Legal

Privacy Policy

Last updated: April 26, 2025

1. Who we are

ePrepX is a product owned and operated by Fluede Technologies (registration details available on request). Our registered contact address is legal@fluede.com.

This Privacy Policy explains how Fluede Technologies collects, uses, stores, and protects personal information in connection with the ePrepX platform.

2. Data controller and processor

Where ePrepX is used by a school or educational institution ("School"), the School acts as the data controller for the personal data of its students, staff, and parents. Fluede Technologies acts as the data processor, processing personal data on behalf of and under the instruction of the School.

Data processing activities are governed by a Data Processing Agreement (DPA) entered into between Fluede Technologies and each School upon onboarding.

3. What data we collect

3.1 School and administrator data

  • Name, email address, and job title of school administrators and coordinators
  • School name and contact details
  • Billing information (processed by our payment provider; we do not store raw card data)
  • Usage data and platform activity logs

3.2 Student data (processed on behalf of Schools)

  • Student name and identifier (as provided by the School)
  • Exam responses and answers submitted through the platform
  • Automated grades and rubric-matched scores
  • Result reports and certificates

3.3 Website visitor data

  • Name and email address when submitted via contact or demo request forms
  • Technical data (IP address, browser type, referring URL) via server logs

4. How we use your data

  • To provide, maintain, and improve the ePrepX platform
  • To respond to demo requests, enquiries, and support tickets
  • To send transactional emails (confirmation, results notifications)
  • To comply with legal obligations
  • To protect the security and integrity of the platform

We do not use student data for any commercial purpose, advertising, or product improvement without the explicit consent of the School.

5. Legal basis for processing (GDPR)

Where GDPR applies, we process personal data on the following bases:

  • Contract: processing necessary to fulfil our agreement with Schools
  • Legitimate interests: platform security, fraud prevention, service improvement
  • Legal obligation: compliance with applicable laws
  • Consent: for marketing communications (where obtained)

6. Data retention

We retain personal data for as long as necessary to fulfil the purposes described in this policy and to comply with legal obligations. Upon termination of a School's subscription, we will retain data for 90 days to allow for data export, after which all personal data is securely deleted or anonymised.

7. Data security

All data transmitted to and from ePrepX is encrypted in transit using TLS 1.3. Data at rest is encrypted using AES-256. We maintain access controls, audit logs, and conduct regular security reviews. In the event of a data breach, affected parties will be notified within 72 hours where required by applicable law.

8. Your rights

Subject to applicable law, you have the right to:

  • Access the personal data we hold about you
  • Request correction of inaccurate data
  • Request deletion of your data (subject to legal retention requirements)
  • Object to processing or request restriction
  • Data portability (receive your data in a machine-readable format)
  • Withdraw consent at any time (where processing is consent-based)

To exercise any of these rights, contact us at legal@fluede.com.

9. Third-party services

ePrepX uses the following third-party services:

  • Supabase: database hosting and authentication
  • Resend: transactional email delivery
  • Vercel: platform hosting and CDN

Each provider is subject to appropriate data processing agreements.

10. Contact us

For any privacy-related questions or to exercise your rights, contact Fluede Technologies at: legal@fluede.com

Terms of Service →Contact us