Privacy Policy

Effective Date: 27 April 2026 Last Updated: 13 June 2026

This Privacy Policy applies to the QuizAI family of services operated by ACCESS Software Solutions ("ACCESS", "we", "us", or "our") — including:

  • the QuizAI Web App at https://quizai.myaccess.ph (teacher, student, and admin interfaces);
  • the QuizAI Teacher mobile app (Android, package net.accessph.quizaiteacher);
  • the QuizAI Student mobile app (Android, package net.accessph.quizaistudent).

Together these are the "Services". This document explains what we collect, why, who we share it with, and how you can exercise your rights under the Philippine Data Privacy Act of 2012 (R.A. 10173) and its implementing rules.

Each mobile app also publishes a focused privacy notice — see Teacher Mobile · Privacy Policy and Student Mobile · Privacy Policy — but the present document is the canonical reference.

1. Personal Information We Collect

1.1 Account information (provisioned by your Institution)

Most accounts originate from the ACCESS School Management System or are created by an authorized school administrator within the QuizAI Admin panel. We process:

  • full name, role (teacher/student/admin);
  • email address — the canonical, unique login identifier across all Services. School-issued user IDs and student IDs remain supported as secondary identifiers but email is the primary key for authentication;
  • (optional) Google account profile picture and google_sub identifier if you sign in with Google;
  • (optional) an external platform tag — a short identifier that aligns your account with a partner platform connection. It is set automatically when you arrive through a partner site's sign-in link, and teachers and administrators can view, change, or clear it on their profile page. The tag selects which school-system API serves your class data; it is never used for advertising or tracking;
  • a salted bcrypt password hash, stored only when local-password fallback is in use;
  • for students — a student_number per class roster, which may be the school-issued ID. Student numbers are enforced to be unique within each quiz schedule but may repeat across different schedules or schools.

1.2 Educational content

  • Teachers — quizzes, questions, answer choices, questionnaires, uploaded question images, schedules, class rosters (including bulk-uploaded student records: ID number, name, and an optional email address — student records can be created without one).
  • Students — quiz answers, time spent per question, completion timestamps, scanned answer-sheet images (when submitted via OMR), and session security events (e.g. focus loss, tab switch) reported during live or proctored sessions.
  • Service-generated notifications — short in-app notifications addressed to a specific user (for example, "master sheet parsed" or a student's answer-sheet score for the owning teacher), stored with a delivery status so each one is shown exactly once when the app fetches it.

1.3 Device and technical information

  • IP address (used for rate limiting + audit logs).
  • User-agent string and browser session identifier.
  • For mobile apps: device model, OS version, app version, anonymized crash logs.
  • Stable device identifier — a randomly-generated UUID v4 created once per app install and stored in the Android Keystore via FlutterSecureStorage. This identifier:
    • is sent as the X-Device-Id request header on every authenticated mobile API call;
    • is used solely to enforce the single-device-per-account policy (see §2 and §6);
    • persists across logouts but is cleared on uninstall or device data wipe;
    • is never shared with advertisers or used for cross-app tracking.

1.4 Data we do not collect

  • We do not collect biometric templates. Fingerprint / Face unlock is handled entirely by the device's secure hardware (Android Keystore); only a yes/no signal returns to the app.
  • We do not collect precise location.
  • We do not run advertising trackers or use advertising IDs.
  • We do not use student answers or any other user content for AI or machine-learning model training.

2. How We Use Your Information

Purpose Examples Lawful basis
Provide the Services Sign you in, render dashboards, deliver quizzes, score OMR answer sheets Contract with you / your Institution
Maintain academic integrity Server-side timer enforcement, security-event logging during live quizzes Legitimate interest (assessment integrity)
Enforce single-device-per-account policy Device UUID used to revoke prior sessions when a new login occurs on a different device Legitimate interest (account security)
Operate and secure the platform Rate limiting, abuse detection, session-fixation prevention, audit logs Legitimate interest (security)
Communicate with you Service notices, password resets, registration emails Contract / consent
Improve the Services Aggregated, anonymized usage statistics; crash diagnostics Legitimate interest
Comply with legal obligations Records retention, lawful requests from competent authorities Legal obligation

We do not sell personal information, and we do not use student content for model training or any non-educational purpose.

3. Sharing & Disclosure

We share personal information only with:

  • Your Institution — schools and authorized administrators have access to the records of users they provision, including teacher-authored content and student responses.
  • The ACCESS School Management System — when login or roster sync is configured against the ACCESS Web API.
  • Service providers under data-processing agreements — Google (Sign-In + Firebase Crashlytics for the mobile apps), SendGrid (transactional email), our hosting provider. They process data on our behalf and only for the purposes we direct.
  • Authorities, when legally required — in response to lawful subpoenas, court orders, or NPC directives.

We never share your information with advertisers or data brokers.

4. Data Retention

Category Retention
Account record Until your Institution deprovisions you or you request deletion.
Teacher-authored quizzes Until you delete them, or your account is removed.
Student responses & OMR scans For the duration the wrapping quiz exists, plus the Institution's grade-records period. Includes working copies of submitted answer-sheet images (processing-stage and teacher-edited crop/rotate variants) retained so a scan can be re-processed or reviewed.
In-app notifications Retained with the recipient's account (marked delivered once fetched by the app); removed when the account is deleted.
Audit logs 24 months, then archived or purged.
Email logs 6 months.
Mobile crash diagnostics 90 days, anonymized.
Revoked API keys (mobile) Retained in the api_keys table with revoked_at and revoke_reason for audit purposes; purged on account deletion.
Device UUID (mobile) Persists on-device across logouts; cleared on uninstall. Not stored on the server beyond the active api_keys record.

