Information We Collect

We collect various types of information to provide and improve our services. This includes:

• Personal Information: Identifying details you provide to us, such as your full name, email address, phone number, mailing address, and other contact information. If you create an account or fill out forms on our site, we may ask for these details.
• Identification Documents: Copies of government-issued IDs, certificates, or other documents you submit for verification or certification purposes. For example, we might request an ID card or passport to verify your identity as part of our certification process.
• Transaction Data: Information about the services you request or purchase from us. This includes details of certification orders or transactions (e.g. the type of certification, dates, fees paid, and transaction IDs). It may also include payment information such as billing address or partial credit card details. (Note: Full payment card information is typically processed securely by our payment processor and not stored on our servers.)
• Browsing and Usage Data: Data collected through cookies, analytics tools, and log files when you interact with our website. This can include your IP address, browser type, device information, pages viewed, the date/time of visits, and referring website or link. This information helps us understand how you use our site.
• Cookies and Tracking Identifiers: Unique identifiers we or third parties assign through cookies or similar technologies (described in more detail in the Cookies and Tracking section below). These collect information about your browsing activities on our site.
• Communications: Copies of your correspondence with us. For instance, if you contact customer support or send us an email, we will collect your name, contact details, and the content of the message or attachments you send. This helps us address your inquiries and keep records of our communications.

We collect information you provide directly (for example, when creating an account, submitting documents, or contacting us) as well as information collected automatically (for example, browsing data via cookies). In some cases, we may also receive information about you from third parties (such as identity verification services or payment processors) to help us facilitate services or comply with legal requirements.

How We Use Your Information

We use the information we collect for various legitimate business purposes. These include:

• Providing and Improving Services: We use your personal information to process your certification requests, verify credentials or identities, and deliver the services you have asked for. For example, we may use your details and ID documents to certify a document or credential as authentic. We also use data to maintain and improve our website’s functionality, user interface, and services, ensuring you have a smooth user experience.
• Transaction Processing: Your information (like name, address, and payment details) is used to process payments and complete transactions. For example, we use transaction data to issue order confirmations, receipts, or to deliver any physical certificates or materials to you (via email or shipping as applicable).
• Communication: We use your contact information (email, phone number) to communicate with you about your account or services. This includes sending necessary emails such as certification status updates, service confirmations, invoices, technical notices, security alerts, and administrative messages. We may also respond to your inquiries or support requests using your contact details.
• User Support and Account Management: Information you provide allows us to provide customer support, address any issues or concerns, and personalize your experience. For instance, we may use your name and prior requests to more effectively assist you on future support queries.
• Improving User Experience: Browsing and analytics data help us understand user behavior on our site. We analyze this data to debug issues, optimize site performance, and tailor our content and layout to user preferences. This helps make our website more intuitive and relevant for users.
• Marketing and Updates (with Consent): If you have opted in or if it’s lawful to do so, we may use your email to send you newsletters, updates, or special offers about our services. You have the choice to opt out of such communications at any time (see User Rights below regarding withdrawing consent). We do not engage in aggressive marketing, and we will only send promotional content according to your preferences and applicable law.
• Legal Compliance: We may process and retain certain information to comply with applicable laws and regulations. For example, we might use identification information to fulfill “Know Your Customer” (KYC) requirements or anti-fraud measures. We also use data to meet financial reporting obligations (such as maintaining transaction records for tax and accounting purposes) and to respond to lawful requests by public authorities.
• Security and Fraud Prevention: Your information is crucial in helping us secure our services and users. We may use data to verify user identities, detect and prevent fraud, abuse, or security incidents. For instance, ID documents and usage logs can help us confirm that accounts are authentic and prevent unauthorized access or impersonation.
• Enforcing Terms and Policies: We might use personal data to enforce our Terms of Service or other agreements, and to investigate or prevent any violations of our policies or any illegal activities. This ensures Ezy Exam remains a trusted platform for all users.

We will only use your personal information for the purposes above and will seek your consent or notify you if we need to use it for any other purpose. Additionally, we rely on certain legal bases to process your data: for example, fulfilling a contract (providing the service you requested), complying with a legal obligation, or our legitimate business interests (such as improving our services and ensuring security), or your consent when required by law (such as for marketing cookies or communications).

