myProctor — Privacy Policy

Effective Date · January 1, 2026

Last Updated · April 26, 2026

Valid Through · December 31, 2026

This Privacy Policy describes how the developers of myProctor ("we", "us", or "our") collect, use, and protect information when you use the myProctor application ("the App"). myProctor is a workforce and inventory management application provided to authorized personnel for use during proctored examination events.

By using myProctor, you agree to this Privacy Policy and to the Pilot Use and Confidentiality Terms set forth in Section 12.

This Privacy Policy is valid through December 31, 2026 and will be reviewed and updated for the subsequent year.

Contents

Scope
Information We Collect
How We Use Your Information
How We Protect Your Information
Information Sharing
Data Retention
Your Rights
International Data Transfers
Children's Privacy
Changes to This Policy
Pilot Phase Notice
Pilot Use & Confidentiality
Contact Us

01Scope

This Privacy Policy applies only to the myProctor application. It does not apply to any third-party services, websites, or applications that myProctor may link to or integrate with.

myProctor is provided exclusively to authorized personnel and approved partners. The App is not intended for use by the general public.

02Information We Collect

We collect the following categories of information:

Account Information

Name
Email address
Phone number (if provided)
Role assignment (e.g., Proctor, Helper, Administrator)
City and venue assignment

Authentication Data

Firebase Authentication credentials
Sign-in timestamps
Device push notification tokens

Operational Data

Attendance records (check-in and check-out timestamps)
Inventory device assignments and transfers
Broadcast messages you send or receive (encrypted in transit and at rest)
QR codes scanned during inventory operations

Device Information

Device model and operating system version
App version
Anonymous device identifiers used for app integrity verification (Apple App Attest)

Diagnostic Information

Crash reports
Performance metrics
Error logs

We do not collect:

Precise GPS location
Camera or microphone recordings (the camera is used only for QR code scanning; no images are stored)
Contacts, photos, or files from your device
Browsing history or activity outside the App

03How We Use Your Information

We use the information collected for the following purposes:

Authentication and authorization — to verify your identity and grant access to features appropriate to your role
Operational coordination — to assign devices, track attendance, and coordinate proctoring activities during events
Communications — to deliver broadcast messages, push notifications, and operational alerts relevant to your role
Inventory accountability — to maintain an audit trail of device custody, condition, and transfers
Service improvement — to diagnose issues, improve App reliability, and enhance features
Security and integrity — to detect unauthorized access, prevent abuse, and verify that requests originate from the genuine myProctor app

04How We Protect Your Information

We implement industry-standard security measures, including:

End-to-end encryption of broadcast messages using AES-GCM with HKDF-SHA256 key derivation
Encryption in transit for all communications with our backend (TLS 1.2 or higher)
Encryption at rest for data stored in Firebase
App attestation via Apple's App Attest service to verify requests come from the genuine app on a genuine device
Role-based access control so users can only access data appropriate to their role
Secure credential storage via the iOS Keychain
Access logging for audit and accountability purposes

Despite these measures, no system is perfectly secure. You are responsible for safeguarding your sign-in credentials and notifying us if you suspect unauthorized access.

05Information Sharing

We do not sell, rent, or trade your personal information. We share information only in the following limited circumstances:

With your organization — your usage data, attendance records, and operational activities are visible to authorized administrators within your organization
With service providers — we use trusted third-party services to operate the App, including:
- Google Firebase (authentication, database, push notifications, analytics)
- Apple Inc. (App Attest, push notifications via APNs)
For legal compliance — if required by law, court order, or government request
With your consent — in any other circumstance, only with your explicit prior consent

Our service providers are contractually obligated to protect your information and use it only for the purposes we specify.

06Data Retention

We retain your information for the following periods:

Active account data — for the duration of your authorized use of myProctor
Attendance and inventory records — retained for operational and audit purposes per your organization's record-keeping policies
Broadcast messages — automatically deleted from the inbox query after 300 days
Diagnostic logs — retained for up to 90 days

Upon termination of your authorization to use myProctor, your active account is deactivated. Operational records may be retained for legal, audit, or compliance purposes as required by applicable policies and law.

07Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal information:

Access — request a copy of the personal information we hold about you
Correction — request correction of inaccurate information
Deletion — request deletion of your personal information, subject to operational and legal retention requirements
Restriction — request that we limit how we process your information
Objection — object to certain types of processing
Portability — request a copy of your information in a machine-readable format

To exercise any of these rights, contact us at the address in Section 13.

