Pasi Logo

EXAM

PRIVACY POLICY

Effective Date: January 1, 2024
Last Updated: March 10, 2026

PASI ("we", "us", or "our") is committed to protecting your privacy and personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our educational platform and services. Please read this policy carefully to understand our practices regarding your personal data and how we will treat it.

1. Information We Collect

1.1 Information You Provide Directly

We collect information that you voluntarily provide when you:

  • Create an account or register for our services
  • Subscribe to a paid plan or make a purchase
  • Participate in mock exams or submit answer scripts
  • Contact customer support or communicate with us
  • Subscribe to newsletters or marketing communications
  • Participate in surveys, promotions, or contests
  • Provide feedback or reviews

This information may include:

  • Personal Identifiers: Name, email address, username, password
  • Contact Information: Phone number, mailing address
  • Demographic Information: Age, date of birth, educational level
  • Educational Data: Academic interests, exam board preferences, subjects studied, qualifications pursued
  • Payment Information: Credit/debit card details, billing address (processed by third-party payment providers)
  • Account Credentials: Username, password (encrypted), security questions
  • Correspondence: Messages, emails, chat transcripts, support tickets

1.2 Information Collected Automatically

When you access or use our Services, we automatically collect certain information, including:

  • Device Information: Device type, operating system, browser type and version, unique device identifiers
  • Usage Data: Pages viewed, features accessed, time spent on pages, navigation paths, click data
  • Log Data: IP address, access times, referring URLs, error logs, crash reports
  • Location Data: General geographic location based on IP address (country, city)
  • Performance Data: Page load times, server response times, technical errors
  • Cookies and Similar Technologies: Session IDs, preferences, authentication tokens

1.3 Educational and Assessment Data

When you use our educational services, we collect:

  • Mock Exam Data: Exam attempts, scores, completion times, answer submissions
  • Study Progress: Materials accessed, completion rates, study patterns
  • Uploaded Content: Answer scripts, written responses, uploaded files
  • Assessment Results: Grades, feedback, performance analytics

1.4 Information from Third Parties

We may receive information from:

  • Payment Processors: Transaction confirmations, payment status
  • Analytics Providers: Aggregated usage statistics, demographic insights
  • Social Media Platforms: If you choose to connect your account (name, email, profile information)
  • Authentication Services: OAuth providers for account verification

2. Legal Basis for Processing (GDPR)

For users in the European Economic Area (EEA), United Kingdom, and Switzerland, we process your personal data based on the following legal grounds:

  • Contractual Necessity: To provide Services you've subscribed to and fulfill our Terms of Service
  • Consent: Where you have given explicit consent for specific processing activities (e.g., marketing emails)
  • Legitimate Interests: To improve our Services, prevent fraud, ensure security, and conduct business operations
  • Legal Obligations: To comply with applicable laws, regulations, court orders, and government requests

3. How We Use Your Information

We use the collected information for the following purposes:

3.1 Service Provision and Account Management

  • Create and manage your account
  • Provide access to educational content, past papers, and mock exams
  • Process mock exam submissions and provide results
  • Authenticate users and maintain session security
  • Deliver personalized educational content and recommendations
  • Track study progress and provide performance analytics

3.2 Payment and Transaction Processing

  • Process subscription payments and one-time purchases
  • Manage billing and invoicing
  • Detect and prevent fraudulent transactions
  • Handle refunds and payment disputes

3.3 Communication and Customer Support

  • Send transactional emails (account confirmations, password resets, exam notifications)
  • Respond to inquiries and provide customer support
  • Send service-related announcements and updates
  • Deliver marketing communications (with your consent)

3.4 Service Improvement and Analytics

  • Analyze usage patterns and user behavior
  • Improve platform functionality and user experience
  • Develop new features and educational content
  • Conduct research and statistical analysis
  • Perform A/B testing and optimization

3.5 Security and Legal Compliance

  • Protect against fraud, abuse, and security threats
  • Monitor and enforce compliance with our Terms of Service
  • Comply with legal obligations and government requests
  • Protect our legal rights and prevent misuse
  • Investigate and respond to violations or suspicious activity

4. Information Sharing and Disclosure

We do not sell, rent, or trade your personal information. We may share your information in the following limited circumstances:

4.1 Service Providers and Business Partners

We share information with trusted third-party service providers who assist in operating our platform:

  • Payment Processors: To process transactions securely (e.g., Stripe, PayPal)
  • Cloud Hosting Providers: To store data and host our Services (e.g., AWS, Google Cloud)
  • Email Service Providers: To send transactional and marketing emails (e.g., Zoho Mail)
  • Analytics Providers: To analyze usage and improve Services (e.g., Google Analytics)
  • Customer Support Tools: To manage support tickets and communications

All service providers are contractually obligated to protect your data and use it only for specified purposes.

4.2 Legal and Regulatory Requirements

We may disclose information when required by law or to:

  • Comply with legal obligations, court orders, or government requests
  • Enforce our Terms of Service and other agreements
  • Protect the rights, property, or safety of PASI, our users, or the public
  • Detect, prevent, or address fraud, security, or technical issues
  • Respond to claims of intellectual property infringement

4.3 Business Transfers

In the event of a merger, acquisition, reorganization, sale of assets, or bankruptcy, your information may be transferred as part of the transaction. We will notify you of any such change and provide choices regarding your data.

4.4 Aggregated and Anonymized Data

We may share aggregated, anonymized, or de-identified data that cannot reasonably be used to identify you for research, analytics, marketing, or other business purposes.

5. Data Retention

We retain your personal information for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law.

