CISCE's Data Privacy Policy for ExamEye App

The Council for the Indian School Certificate Examinations (CISCE) ("CISCE", "we", "us", or "our") is committed to protecting the privacy, confidentiality, and integrity of information processed through this mobile application ("App").

ExamEye ("the App") is an official examination support application designed for use by authorized school users and examiners operating under the Council for the Indian School Certificate Examinations (CISCE) framework.

This Data Privacy Policy explains how information is collected, used, stored, and protected in compliance with CISCE norms and best practices.

1. Purpose and Scope of the Application

The App is designed exclusively for use by authorised CISCE officials and examination functionaries to support examination logistics and document movement tracking.

The App:

• Is not a general-purpose application
• Is not intended for commercial use
• Does not support advertising, analytics-based profiling, or marketing

2. Scope and Intended Use

ExamEye is intended solely for:

• Exam Functionary to Examination Centre mapping
• Monitoring and audit of movement of confidential documents for CISCE's ISC and ICSE Board examinations
• Confidential document related data capture and evidence submission

The App is not intended for general public use or commercial purposes.

3. Geographic Usage Restriction

ExamEye is geographically limited to countries and regions where CISCE-affiliated schools operate.

• Access and usage are restricted to authorized CISCE institutions and personnel.
• The App is not targeted, promoted, or intended for users outside CISCE-operational countries.
• Data collection and processing are aligned with the fair conduct of CISCE's ISC and ICSE Board Examinations

4. Data Collection

a. Personal Information

Collected strictly for core functionality:

• Phone Number - Used exclusively for OTP-based authentication
• Email Address - Used for examiner identification and exam centre mapping

This information is provisioned through official CISCE / school records and is not collected from public sources.

b. Photos and Media

• Images captured by the user - Purpose: Evidence submission only, to validate the secure and timely movement of confidential documents.

The app:

• Captures images only upon explicit user action
• Does not access background media
• Does not scan or collect other device photos or videos

c. App Activity

The app captures:

• Login timestamps
• Confidential documents submission status
• Examiner–centre mapping references
• Location data strictly required to ensure the secure movement of confidential documents required for the fair conduct of ISC and ICSE Board Examinations. Location Data of the user is collected while the user has opened the App and solely at the time and for the purpose of document movements. The App does not collect location data in the background.
• Camera access will be required for capturing photos and videos of movement of documents and for verification purposes only. The App will not access the camera without explicit user action.

5. Purpose of Data Use

All collected data is used only for:

• User authentication
• Core examination-related functionality
• Education administration and compliance
• Audit trails and fraud prevention

Data is not used for:

• Advertising or marketing
• User profiling or personalization
• Analytics unrelated to examination operations
• Cross-app or cross-service tracking

6. Data Sharing and Disclosure

ExamEye does not sell, rent, or share user data with third parties. Data access is restricted to:

• Authorized CISCE officials
• Authorized system administrators supporting examination operations
• Vetted service providers engaged by CISCE, strictly for operational support and under confidentiality obligations

Disclosure may occur only if required by law or regulatory authorities.

7. Data Storage and Security

• Data is stored on secure, access-controlled servers
• Role-based access control is enforced
• Data is encrypted during transmission
• System activity and access logs are maintained for audit purposes

Reasonable technical and organizational safeguards are implemented to prevent unauthorized access, misuse, or loss.

8. Data Retention

Data is retained:

• As required by CISCE examination policies
• In accordance with applicable education and regulatory record-retention norms

After the retention period, data is securely archived.

9. User Rights

Authorized users may:

• Request correction of inaccurate information
• Request clarification regarding stored data

Data deletion requests are subject to:

• Examination audit requirements
• Legal and regulatory obligations

10. Children's Privacy

• ExamEye is not intended for students or children.
• It is restricted to authorized school staff, examination functionaries, and administrators only.

The App does not collect personal data from children.

11. Data Deletion Requests

Given that this App is used for the fair and secure conduct of the ICSE and ISC Board Examinations and is involved in tracking the movement of sensitive and confidential examination-related information, any request for deletion of data shall be subject to verification and approval by CISCE.

11.1 Request Routing

All data deletion requests must be routed through the concerned functionary's School Principal. Requests submitted directly by individual users will not be processed.

The School Principal shall formally submit the request to CISCE through official channels, confirming the identity, role, and justification for the request.

11.2 Review and Processing

Upon receipt of a valid request routed through the School Principal:

• CISCE will review the request in accordance with applicable law, including the Digital Personal Data Protection Act, 2023
• Data not required to be retained for examination integrity, audit, legal, or statutory purposes may be deleted or anonymised within a reasonable timeframe

11.3 Retention of Mandatory Records

CISCE may retain certain data where retention is necessary to:

• Maintain examination integrity and accountability
• Meet statutory, audit, or legal obligations

All retained data will continue to be protected in accordance with this Privacy Policy.

11.4 No In-App Deletion

Due to the sensitive nature of the App:

• No self-service or automated data deletion is provided within the App
• All deletion requests are processed only through formal, verifiable, and authorised channels

11.5 Account Deletion or Deactivation

Requests for deletion or deactivation of a user account on the App shall be subject to the same controlled and verified process as data deletion.

• Users shall not be permitted to independently delete or deactivate their accounts from within the App
• All account deletion or deactivation requests must be routed through the concerned School Principal and formally submitted to CISCE
• CISCE shall process such requests only after verification of the user's role, completion of examination-related responsibilities, and compliance with applicable legal, audit, and statutory retention requirements

Where complete account deletion is not permissible due to examination integrity, regulatory, or legal considerations, CISCE may restrict, disable, or anonymise the account, as deemed appropriate.

12. Developer Information and Privacy Contact

This App is developed, owned, and operated by the Council for the Indian School Certificate Examinations (CISCE), New Delhi, India.

For any privacy-related inquiries, including matters relating to data protection, data deletion, or account management under this Privacy Policy, users must follow the authorised communication mechanism outlined below.

All privacy-related inquiries shall be routed only through the concerned School Principal and formally submitted to CISCE through official channels, or through the official contact details published on the CISCE website (https://www.cisce.org).

Direct or unverifiable requests from individual users may not be processed, in order to protect examination integrity, confidentiality, and data security.