Privacy Policy

This Privacy Policy describes how the developers of myProctor ("we", "us", or "our") collect, use, and protect information when you use the myProctor application ("the App"). myProctor is a workforce and inventory management application provided to authorized personnel for use during proctored examination events.

By using myProctor, you agree to this Privacy Policy and to the Pilot Use and Confidentiality Terms set forth in Section 12.

This Privacy Policy is valid through December 31, 2026 and will be reviewed and updated for the subsequent year.

01Scope

This Privacy Policy applies only to the myProctor application. It does not apply to any third-party services, websites, or applications that myProctor may link to or integrate with.

myProctor is provided exclusively to authorized personnel and approved partners. The App is not intended for use by the general public.

02Information We Collect

We collect the following categories of information:

Account Information

• Name
• Email address
• Phone number (if provided)
• Role assignment (e.g., Proctor, Helper, Administrator)
• City and venue assignment

Authentication Data

• Firebase Authentication credentials
• Sign-in timestamps
• Device push notification tokens

Operational Data

• Attendance records (check-in and check-out timestamps)
• Inventory device assignments and transfers
• Broadcast messages you send or receive (encrypted in transit and at rest)
• QR codes scanned during inventory operations

Venue & Location Verification

• Approximate geographic coordinates (latitude and longitude, rounded to approximately 11-meter precision) captured only at the moment a check-in or check-out QR code is generated
• City name derived from the device location at the same moment, used for display and audit purposes

Location data is used solely to verify that the proctor is physically present at the assigned event venue at the time of attendance. Location is not collected in the background, not tracked continuously, and not used to monitor movement, routes, or location history. The App requests "When In Use" location authorization only and reads a single location point at the moment of QR generation; no further location updates are requested or stored.

Device Information

• Device model and operating system version
• App version
• Anonymous device identifiers used for app integrity verification (Apple App Attest)

Diagnostic Information

• Crash reports
• Performance metrics
• Error logs

We do not collect:

• Continuous or background location data
• Location history, movement tracking, or route information
• Location data outside of the moment of check-in or check-out QR generation
• Camera or microphone recordings (the camera is used only for QR code scanning; no images are stored)
• Contacts, photos, or files from your device
• Browsing history or activity outside the App

03How We Use Your Information

We use the information collected for the following purposes:

• Authentication and authorization — to verify your identity and grant access to features appropriate to your role
• Operational coordination — to assign devices, track attendance, and coordinate proctoring activities during events
• Venue verification — to confirm that attendance QR codes are generated by personnel physically present at the assigned event venue, preserving the integrity of attendance records. Location is captured only at the discrete moment of QR generation and is never collected continuously or in the background.
• Communications — to deliver broadcast messages, push notifications, and operational alerts relevant to your role
• Inventory accountability — to maintain an audit trail of device custody, condition, and transfers
• Service improvement — to diagnose issues, improve App reliability, and enhance features
• Security and integrity — to detect unauthorized access, prevent abuse, and verify that requests originate from the genuine myProctor app

04How We Protect Your Information

We implement industry-standard security measures, including:

• End-to-end encryption of broadcast messages using AES-GCM with HKDF-SHA256 key derivation
• Encryption in transit for all communications with our backend (TLS 1.2 or higher)
• Encryption at rest for data stored in Firebase
• App attestation via Apple's App Attest service to verify requests come from the genuine app on a genuine device
• Role-based access control so users can only access data appropriate to their role
• Secure credential storage via the iOS Keychain
• Access logging for audit and accountability purposes

Despite these measures, no system is perfectly secure. You are responsible for safeguarding your sign-in credentials and notifying us if you suspect unauthorized access.

05Information Sharing

We do not sell, rent, or trade your personal information. We share information only in the following limited circumstances:

• With your organization — your usage data, attendance records, and operational activities are visible to authorized administrators within your organization
• With service providers — we use trusted third-party services to operate the App, including:
  • Google Firebase (authentication, database, push notifications, analytics)
  • Apple Inc. (App Attest, push notifications via APNs)
• For legal compliance — if required by law, court order, or government request
• With your consent — in any other circumstance, only with your explicit prior consent

Our service providers are contractually obligated to protect your information and use it only for the purposes we specify.