4.1 Account-deletion mechanics

How "deletion" is implemented depends on the role of the account, so that the Institution's grade records and the integrity of past assessments are preserved while you exercise your right to be forgotten.

  • Teacher accounts. When a teacher account is deleted (whether by the teacher themselves via the in-app self-service flow, by an Institution administrator, or by us under Section 8), we re-attribute the teacher's authored content — quizzes, questionnaires, OMR scan history, and the student responses keyed to those quizzes — to a system-defined universal teacher account. The original teacher's row in the users table, their personal class schedules, and their device API keys are then deleted. The system-defined universal teacher account is not a real person; it is an internal placeholder owned by ACCESS that holds inherited content so the Institution can continue to access historical grade records and run item analyses on quizzes whose original author has left.

  • Student accounts. When a student account is deleted, we apply an anonymizing soft-delete. The student's row in the users table is retained (so their answered questions remain referenced by the same internal identifier), but the identifying fields — name, email, password_hash, and google_sub — are replaced with non-reversible random values, the account is deactivated (cannot log in again), and deleted_at is stamped with the moment of deletion. The student is removed from every class roster and from any other listing that would re-attribute future activity to them.

    What is kept: the student's answers (rows in student_responses) and the wrapping quiz_sessions. These contribute to the Institution's grade records and to aggregate item-analysis statistics; without them, deleting one student would retroactively damage the integrity of every co-attempted quiz. Because the user row is anonymized, the answers can no longer be traced back to the individual student outside of records the Institution itself maintains.

    What is removed: all identifying information (name, email, authentication credentials, Google sub) and all attribution in class lists, roster exports, and any UI surface that reads the user table for display.

In both cases, identifying information is erased or irreversibly anonymized except where retention is required by law or to defend legal claims.

5. Your Rights (Philippine Data Privacy Act, R.A. 10173)

Under the DPA you may:

  • be informed about the processing of your data (this Policy);
  • access the personal information we hold about you;
  • object to processing for purposes outside what's described here;
  • rectify inaccurate information;
  • request erasure or blocking of data that is excessive, unlawful, or no longer necessary;
  • claim damages for inaccurate or unauthorized processing;
  • lodge a complaint with the National Privacy Commission (https://privacy.gov.ph).

To exercise any of these rights, email info@accessph.net from the address on file or contact your school's QuizAI administrator.

6. Security

We protect your data with:

  • HTTPS everywhere — TLS 1.2+ on the web and on every mobile API call.
  • Hashed passwords — bcrypt with per-user salt; plaintext passwords are never persisted.
  • Hardware-backed token storage on mobile (Android Keystore via FlutterSecureStorage).
  • Single-device-per-account enforcement — each mobile login issues a fresh bearer key and immediately revokes all prior keys for the same user account. Revocation reason, device identifier, and timestamp are recorded in the api_keys table. When the server revokes a key, it returns a structured JSON 401 response containing a machine-readable reason code (e.g. superseded_by_new_login, expired) so the mobile app can display the correct explanation without guesswork. A displaced device learns its session has been revoked on its next API call; no push notification is sent.
  • Stable device UUID — generated once per install; sent as X-Device-Id on every authenticated request. Not cleared on logout, so the server can bind an install to its issued key across sign-in cycles without collecting device-level PII beyond the UUID.
  • Defence in depth — Content-Security-Policy, HSTS, CSRF double-submit tokens, session fixation prevention, rate limiting, audit logging.
  • MIME-content validation for image uploads.

No system is perfectly secure; we maintain incident-response procedures and will notify affected users and the National Privacy Commission within the timeframes required by law in the event of a qualifying breach.

7. Children's Privacy

Student accounts are provisioned by Institutions whose users may include minors. By provisioning a student under the age of majority, the Institution warrants that it has obtained any consent required from parents or legal guardians under applicable law and its own policies. QuizAI does not knowingly collect personal information from children outside of an Institution-provisioned account.

8. International Transfers

Our infrastructure is hosted within the Philippines or, where service providers operate globally (e.g. Google), in regions with adequate data-protection safeguards. By using the Services you consent to processing in those regions consistent with this Policy and the DPA.

9. Cookies & Local Storage

The web app sets:

  • a session cookie (quizai_session) — required for login;
  • a CSRF cookie used as a double-submit token;
  • a per-request CSP nonce, stored only in memory for that response.

The mobile apps store:

  • the bearer API key, in the Android Keystore (via FlutterSecureStorage);
  • a stable device UUID, in the Android Keystore — persists across logouts, cleared on uninstall or device data wipe;
  • a small key-value preferences store (theme, last-used reference code, scan-queue state for the teacher app).

We do not use third-party advertising cookies or pixels.

10. Changes to This Policy

We may update this Policy. When we make material changes we will update the "Last Updated" date and notify you through the Services or by email. Your continued use after the effective date constitutes acceptance.

11. Contact

ACCESS Software Solutions

DTI Business Name Registration No. 3377044

San Luis, Baguio City 2600, Philippines

Email: info@accessph.net

Web: https://accessph.net

Data Protection Officer: designated representative reachable at the same address.