Data Security

We take the security of your personal data very seriously. Ezy Exam implements a variety of technical and organizational measures to safeguard your information from unauthorized access, disclosure, alteration, or destruction. These measures include:

• Encryption: We use encryption protocols such as Secure Sockets Layer (SSL)/Transport Layer Security (TLS) to protect data transmitted between your device and our website. This means that when you enter personal information on our site (like during registration or payment), the data is encrypted in transit to prevent eavesdropping. We also employ encryption or pseudonymization for sensitive data stored on our systems, whenever feasible, to add an extra layer of protection.
• Secure Storage: Your data is stored on secure servers that employ firewalls and other advanced security technologies. We choose reputable hosting providers and cloud services with strong security track records. Physical access to these server facilities is restricted and closely monitored.
• Access Controls: We limit access to personal information strictly to those employees, contractors, and service providers who need it to perform their job duties or provide our services. All such personnel are bound by confidentiality obligations and are required to handle data in compliance with this Privacy Policy and applicable privacy laws. We also use authentication measures (like unique usernames and passwords, and in some cases multi-factor authentication) to prevent unauthorized account access.
• Monitoring and Testing: Our team regularly monitors the platform for potential vulnerabilities and attacks. We keep our software, frameworks, and systems updated with the latest security patches. Periodic security assessments and best-practice reviews are conducted to strengthen our defenses. In the event of any data breach or security incident, we have procedures in place to respond promptly, contain the issue, and notify affected users and authorities as required by law.

Despite our efforts, please note that no method of transmission over the internet or method of electronic storage is 100% secure. While we strive to protect your personal data, we cannot guarantee absolute security. You share and transmit information at your own risk. Ezy Exam will continue to update and improve our security measures as new technologies and best practices emerge, and we will promptly address any security issues that arise.

Information Sharing and Disclosure

Ezy Exam respects the confidentiality of your personal information. We do not sell your personal data to third parties for their marketing or any other purposes. However, we may share or disclose information in the following circumstances, strictly on a need-to-know basis and with appropriate safeguards:

• Service Providers and Partners: We may share your information with trusted third-party service providers who perform functions on our behalf. This includes, for example:
  • Payment Processors: When you make a payment, your payment details are handled by our accredited payment processing partners (such as credit card processors or payment gateways). They receive the necessary data (like your name, billing address, and payment information) to process the transaction securely. These processors are PCI-DSS compliant and are authorized to use your information only as needed to provide these payment services.
  • Shipping and Delivery Services: If our service involves shipping physical certificates, documents, or merchandise to you, we will share your shipping address and contact name/number with postal services or courier companies. They use this information solely to deliver your items.
  • Certification and Verification Partners: In cases where we work with third-party organizations or institutions to verify the legitimacy of a certificate or credential, we may share relevant data with those partners. For example, if you submit a diploma for verification, we might need to confirm details with the issuing institution or a partner verification service. Any partner we collaborate with is required to protect your data and use it only for the verification purpose.
  • Cloud Hosting and IT Providers: We utilize reputable cloud storage, hosting, analytics, or email service providers to operate our platform. These providers may process or store your data as part of their services to us (for example, our email service will handle your email address to send communications). We ensure such vendors are bound by confidentiality and security obligations consistent with this policy and applicable law.
• Legal Compliance and Protection: We may disclose your information if we are required to do so by law or legal process, or if we have a good-faith belief that such action is necessary to: (i) comply with a legal obligation, court order, or subpoena; (ii) respond to requests from government or law enforcement authorities (including to meet national security or law enforcement requirements); (iii) enforce our Terms of Service or other agreements; (iv) investigate or defend against third-party claims or allegations; (v) protect the rights, property, or safety of Ezy Exam, our users, or the public. We will only share the information that is legally required and will inform you of such disclosures if permitted by law.
• Business Transfers: If Ezy Exam undergoes a business transaction such as a merger, acquisition, reorganization, or sale of some or all of our assets, your personal information may be transferred as part of that deal. We will ensure the receiving party agrees to respect your personal information in a manner consistent with this Privacy Policy. We will notify you (for example, via email or a prominent notice on our site) of any change in ownership or use of your personal data, as well as any choices you may have regarding your personal data in such an event.
• Authorized Release with Consent: We may share your information with other third parties if you request or consent to such sharing. For instance, if you ask us to share your certification results with a prospective employer or another third party, we will do so with your authorization.

In all cases of sharing, we disclose only the minimum amount of information necessary for the third party to carry out its responsibilities. Third parties who receive personal data from us are contractually obligated to protect it and to use it only for the purposes for which it was provided, consistent with this Privacy Policy.

