AndaaExam Logo

Privacy Policy for AndaaExam

Last Updated: March 30, 2026

1. Introduction

AndaaExam ("the App," "we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you use our mobile and web applications, including all related features and services (collectively, "the Service").

Please read this Privacy Policy carefully. If you do not agree with our policies and practices, please do not use our Service. By accessing or using AndaaExam, you acknowledge that you have read, understood, and agree to be bound by this entire Privacy Policy.

We are not a party to or subject to the Children's Online Privacy Protection Act (COPPA), but we recommend that users under 18 obtain parental consent before using the Service.

2. Information We Collect

2.1 Information You Provide Directly

Authentication & Account Information

  • Email Address: Required to create and maintain your account via Firebase Authentication.
  • Password Hash: Securely stored only in Firebase Authentication servers; we never access plain-text passwords.
  • User Profile Data: Your username and profile picture.

Course & Study Content

  • Syllabus Files: PDF and text files you upload are stored in Google Cloud Storage and analyzed by Google's Gemini AI API to generate summaries and quizzes.
  • Study Data: Quiz answers, scores, progress tracking, notes, and bookmarks within the App.
  • Learning Preferences: Your course selections, quiz, and study sessions.

Payment & Purchase Information

  • Purchase Tokens: Google Play Billing tokens (hashed and stored for transaction verification only).
  • Subscription & Diamond Purchase Records: Product IDs, transaction dates, amounts, and subscription status (active, expired, cancelled).
  • Billing History: Records of all in-app purchases are retained in your account for auditing and support purposes.

Important: We never store full credit card numbers, bank details, or payment methods. All payment processing is handled exclusively by Google Play Billing and Apple In-App Purchase. We receive only tokenized transaction confirmations.

Support & Communication

  • Support Emails: If you contact us for assistance, we retain your email and the content of your inquiries for troubleshooting and record-keeping.
  • Error Logs: When you report a bug, diagnostic data (device model, OS version, app version, error messages) may be collected.

2.2 Information Collected Automatically

Device & Usage Data

  • Device Information: Device model, operating system version, unique device identifiers (Android ID, iOS UDID), device language, and timezone.
  • App Performance: Session duration, features used, pages visited within the App, and timestamps of activity.
  • Crash Reports: Unhandled exceptions, stack traces, and memory usage information (collected via Firebase Crashlytics).
  • Analytics: Aggregated data on feature adoption, user behavior patterns, and App stability (via Google Analytics or Firebase Analytics).

Network Information

  • IP Address: Logged when you communicate with our servers (for load balancing, security, and fraud detection).
  • Connection Type: Whether you connected via Wi-Fi or mobile network.

Ad Interaction Data

  • AdMob Data: Information about whether you view rewarded advertisements, ad impressions, and click interactions (this data is collected by Google AdMob).

2.3 Information from Third Parties

Service Providers

  • Google Firebase: Provides authentication, database (Firestore), storage (Cloud Storage), and cloud functions.
  • Google Play Billing / Apple In-App Purchase: Provides payment processing and purchase verification.
  • Google Gemini API: Processes your uploaded syllabus files for AI-powered summarization.
  • Google AdMob: Serves non-personalized ads (rewarded video ads) within the App.

3. How We Use Your Information

3.1 Service Delivery

  • Creating and maintaining your account.
  • Processing, verifying, and fulfilling purchases (subscriptions, diamond packs, ad rewards).
  • Generating AI-powered summaries and quizzes from your uploaded syllabus files.
  • Delivering course recommendations and personalized study suggestions.
  • Storing and synchronizing your study progress across devices.

3.2 Communication

  • Sending you transactional emails (purchase confirmations, subscription renewals, password resets).
  • Notifying you of App updates, new features, or service interruptions.
  • Responding to your support requests.

3.3 Analytics & Improvement

  • Analyzing user behavior to identify usage patterns and improve the App.
  • Fixing bugs and optimizing performance based on Crashlytics and error logs.
  • Conducting A/B tests to test new features safely.
  • Understanding which features users rely on most.

3.4 Security & Legal Compliance

  • Detecting and preventing fraud, abuse, or unauthorized access.
  • Complying with legal obligations and court orders.
  • Enforcing our Terms of Service and other agreements.
  • Protecting the rights, property, and safety of AndaaExam, our users, and the public.

