relationships with us;
To meet our legal obligations related to providing our Services;
To contact you regarding the above, including via electronic messaging such as email, by mail, by phone or in any other lawful manner.

No Training on Your Data: For schools, institutions, and paid subscribers, we do not use your data for any purposes beyond what is necessary to provide you with our platform and services. We do not train any artificial intelligence models on institutional or paid-subscriber data, nor do we use it for any purposes not directly related to your use of our Services.

Who do we disclose personal information to?

We may disclose your personal information to third parties in connection with the purposes described above. This may include disclosing your personal information to the following types of third parties:

Our professional advisers (such as lawyers, accountants or auditors) and insurers;
Our employees, contractors and third party service providers who assist us in performing our functions and activities;
Payment systems operators and financial institutions;
Cloud service providers and data storage providers;
Telecommunications providers and IT support services providers;
Third parties to whom you have authorised us to disclose your information; and
Any other person as required or permitted by law.

We may also share anonymous or de-identified usage data with our service providers for the purpose of helping us in such analysis and improvements. Additionally, we may share such anonymous or de-identified usage data on an aggregate basis in the normal course of operating our business.

Data Security Practices

We implement industry-standard security measures to protect your personal information:

Encryption: We use encryption in transit and at rest to protect your sensitive data;
Access Controls: We maintain strict access controls and authentication systems;
Regular Audits: We conduct regular security audits and assessments;
Accredited Infrastructure: We use accredited data centers via Google Cloud Platform and Firebase;
Incident Response: We have processes in place to detect and respond to security incidents.

While we have implemented appropriate organisational and technical measures, we cannot guarantee the security of transmission of personal information online. All personal information you share with us online is disclosed at your own risk. Please notify us immediately if you become aware of any breach of security.

How long do we keep your personal information?

We will keep your personal information only for as long as necessary to provide you with our Services, unless a longer retention period is required by law or specified in our retention policy. When you request deletion of your data, we ensure it is deleted completely from our systems, except where retention is necessary to comply with legal obligations, resolve disputes, or maintain security.

Your rights in relation to information

You may seek access, correct or update personal information we hold about you by contacting us as described in the "How to contact us" section below. You may have the following rights:

Access: Request access to personal information we hold about you;
Correction: Request correction of inaccurate data;
Deletion: Request erasure of personal information we hold about you;
Withdraw Consent: Withdraw consent where we relied on your consent to process your personal information;
Restrict Processing: Request that we restrict our use of your personal information;
Data Portability: Request a copy of your personal information in a structured, machine-readable format;
Opt-out: Opt-out of marketing communications at any time.

We may require that the person requesting access provide suitable identification and where permitted by law we may charge a fee for giving access to your personal information. These rights apply to the extent required under applicable privacy laws.

Data Ownership and AI Training

Institutional and Paid-Subscriber Data:

Any school, educational institution, or organisation holding a paid subscription with Xamify retains full and exclusive ownership over all data submitted by or on behalf of that organisation and its students. This includes all exam content, student work, assessment data, and any other content uploaded or generated through the use of our Services. We will not use institutional or paid-subscriber data — including their students' data — for model training, product development, or any purpose beyond delivering the Services to that organisation.

Compliance and Best Practices

We follow industry best practices and implement appropriate technical and organisational measures to protect your personal information. Our privacy and security practices are aligned with OWASP guidelines and industry standards. Our privacy practices are designed to align with the principles of:

Data Minimisation: We collect only the information necessary to provide our services;
Transparency: We provide clear information about our data practices;
User Control: We give you control over your personal information;
Security by Design: We implement security measures from the ground up;
Regular Review: We regularly review and update our privacy and security practices.

How can you complain about a privacy issue?

You may make a privacy complaint in relation to personal information we hold about you by contacting us as described in the "How to contact us" section below.

If you make a privacy complaint, our team will investigate the matter and attempt to resolve it as soon as reasonably possible (usually within 30 days of receipt of your complaint).

If you believe your concerns have not been resolved satisfactorily by us, or you wish to obtain more information on privacy requirements you can contact your regulatory authority. This may be:

The Office of the Australian Information Commissioner on 1300 363 992 or visit their website at www.oaic.gov.au;
Your local data protection authority: European Data Protection Board;
The Office of the Privacy Commissioner (NZ): www.privacy.org.nz; or
The Office of the Privacy Commissioner (Canada): www.priv.gc.ca.

How to contact us

If you have a query, concern or complaint about the manner in which your personal information has been collected or handled by us or would like to request access to or correction of the personal information we hold about you, please contact us:

Xamify
Attention: Privacy Officer

Email: info@xamify.com.au
Website: Contact Form

International Data Transfers

We store personal information in secure data centers. Where we transfer personal information internationally, we take appropriate steps to ensure that overseas recipients that we disclose personal information to have adequate safeguards in place. This may include assessing the privacy laws in the country where the information is disclosed or putting in place contractual clauses with third party service providers regarding data handling practices.

Changes to this Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last Updated" date. You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page.