  • Active Accounts: Information retained while your account is active and for a reasonable period thereafter
  • Closed Accounts: Data deleted within 90 days of account closure, except where retention is legally required
  • Transaction Records: Financial and tax records retained for 7 years as required by law
  • Legal Holds: Information preserved when subject to legal obligations or disputes
  • Backups: Data in backups deleted according to our backup retention schedule (typically 90 days)

You may request deletion of your data at any time by contacting us at info@pasi.life, subject to legal and operational retention requirements.

6. Data Security

We implement comprehensive technical and organizational security measures to protect your personal information:

  • Encryption: Data encrypted in transit (TLS/SSL) and at rest (AES-256)
  • Access Controls: Role-based access, multi-factor authentication, principle of least privilege
  • Network Security: Firewalls, intrusion detection systems, DDoS protection
  • Secure Development: Code reviews, security testing, vulnerability scanning
  • Data Minimization: Collection and retention limited to necessary data only
  • Employee Training: Regular security awareness and privacy training for staff
  • Incident Response: Documented procedures for detecting and responding to security incidents
  • Third-Party Audits: Regular security assessments and compliance audits

While we implement industry-standard security measures, no method of transmission or storage is 100% secure. We cannot guarantee absolute security, but we continuously monitor and improve our security practices.

7. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to enhance your experience and collect usage data.

7.1 Types of Cookies We Use

  • Essential Cookies: Required for authentication, session management, and core functionality
  • Preference Cookies: Remember your settings and customization choices
  • Analytics Cookies: Collect usage statistics and performance metrics
  • Marketing Cookies: Track conversions and measure advertising effectiveness (with consent)

7.2 Managing Cookies

You can control cookies through:

  • Browser settings (block, delete, or manage cookies)
  • Our cookie consent banner (opt-out of non-essential cookies)
  • Third-party opt-out tools (e.g., Google Analytics Opt-out Browser Add-on)

Note that disabling essential cookies may impact platform functionality.

8. Your Rights and Choices

You have the following rights regarding your personal information:

8.1 General Rights (All Users)

  • Access: Request a copy of the personal information we hold about you
  • Correction: Update or correct inaccurate or incomplete information
  • Deletion: Request deletion of your personal data (subject to legal retention requirements)
  • Opt-Out: Unsubscribe from marketing emails via the unsubscribe link or account settings
  • Account Closure: Delete your account and associated data through account settings

8.2 GDPR Rights (EEA, UK, Switzerland)

If you are located in the European Economic Area, United Kingdom, or Switzerland, you have additional rights:

  • Right to Restrict Processing: Limit how we use your data in certain circumstances
  • Right to Object: Object to processing based on legitimate interests or for direct marketing
  • Right to Data Portability: Receive your data in a structured, machine-readable format
  • Right to Withdraw Consent: Withdraw consent for processing activities based on consent
  • Right to Lodge a Complaint: File a complaint with your local data protection authority

8.3 California Privacy Rights (CCPA/CPRA)

California residents have the right to:

  • Know: Request disclosure of categories and specific pieces of personal information collected
  • Delete: Request deletion of personal information (subject to exceptions)
  • Opt-Out of Sale: We do not sell personal information
  • Non-Discrimination: Exercise privacy rights without discriminatory treatment
  • Correct: Request correction of inaccurate personal information
  • Limit Use of Sensitive Personal Information: Limit use of sensitive data (if applicable)

To exercise these rights, contact us at info@pasi.life. We will respond within 45 days.

9. Children's Privacy

Our Services are intended for users aged 13 and above. We do not knowingly collect personal information from children under 13 without parental consent.

Users between 13 and 18 should use our Services only with the knowledge and consent of a parent or legal guardian. If we become aware that we have collected information from a child under 13 without verified parental consent, we will take steps to delete that information promptly.

If you believe we have collected information from a child under 13, please contact us immediately at info@pasi.life.

10. International Data Transfers

Your information may be transferred to, stored, and processed in countries other than your country of residence, including countries that may not have the same data protection laws.

When we transfer data internationally, we implement appropriate safeguards, including:

  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • Adequacy decisions recognizing equivalent data protection standards
  • Data Processing Agreements with service providers
  • Technical and organizational security measures

By using our Services, you consent to the transfer of your information to countries outside your residence.

11. Third-Party Links and Services

Our Services may contain links to third-party websites, applications, or services that are not operated by us. We are not responsible for the privacy practices of these third parties.

We encourage you to review the privacy policies of any third-party services you access through our platform. This Privacy Policy applies only to information collected by PASI.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or operational needs. Material changes will be communicated through:

  • Email notification to registered users
  • Prominent notice on our website or platform
  • In-app notifications

The "Last Updated" date at the top of this policy indicates when it was last revised. We encourage you to review this Privacy Policy periodically.

Continued use of our Services after changes take effect constitutes acceptance of the updated Privacy Policy. If you do not agree to the changes, you should discontinue use of our Services and close your account.

13. Data Protection Officer and Contact Information

For questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Email: info@pasi.life

Subject Line: Privacy Inquiry / Data Request

Privacy Team: PASI Data Protection Team

We will respond to privacy inquiries within 30 days (or as required by applicable law).

For GDPR Requests (EEA, UK, Switzerland):

Email: gdpr@pasi.life
Response time: Within 30 days of verified request

For California Privacy Requests (CCPA/CPRA):

Email: privacy@pasi.life
Toll-Free: [Your toll-free number if applicable]
Response time: Within 45 days of verified request

By using PASI's Services, you acknowledge that you have read and understood this Privacy Policy and consent to the collection, use, and disclosure of your information as described herein.