06Data Retention and Account Deletion

6.1 Retention Periods

Active account data

• Profile information (name, email, phone, assigned city, preferences) — retained for the duration of your authorized use, plus the deletion lifecycle described in Section 6.2
• Authentication credentials — retained for the duration of your authorized use

Operational records

Retained per the Owner Entity's record-keeping policy, currently set to 5 years from the date of each record. This retention window is configurable by authorized administrators within the App; material changes will be reflected in this Privacy Policy.

• Inventory batch records and device custody logs
• Attendance check-in and check-out records
• Broadcast messages and support communications
• Audit logs of administrative actions

Other

• Broadcast inbox view — auto-filtered after 300 days from your personal inbox; underlying records retained per the operational retention policy above
• Diagnostic logs — retained for up to 90 days

6.2 Account Deletion

You may delete your account at any time from within the App (Profile → Delete Account). When you initiate deletion:

• Grace Period (default 30 days) — Your profile remains accessible and you can sign back in at any time to cancel the deletion. Signing in during the grace period automatically cancels the pending deletion.
• Anonymization (after grace period) — If you do not cancel within the grace period, your account proceeds to full anonymization:
  • Your Firebase Authentication account is disabled, your email is replaced with a non-identifying placeholder, and all active sessions are revoked
  • Your name is replaced with "Deleted User" across all operational records (inventory logs, broadcasts, attendance, support tickets, audit logs)
  • Any attachments you uploaded are deleted from cloud storage
  • The underlying operational records are retained per Section 6.1, but no longer identify you by name

Both the grace period length and the operational retention window are configurable by authorized administrators within the App. Material changes to these values will be reflected in this Privacy Policy.

6.3 Anonymization vs. Deletion

In accordance with Apple App Store Guideline 5.1.1(v) and the Saudi Personal Data Protection Law (PDPL), we distinguish between two categories of data when handling account deletion:

• Personal Data — removed upon completion of the deletion lifecycle: profile fields, authentication identity, uploaded attachments, and cached identifying information across all records
• Operational Records — retained as legitimate business records of test events you participated in, but anonymized so that they no longer identify you personally

This approach allows the Owner Entity to maintain operational continuity, audit trails, and regulatory record-keeping obligations while honoring your right to have your personal information removed from the system. Free-text content authored by other users (e.g., operational notes) may incidentally reference your name; we scrub structured identity fields but do not scan free-text content for incidental mentions.

6.4 Administrator-Initiated Deletion

Authorized administrators may also initiate deletion of an account on a user's behalf — including immediate tombstoning (profile scrub with restorable archive snapshot) — in cases where the standard self-deletion flow is not appropriate (for example, separation of employment, regulatory request, or extended inactivity). The anonymization process for administrator-initiated deletion is identical to user-initiated deletion.

6.5 Audit Trail of Deletion Operations

All deletion and anonymization operations are recorded in an internal audit log capturing the timestamp, the operator who performed the action, and a summary of the records affected. This audit log is itself retained as a legitimate business record and does not contain personal information about the deleted user beyond their original system identifier.

6.6 Records We May Be Required to Retain

We may retain certain records beyond the standard retention period when required by:

• Applicable law (e.g., financial recordkeeping requirements)
• An active operational investigation by the Owner or responsible entity
• A regulatory or legal request

In such cases, your personal information will continue to be anonymized as described in Section 6.2 unless retention of identifying information is itself legally required and explicitly disclosed to you.

07Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal information:

• Access — request a copy of the personal information we hold about you
• Correction — request correction of inaccurate information
• Deletion — request deletion of your personal information at any time via the in-App deletion flow described in Section 6.2, subject to the operational record anonymization approach described in Section 6.3
• Restriction — request that we limit how we process your information
• Objection — object to certain types of processing
• Portability — request a copy of your information in a machine-readable format

To exercise any of these rights, contact us at the address in Section 13.