3.5 Aggregated & De-Identified Data

  • Creating anonymized datasets for research purposes (e.g., studying exam preparation trends).
  • Benchmarking performance against industry standards.
  • Publishing statistical insights that do not identify you personally.

4. How We Share Your Information

4.1 Essential Service Providers

We share personal information only with service providers who assist us in operating the App and providing the Service:

  • Google Firebase (Authentication, Firestore, Cloud Storage, Cloud Functions): Your account credentials, study data, and uploaded files.
  • Google Play Billing / Apple In-App Purchase: Purchase tokens and verification payloads (limited, transaction-specific data).
  • Google Gemini API: Your uploaded syllabus files (unencrypted at upload) for AI analysis. These files are processed but not retained by Google beyond the analysis period.
  • Google AdMob: Aggregated ad interaction data and non-personalized targeting parameters.

All service providers are contractually obligated to use your data only for the purposes we specify and to maintain data security standards equivalent to ours.

4.2 Legal & Safety Disclosures

We may disclose your personal information if required to do so by law, or if we believe in good faith that such disclosure is necessary to:

  • Comply with applicable laws, regulations, or legal processes (e.g., subpoena, warrant, court order).
  • Enforce our Terms of Service and other agreements.
  • Protect the physical safety, property, or intellectual property rights of AndaaExam, our users, or the general public.
  • Detect, prevent, or address fraud, security issues, or technical problems.

4.3 Business Transfers

If AndaaExam is involved in a merger, acquisition, bankruptcy, or sale of assets, your personal information may be transferred as part of that transaction. We will provide notice and, where legally required, seek your consent before such transfer.

4.4 Aggregated & De-Identified Data

We may share aggregated, anonymized statistics (e.g., "80% of users complete their first ." or "the average score improvement after 2 weeks is 15%") without restriction. Such data cannot be used to identify you personally.

4.5 With Your Consent

We may share your personal information for purposes beyond this Privacy Policy if you explicitly consent in writing (e.g., for research partnerships, marketing collaborations).

5. Data Security

5.1 Technical Measures

  • Encryption in Transit: All communication between your device and our servers uses HTTPS/TLS 1.2 or higher.
  • Encryption at Rest: Personal data stored in Google Firebase Firestore and Cloud Storage is encrypted at rest using Google-managed or customer-managed keys.
  • Password Security: Passwords are hashed using Firebase Authentication's bcrypt algorithm; we never have access to your plain-text password.
  • Purchase Token Hashing: Purchase tokens are hashed using SHA-256 before storage to prevent replay attacks.

5.2 Administrative Safeguards

  • Role-Based Access Control: Only authorized personnel can access your data, and only to the extent necessary.
  • Audit Logging: All access to sensitive data is logged and monitored for unauthorized activity.
  • Incident Response Plan: We maintain procedures to detect, respond to, and mitigate data breaches.

5.3 Third-Party Security

Google Firebase is SOC 2 Type II certified and complies with ISO 27001 standards. Google Cloud infrastructure includes DDoS protection, intrusion detection, and 24/7 monitoring.

5.4 Limitations

No system is absolutely secure. While we implement industry-standard security measures, we cannot guarantee absolute security against sophisticated cyber attacks. You are responsible for maintaining the confidentiality of your password. If you suspect unauthorized access, contact us immediately at contact@jacquesuwonda.com.

6. Your Rights & Choices

6.1 Data Access & Portability

  • Right of Access: You can request a copy of all personal information we hold about you. To exercise this right, contact us with your request.
  • Data Portability: Where technically feasible, we can export your data (study records, quiz history, analytics) in a commonly used format (JSON, CSV).

6.2 Correction & Deletion

  • Right to Erasure: You can request that we delete your account and all associated data. Upon request, we will delete your personal information within 30 days, except where:
    • Retention is required by law (e.g., tax records).
    • Deletion is technically infeasible due to distributed system architecture.
    • Data is necessary to investigate, detect, or prevent fraud or security issues.
    • Data has been aggregated and de-identified.

6.3 Opt-Out of Marketing Communications

  • We do not send promotional emails. If we introduce marketing communications in the future, you can opt out by clicking "Unsubscribe" in any email or by managing communication preferences in your account settings.

6.4 Opt-Out of Analytics

  • On Android: Use your device's "Limit Ad Tracking" setting or reset your Advertising ID in Settings > Google > Manage Your Google Account > Data & Privacy.
  • On iOS: Use "Limit Ad Tracking" in Settings > Privacy > Tracking.
  • This may limit the App's ability to show non-personalized ads but will not prevent core functionality.

6.5 Exercising Your Rights

To exercise any of these rights, contact us at:

Email: contact@jacquesuwonda.com Mailing Address: Ituri, Bunia, DRC 0000.
Response Time: We aim to respond to verified requests within 30 days. Complex requests may require up to 90 days.

7. International Data Transfers

7.1 U.S. & EU Data Transfers

AndaaExam operates globally and stores data in Google Cloud regions, primarily in the United States. If you reside in the EU, UK, or other jurisdictions with data protection laws that restrict transfers, we rely on:

  • Standard Contractual Clauses (SCCs): Approved data transfer mechanisms for EU-originated data.
  • Adequacy Decisions: Where applicable (e.g., for UK data under post-Brexit arrangements).
  • Your Explicit Consent: By using the App, you consent to the transfer of your personal information to the United States and other countries where Google Cloud operates.

7.2 GDPR Compliance (EU Users)

If you are a resident of the European Union:

  • You have the right to lodge a complaint with your national data protection authority.
  • We process your data based on your consent (authentication) and legitimate interest (service improvement, security).
  • You can withdraw consent at any time by deleting your account; however, we may retain data as permitted by law.

7.3 CCPA Compliance (California Residents)

If you are a California resident, you have the right to:

  • Know what personal information is collected, used, and shared.
  • Delete personal information (subject to exceptions).
  • Opt-out of the sale or sharing of personal information (we do not sell your data).

To exercise CCPA rights, contact us using the details in Section 6.5.

8. Data Retention

8.1 Retention Periods

  • Account Data: Retained while your account is active. Upon account deletion, deleted within 30 days (except where retention is legally required).
  • Purchase History: Retained for 7 years to comply with accounting and tax obligations.
  • Crash Reports & Analytics: Retained for 90 days, then automatically deleted.
  • Email Communications: Retained for 2 years for support audit trail.
  • Advertising Data: Retai ned by Google AdMob per their retention policies (typically 180 days).
  • Syllabus Files: Deleted from our servers 30 days after upload, unless you disable this auto-delete setting in App preferences.

8.2 Legal Holds

If we are involved in a legal dispute or investigation, we may retain data longer than normal retention periods to comply with court orders or preserve evidence.

9. Third-Party Services & Links

9.1 External Links

This Privacy Policy applies only to the AndaaExam App and Web Service. We are not responsible for the privacy practices of third-party websites or services linked from our site. We encourage you to review the privacy policies of any external services before providing your information.

9.2 Social Media

If you interact with AndaaExam on social media (Instagram, Twitter, Facebook), note that those platforms have their own privacy policies. We recommend reviewing them directly.

9.3 Embedded Services

Our App and website may embed services from:

  • Google Fonts: For typography.
  • Sentry or Firebase Crashlytics: For error reporting.

These services collect data as described in their respective privacy policies.

10. Children's Privacy

10.1 Age Restriction

The Service is intended for users 18 years and older. We do not knowingly collect personal information from children under 18 without parental consent. If we discover that we have collected data from a minor without parental consent, we will delete it immediately.

10.2 Parental Consent

If you are a parent or guardian and believe your child has provided information to us, please contact us at contact@jacquesuwonda.com, and we will investigate and comply with applicable child protection laws (COPPA for US users, relevant legislation for other jurisdictions).

11. California Privacy Rights (CCPA & CPRA)

If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):

11.1 Right to Know

You can request to know:

  • Categories of personal information collected.
  • Sources of the information.
  • Business/commercial purpose for collection and sharing.
  • Categories of third parties with whom we share information.

11.2 Right to Delete

You can request deletion of personal information collected and retained by us, subject to certain exceptions (legal obligations, fraud prevention, etc.).

11.3 Right to Opt-Out of Sale or Sharing

AndaaExam does not sell or share your personal information for advertising purposes.

11.4 Right to Limit Use & Disclosure

You can request that we limit our use of your sensitive personal information (e.g., financial account numbers) to purposes necessary to provide the Service you requested.

11.5 Verification

To exercise these rights, submit a verifiable consumer request via email to contact@jacquesuwonda.com with proof of identity (government-issued ID, account ID). We will verify your identity and respond within 45 days.

12. European Privacy Rights (GDPR & EDPB)

If you are located in the European Union or European Economic Area, you have the following rights under the General Data Protection Regulation (GDPR):

12.1 Right to Access

You can request access to your personal data in a structured, commonly used, machine-readable format.

12.2 Right to Rectification

You can request correction of inaccurate personal data.

12.3 Right to Erasure ("Right to Be Forgotten")

You can request deletion of your personal data, except where retention is required by law or necessary for the purposes for which we collected it.

12.4 Right to Restrict Processing

You can request that we limit how we process your personal data while we investigate your concerns.

12.5 Right to Data Portability

You can request that we provide your data in a machine-readable format to you or transfer it to another service provider.

12.6 Right to Object

You can object to processing based on legitimate interests. If you object to marketing communications, we will cease such communications.

12.7 Right to Lodge a Complaint

If you believe your rights have been violated, you can lodge a complaint with your national data protection authority (e.g., CNIL in France, ICO in the UK).

13. Contact Information & Your Privacy Rights

To exercise any of the rights described in this Privacy Policy, or to submit questions about our data practices, contact us at:

Email: contact@jacquesuwonda.com
Web Form: exam.andaedge.com/privacy-contact
Mailing Address:
AndaaExam Legal - Privacy Officer
Ituri, Bunia, DRC 00000

Response Commitment: We will acknowledge receipt of your request and respond substantively within 30 days. If your request is complex, we may need up to 90 days, and we will inform you of any extension.

14. Data Protection Officer (for GDPR-Compliant Organizations)

If AndaaExam designates a Data Protection Officer (DPO), you can contact them at:

Email: dpo@andaaexam.com

15. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. When we make material changes, we will:

  • Notify you via email to your registered account email address, or
  • Post a prominent notice on our App/website with the updated effective date.

Your continued use of the App after such updates constitutes acceptance of the revised Privacy Policy. We encourage you to review this policy regularly to stay informed about how we protect your data.

Current Version: March 30, 2026

16. Disclaimer & Limitation of Liability

While we strive to protect your personal information, no system is absolutely secure. We cannot guarantee that unauthorized access, hacking, or data loss will never occur. We disclaim liability for unauthorized access to your data except to the extent prohibited by law.

Additional Disclaimers:

  • We are not liable for errors in data transmission or temporary unavailability of services.
  • Your use of the App is at your own risk. We provide the App "as is" without warranty.
  • Our liability is limited as described in our Terms of Service.

17. Additional Information

17.1 Dispute Resolution

Any disputes arising out of this Privacy Policy or our privacy practices shall be governed by the laws and resolved through binding arbitration or court proceedings as outlined in our Terms of Service.

17.2 Survival

Sections of this Privacy Policy that by their nature should survive termination (e.g., Data Security, Limitation of Liability) shall continue to apply after your account is deleted.

17.3 Severability

If any provision of this Privacy Policy is found to be unenforceable, the remaining provisions shall continue in full force and effect.

18. Summary of Your Privacy Rights at a Glance

RightHow to ExerciseResponse Time
Access Your DataEmail contact@jacquesuwonda.com30 days
Delete Your AccountApp Settings > Account > Delete AccountImmediate (data purged in 30 days)
Correct InformationApp Settings > ProfileImmediate
Export Your DataEmail contact@jacquesuwonda.com with request30 days
Opt-Out of AnalyticsDevice Settings (Limit Ad Tracking)Immediate
Lodge a Complaint (GDPR)Your National Data Protection AuthorityN/A
File CCPA RequestEmail contact@jacquesuwonda.com45 days
Contact Privacy Officercontact@jacquesuwonda.com30 days

19. Glossary

  • Personal Information: Any information that identifies you or is linked to you.
  • Processing: Any operation performed on personal information (collection, use, storage, deletion).
  • Data Controller: The entity (AndaaExam) that determines how and why personal information is processed.
  • Data Processor: A third party (Google Firebase, AdMob) that processes data on our behalf.
  • Consent: Your affirmative agreement to our use of your information for specific purposes.
  • Legitimate Interest: Our business need to use your data in ways you would reasonably expect (e.g., fraud prevention, service improvement).

Thank you for trusting AndaaExam with your personal information. We are committed to protecting your privacy and providing a safe, secure learning environment.

This Privacy Policy is effective as of March 30, 2026 and was last updated on March 30, 2026.

For questions or concerns, contact: contact@jacquesuwonda.com