Aside from the situations listed above, Ezy Exam will not disclose your personal information to any third party. We do not rent or sell customer data under any circumstances. Your trust is paramount, and we take care to maintain the confidentiality and integrity of your information.

Cookies and Tracking

Like many websites, Ezy Exam uses cookies and similar tracking technologies to enhance user experience and gather information about how our site is used. This section explains our use of these technologies and your choices regarding them.

What are Cookies?
Cookies are small text files that a website saves on your computer or mobile device when you visit the site. They allow the website to recognize your device and store certain information about your preferences or past actions. Cookies can be “session cookies” (which last only while your browser is open and are deleted once you close it) or “persistent cookies” (which remain on your device for a set period or until you delete them). We may use both types.

How We Use Cookies:
We use cookies for several reasons:

• Essential Cookies: These cookies are necessary for our site to function properly. For example, if our site has a login feature or user account area, essential cookies might keep you logged in during your visit or remember your selections as you navigate pages. Without these, certain services you request may not be possible (for instance, shopping cart functionality or access to secure areas).
• Analytics and Performance Cookies: We use these to collect information about how visitors use our website. This includes which pages are visited most often, how users move through the site, and if they encounter errors. We typically use third-party analytics tools (such as Google Analytics) that set their own cookies to perform these services. The information collected is generally aggregated and does not directly identify you. It helps us improve our website’s performance, understand user interests, and fix issues.
• Preference Cookies: These cookies remember your choices and preferences on our site (such as language selection or region). They personalize your experience, making the site more convenient to use. For example, if you set certain preferences on a previous visit, these cookies will ensure those preferences are remembered next time.
• Advertising Cookies: (If applicable) At present, Ezy Exam does not serve third-party advertisements on our site, so we do not use advertising cookies. If this changes in the future, we will update this policy and provide appropriate opt-in or opt-out mechanisms as required by law. (Advertising cookies would be used to track browsing habits and show you relevant ads on other sites. Again, we currently do not engage in such practices.)

Third-Party Tracking:
In addition to our own cookies, some third-party services we use may set cookies or use other tracking technologies through our site. For example, as mentioned, analytics providers like Google Analytics place cookies to collect usage data. Also, if we embed content from other platforms (like a video player or social media widget), those platforms might set their own cookies. We do not have control over third-party cookies, but we ensure that we only use third-party services that respect privacy and use data in expected ways. We recommend checking the privacy policies of those third-party services for more information on their cookie practices.

Your Choices and Cookie Opt-Out:
You have the right to decide whether to accept or reject cookies (apart from those strictly necessary for site operation). Here are some ways you can manage cookies:

• Browser Settings: Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies or alert you when a cookie is being placed on your device. Check your browser’s help section for instructions on how to delete or disable cookies. Please note that if you choose to block all cookies, our website may not function as intended. Essential features like login or certain preferences might be lost.
• Cookie Banner/Preferences: If you are in a jurisdiction that requires cookie consent (such as the EU), you may see a cookie consent banner on our site. This banner allows you to accept or reject non-essential cookies. You can adjust your preferences at any time by [following the instructions on our site’s cookie settings page]*.
• Analytics Opt-Out: To specifically opt out of Google Analytics, you can install the Google Analytics Opt-out Browser Add-on, which prevents Google Analytics from collecting information on your visits to websites. Similarly, some analytics providers offer their own opt-out mechanisms.
• Do Not Track: Some browsers have a “Do Not Track” (DNT) feature that signals to websites that you do not want to be tracked. While there is currently no universal standard for DNT, we honor browser DNT signals to the extent possible, and we treat them as an opt-out of analytics tracking. (If we cannot respond directly to a DNT signal, we ensure that our default practices still respect your privacy to a high standard.)

If you clear your cookies or use a different browser/device, you may need to reset your preferences or opt-outs.

By using our site without disabling cookies, you consent to our use of cookies and similar technologies as described above. We will not set any non-essential cookies on your device until you have had a chance to consent, where required by law. For more detailed information about our cookie usage, you can contact us using the information in the Contact Information section.

Data Retention

Ezy Exam retains personal information only for as long as necessary to fulfill the purposes outlined in this Privacy Policy, or as required or permitted by law. This means:

• Service Delivery and Account Management: We will keep your information for as long as you maintain an account with us or as long as needed to provide you with our services. For example, if you have an active certification or pending request, we retain the relevant data until the service is delivered and for a reasonable period thereafter to address any follow-up needs. If you decide to close your account or cease using our services, we may archive your basic information for a short period in case you return or to facilitate reactivation, unless you request complete deletion (see User Rights below).
• Legal and Compliance Obligations: We may need to retain certain data for a longer period to comply with legal obligations or for legitimate business purposes. For instance:
  • Transaction Records: We keep records of financial transactions and payments for a period required by accounting/tax regulations (e.g., 7 years or as mandated by local law) to meet tax, audit, and financial reporting requirements.
  • Dispute Resolution: If you have ever had a dispute with us or if we reasonably anticipate potential litigation or regulatory investigation, we will retain the relevant information as necessary to resolve the issue and assert our legal rights.
  • Security and Fraud Prevention: Information that is relevant to investigating fraud, ensuring security, or other misuse of our services may be kept as long as needed to complete the investigation and take appropriate remedial measures.
• Identification Documents: Because ID documents can be highly sensitive, we only retain them for the period necessary to verify your identity or the authenticity of a certification. Once verification is complete, we typically either securely delete the digital copies of your ID or store them in a highly restricted manner if needed for compliance. For example, if law requires us to keep a record of verified identities (for anti-fraud or anti-money laundering purposes), we will store that information securely for the legally required duration and then remove it.
• Website Logs and Analytics Data: General web server logs and analytics data are usually kept for a shorter period (often 12-24 months) unless we need to preserve them longer. We use this aggregated data to analyze trends and improve our site over time. When analytics data is no longer needed, we either delete it or anonymize it (so it can no longer be associated with any individual).

When we no longer have a legitimate need or legal obligation to keep your personal information, we will securely delete, destroy, or anonymize it. If deletion (or anonymization) is not immediately possible (for example, because the data is stored in backup archives), we will isolate the data from any further use until deletion is possible.

Keep in mind that due to technical reasons, complete removal of data from all systems (e.g., backups) might be slightly delayed, but we have processes to ensure that once the retention period is over, your data is fully purged or de-identified in all storage locations. We continuously review the data we hold and erase or anonymize personal data that is no longer needed.

User Rights

We respect your rights to your own personal information. Depending on your jurisdiction and applicable data protection laws (such as the European Union’s General Data Protection Regulation (GDPR) or the California California Consumer Privacy Act (CCPA)), you may have some or all of the following rights regarding the personal data we hold about you:

• Right to Access: You have the right to request a copy of the personal information we have collected about you. We will provide this information, often called a “Subject Access Request” under GDPR or a “Right to Know” request under CCPA, in a readily usable format, usually within a reasonable time frame. This allows you to confirm what data we have and verify that we are processing it lawfully.
• Right to Rectification: If any of your personal information is inaccurate or incomplete, you have the right to request that we correct or update it. We encourage you to keep your information up-to-date and will make corrections promptly upon verification. (For example, if you change your email address or notice an error in your profile data, you can inform us and we will update our records.)
• Right to Deletion: You have the right to request the deletion of your personal information. This is sometimes known as the “Right to be Forgotten.” Upon your request, we will delete your data unless an exemption applies. For example, we might need to retain certain information for legal compliance (such as transaction records for tax purposes) or if the data is necessary to resolve disputes or enforce our agreements. If full deletion isn’t possible (due to technical constraints or legal requirements), we will inform you and will restrict the data from further use until deletion is possible.
• Right to Withdraw Consent: Where our processing of your personal information is based on your consent (such as for optional marketing emails or certain data you agreed we could use), you have the right to withdraw that consent at any time. For instance, you can unsubscribe from our marketing communications by clicking the “unsubscribe” link in any promotional email, or you can contact us to have us remove you from our mailing list. Withdrawing consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, and it won’t affect processing of your data under other legal bases (like fulfilling a contract).
• Right to Object or Restrict Processing: In certain situations, you have the right to object to or ask us to limit the processing of your personal data.
  • Object to Processing: You can object to our processing if you believe we’re using your data in ways not compatible with the purpose for which it was collected, or if you feel our legitimate interests in processing do not outweigh your privacy rights. For example, you can object to direct marketing uses of your data or to any profiling we might do for marketing purposes.
  • Restrict Processing: You can ask us to temporarily restrict processing your data in certain circumstances, such as while we are reviewing a request for correction or a dispute about the accuracy or purpose of the data. When processing is restricted, we will still store your information but will not use it until the issue is resolved.
• Right to Data Portability: Under GDPR, you have the right to request a copy of certain information you provided to us in a structured, commonly used, and machine-readable format, and you may request that we transmit that data to another service provider if technically feasible. This applies to information we processed based on consent or to perform a contract with you (for example, basic account details you provided), and only when processing is carried out by automated means.
• Rights Under CCPA (for California Residents): If you are a California resident, in addition to the rights above (some of which overlap), you have specific rights under the CCPA, including:
  • Right to Know: You can ask us to disclose the categories of personal information we have collected about you, the categories of sources of that information, the business or commercial purpose for collecting it, the categories of third parties we share it with, and specific pieces of information we hold about you.
  • Right to Opt-Out of Sale of Personal Information: As noted, Ezy Exam does not sell personal information. If we ever consider selling personal data, we will provide a clear opt-out method (such as a “Do Not Sell My Personal Information” link) and honor any opt-out requests.
  • Right to Non-Discrimination: We will never discriminate against you for exercising any of your privacy rights. This means we will not deny you our services, provide a different level or quality of service, or charge different prices or fees, just because you exercised your rights under privacy laws. Your access to our services will remain the same whether or not you choose to exercise these rights.

Exercising Your Rights:
To exercise any of your applicable privacy rights, please contact us using the information provided in the Contact Information section of this policy. Provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal data (or an authorized representative). For certain requests (like accessing or deleting sensitive personal data), we may need to ask for additional information to verify your identity for security purposes. We will respond to your request within the timeframe required by law (for example, within 30 days for most GDPR requests, or 45 days for CCPA requests, with the possibility of a one-time extension which we would communicate to you).

There is typically no fee for exercising your rights. However, if a request is manifestly unfounded or excessive (for example, repetitive requests without justification), we may charge a reasonable fee or refuse to act on the request as permitted by law. We will always inform you of our decisions and reasoning in such cases.

If you are unsatisfied with our response to any privacy-related request or have further concerns, you may have the right to lodge a complaint with a supervisory authority or regulatory agency in your jurisdiction. For example, EU residents can contact their nation’s data protection authority, and California residents can reach out to the California Attorney General’s office. We encourage you to contact us first, and we will do our very best to address your concerns. Your privacy is extremely important to us, and we will honor your rights to the fullest extent possible.

International Users

Ezy Exam is a global service, and your personal data may be transferred to or accessed by entities around the world. If you are accessing our website or using our services from a country other than the country where our servers or headquarters are located, please be aware that your information may be transferred across international borders. This means your data could be processed in a country that has different data protection laws than your home country.

Data Transfers: The personal information that we collect from you may be transferred to, stored in, or processed in other countries, including the United States (where many of our systems or providers are based). We might also use cloud services or subcontractors located in various jurisdictions. Regardless of where your data is processed, we handle it in accordance with this Privacy Policy and take appropriate security measures to protect it.

Adequacy and Safeguards: When we transfer personal data from regions with data protection laws (for example, from the European Economic Area or United Kingdom) to another country, we ensure that adequate safeguards are in place to protect the information. These safeguards may include:

• Standard Contractual Clauses: We may incorporate standard data protection contract clauses (approved by the European Commission or other relevant authorities) into our agreements with third parties who handle European personal data, which legally require them to protect the data to EU standards.
• Privacy Frameworks: If applicable, we may rely on recognized data transfer frameworks or certifications. (For instance, compliance with the EU-U.S. Data Privacy Framework or similar agreements that facilitate the lawful transfer of data across borders.)
• Your Consent: In the absence of other transfer mechanisms, we may ask for your explicit consent to transfer your personal data to a country which might not have the same level of data protection as your home country. You are free to decline such consent, and we will only proceed with the transfer if consent is obtained or if another lawful basis applies.

Our Commitment: No matter where we process your data, Ezy Exam will apply the same level of care and security described in this Privacy Policy. We understand that privacy expectations and regulations can vary worldwide, and we aim to meet or exceed the requirements in the jurisdictions where we operate. We also recognize that certain countries provide stronger privacy rights by law, and we extend those rights to all our users wherever feasible. For example, a user in any part of the world can request deletion of their data or ask about what information we hold, not just those in the EU or California.

If you have questions about our international data practices or need more information about cross-border data transfers, you can contact us (see Contact Information below). We will be happy to provide additional details about how we ensure your data is protected when transferred internationally.