For users in Saudi Arabia, your rights are governed by the Personal Data Protection Law (PDPL), including the right to lodge a complaint with the Saudi Data and Artificial Intelligence Authority (SDAIA).

08International Data Transfers

myProctor uses Google Firebase, which may store and process data in data centers located outside your country of residence. We rely on standard contractual clauses and similar safeguards to ensure that international transfers comply with applicable data protection laws.

09Children's Privacy

myProctor is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from minors. If we learn that we have collected information from a minor, we will delete it promptly.

10Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or operational needs. When we make material changes, we will notify you through the App and update the "Last Updated" date above.

This policy is valid through December 31, 2026. A revised policy covering the subsequent year will be issued before its expiration.

Your continued use of myProctor after changes are posted constitutes your acceptance of the updated policy.

11Pilot Phase Notice

myProctor is currently in a pilot phase (testing) and is distributed only to authorized testers via Apple TestFlight. During this phase:

• The App is not for general public use
• Features and data handling practices may change without prior notice
• The Pilot Use and Confidentiality Terms in Section 12 apply with full force
• Once myProctor transitions from pilot to production release, this Privacy Policy will be reviewed and updated as needed

12Pilot Use & Confidentiality Terms

The following confidentiality and use restrictions are an integral part of this Privacy Policy. By installing, accessing, or using myProctor, you acknowledge and agree to all of the following terms.

12.1 Restricted Use

myProctor is provided exclusively for use during authorized pilot events and operational windows. You may use the App only for the purposes for which you have been authorized — namely, supporting proctored examinations, coordinating event logistics, and managing assigned devices. Use of the App outside the scope of your authorization is not permitted.

12.2 No Redistribution

You may not forward your TestFlight invitation link, redemption code, or any installation credentials to any individual outside the authorized pilot group. You may not install the App on devices other than those assigned to you for authorized use. Any redistribution of the App, its installer, its credentials, or its data without prior written consent from the developers is strictly prohibited.

12.3 No Reverse Engineering

You agree not to reverse-engineer, decompile, disassemble, deconstruct, or attempt by any means to extract, analyze, or derive:

• The source code of the App
• Authentication credentials, API keys, or encryption keys
• Database schemas, internal data structures, or proprietary business logic
• Any other proprietary information embedded in or transmitted by the App

This prohibition applies regardless of the App's distribution method, classification status, or operational phase, and applies whether or not the information is technically accessible.

12.4 Data Handling

Any data accessed, generated, or transmitted through the App during your authorized use — including but not limited to broadcast messages, inventory records, attendance data, and operational metadata — must be handled in accordance with your organization's data policies and applicable law. You may not export, share, copy, screenshot, transcribe, or otherwise extract such data outside the App without authorization.

12.5 Legal Consequences

Any unauthorized use, redistribution, reverse engineering, disclosure, or extraction of the App, its credentials, encryption keys, source code, or proprietary data — without prior written consent from the developers — will be considered a material breach of this Privacy Policy and the agreement formed by your use of the App.

Such breach may result in:

• Immediate termination of your authorization to use the App
• Civil liability, including damages, lost profits, and the costs of investigation and enforcement
• Injunctive relief to prevent further unauthorized use or disclosure
• Referral to law enforcement authorities where applicable
• Any other remedies available under applicable law, including but not limited to the laws of the Kingdom of Saudi Arabia and any other jurisdiction in which the breach occurs or has effect

These obligations of confidentiality and non-reverse-engineering survive the termination of your authorization to use the App and continue to apply in the production phase. The terms of confidentiality set forth in this section shall be reviewed and revised as appropriate when myProctor transitions from pilot to production release, but the core restrictions on reverse engineering, redistribution, and unauthorized disclosure will continue to apply in revised form.

12.6 Reporting Obligations

If you become aware of any actual or suspected breach of these terms — including loss of a device with the App installed, suspected unauthorized access, or third-party requests for App-related information — you must promptly notify us at the contact address in Section 13.

13Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy, your personal information, or the Pilot Use and Confidentiality Terms, please contact:

For data protection complaints in Saudi Arabia, you may also contact: