Privacy Policy

Privacy Policy

Last updated: August 26, 2025

Who we are

The JAExams (hereby referred to as "the service provider", or "service provider") website and corresponding data processing is provided by Frostcloud (hereby referred to as "the data processor", or "data processor"). For solely the JAExams website, Frostcloud acts as the data processor and the hosting provider on behalf of us (the service provider). The customer is the data controller of their respective instance installation and manages their own data.

Scope of this policy

This policy explains how information is handled when you use the JAExams website and related services, such as submitting demo or contact requests, and how data is processed within the JAExams platform operated for customers.

What information we collect

  • Contact requests: Name, email address, subject, and message so we can respond to your inquiry.
  • Demo requests: Name, email address, institution, role, and approximate student count so we can provide access and follow up appropriately.
  • Operational data: Limited technical logs required for service reliability and security (for example, timestamps and error logs). We do not sell or profile your data.
  • Payments: If you purchase paid services, card processing is handled by our payment provider. We do not store full card details on our systems.

How we use information

  • To provide, operate, and secure the JAExams platform and related services.
  • To respond to demo and contact requests and provide customer support.
  • To maintain service reliability, debug issues, and protect against abuse.
  • To meet legal and compliance obligations where applicable.

Access to data

Access to personal data is strictly limited to those granted access by the organization behind JAExams, who are required to handle your request or support the operation of the platform. We apply the principle of least privilege, audit access where appropriate, and review access regularly.

Data processor access

Frostcloud (the data processor) does not maintain access to customer data except for what our services provided (the website) is necessary to fulfill the purposes described in this policy. All systems interacting with customer data are generally not accessible by staff employed by Frostcloud.

Roles and responsibilities

  • Data Controller: Our customer (for example, your institution) determines the purposes and means of processing data inside their JAExams instance. This data is generally not accessible to neither the service provider (JAExams) nor the data processor (Frostcloud).
  • Service Provider: JAExams provides the platform and related services, which the Data Controller uses to manage their data. The Service Provider does not have access to customer data except as necessary to maintain and improve the service.
  • Data Processor: Frostcloud processes data solely on documented instructions from the controller and provides secure hosting and operational support. Frostcloud does not maintain any use of the data from the Data Controllers instances.

Data location and transfers

JAExams is hosted within Frostcloud, or other reputable infrastructure providers. Where feasible, environments are provisioned in EU regions. We do not transfer personal data outside the EU unless necessary for compliance with legal obligations or to protect the vital interests of individuals.

Security

We take privacy and security seriously. We use industry-standard measures to protect data in transit and at rest, segment environments, apply least-privilege access, and monitor for suspicious activity. We continuously improve our practices as threats and best practices evolve.

Retention

We retain personal data only as long as necessary to fulfill the purpose it was collected for, to comply with legal obligations, resolve disputes, or enforce agreements. Contact and demo request information is retained for a reasonable period to follow up on your request, unless you ask us to delete it earlier.

Your rights

Depending on your jurisdiction, you may have rights to access, correct, delete, or restrict processing of your personal data. If your data is processed under a customer account, please contact your institution (the controller). For website submissions or if you are unsure, contact us and we will assist.

Contact

For privacy inquiries, requests, or questions about this policy, contact us at
[email protected] or visit /contact.

Changes to this policy

We may update this policy from time to time. Material changes will be posted on this page with an updated “Last updated” date.