For users in Saudi Arabia, your rights are governed by the Personal Data Protection Law (PDPL), including the right to lodge a complaint with the Saudi Data and Artificial Intelligence Authority (SDAIA).

08International Data Transfers

myProctor uses Google Firebase, which may store and process data in data centers located outside your country of residence. We rely on standard contractual clauses and similar safeguards to ensure that international transfers comply with applicable data protection laws.

09Children's Privacy

myProctor is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from minors. If we learn that we have collected information from a minor, we will delete it promptly.

10Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or operational needs. When we make material changes, we will notify you through the App and update the "Last Updated" date above.

This policy is valid through December 31, 2026. A revised policy covering the subsequent year will be issued before its expiration.

Your continued use of myProctor after changes are posted constitutes your acceptance of the updated policy.

11Pilot Phase Notice

myProctor is currently in a pilot phase (testing) and is distributed only to authorized testers via Apple TestFlight. During this phase:

The App is not for general public use
Features and data handling practices may change without prior notice
The Pilot Use and Confidentiality Terms in Section 12 apply with full force
Once myProctor transitions from pilot to production release, this Privacy Policy will be reviewed and updated as needed

12Pilot Use & Confidentiality Terms

The following confidentiality and use restrictions are an integral part of this Privacy Policy. By installing, accessing, or using myProctor, you acknowledge and agree to all of the following terms.

12.1 Restricted Use

myProctor is provided exclusively for use during authorized pilot events and operational windows. You may use the App only for the purposes for which you have been authorized — namely, supporting proctored examinations, coordinating event logistics, and managing assigned devices. Use of the App outside the scope of your authorization is not permitted.

12.2 No Redistribution

You may not forward your TestFlight invitation link, redemption code, or any installation credentials to any individual outside the authorized pilot group. You may not install the App on devices other than those assigned to you for authorized use. Any redistribution of the App, its installer, its credentials, or its data without prior written consent from the developers is strictly prohibited.

12.3 No Reverse Engineering

You agree not to reverse-engineer, decompile, disassemble, deconstruct, or attempt by any means to extract, analyze, or derive:

The source code of the App
Authentication credentials, API keys, or encryption keys
Database schemas, internal data structures, or proprietary business logic
Any other proprietary information embedded in or transmitted by the App

This prohibition applies regardless of the App's distribution method, classification status, or operational phase, and applies whether or not the information is technically accessible.

12.4 Data Handling

Any data accessed, generated, or transmitted through the App during your authorized use — including but not limited to broadcast messages, inventory records, attendance data, and operational metadata — must be handled in accordance with your organization's data policies and applicable law. You may not export, share, copy, screenshot, transcribe, or otherwise extract such data outside the App without authorization.

12.5 Legal Consequences

Any unauthorized use, redistribution, reverse engineering, disclosure, or extraction of the App, its credentials, encryption keys, source code, or proprietary data — without prior written consent from the developers — will be considered a material breach of this Privacy Policy and the agreement formed by your use of the App.

Such breach may result in:

Immediate termination of your authorization to use the App
Civil liability, including damages, lost profits, and the costs of investigation and enforcement
Injunctive relief to prevent further unauthorized use or disclosure
Referral to law enforcement authorities where applicable
Any other remedies available under applicable law, including but not limited to the laws of the Kingdom of Saudi Arabia and any other jurisdiction in which the breach occurs or has effect

These obligations of confidentiality and non-reverse-engineering survive the termination of your authorization to use the App and continue to apply in the production phase. The terms of confidentiality set forth in this section shall be reviewed and revised as appropriate when myProctor transitions from pilot to production release, but the core restrictions on reverse engineering, redistribution, and unauthorized disclosure will continue to apply in revised form.

12.6 Reporting Obligations

If you become aware of any actual or suspected breach of these terms — including loss of a device with the App installed, suspected unauthorized access, or third-party requests for App-related information — you must promptly notify us at the contact address in Section 13.

13Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy, your personal information, or the Pilot Use and Confidentiality Terms, please contact:

myProctor — Privacy & Compliance

Email: my2komait@gmail.com

For data protection complaints in Saudi Arabia, you may also contact:

Saudi Data & Artificial Intelligence Authority (SDAIA)

Website: sdaia.gov.sa