This Privacy Policy explains how ClinAssess collects, uses, stores, and protects personal data belonging to students, lecturers, examiners, administrators, and institutions ("Users") when using the Platform. It should be read together with our Terms and Conditions and Cookie Policy.
1. Information We Collect
We collect only the information necessary to operate the Platform on behalf of your Institution:
- Account information — name, registration/staff number, institutional email, role (student, staff, HOD, admin, super-admin), and Institution.
- Submission data — clinical histories, case logs, and assessment files you upload, along with the text extracted from them via optical character recognition (OCR) for processing and originality checks.
- Usage data — sign-in activity, pages viewed, actions taken on submissions, and system logs used for security and troubleshooting.
- Device and technical data — browser type, IP address, and similar diagnostic information collected automatically.
2. How We Use Your Information
We use collected information to:
- Authenticate users and enforce role-based access controls.
- Process, store, and display clinical assessment submissions.
- Run automated originality checks, including perceptual hashing and text-similarity (Jaccard) comparison against other submissions in your Institution's records.
- Generate dashboards, reports, and notifications for students, lecturers, and administrators.
- Maintain platform security, detect abuse, and troubleshoot technical issues.
- Communicate important service updates.
ClinAssess does not use your data for advertising and does not sell personal data to third parties.
3. Your Institution's Role
ClinAssess acts primarily as a data processor on behalf of your Institution, which determines how student and staff records are used academically (for example, grading and originality review decisions). Some data-handling choices — such as retention periods and who may access particular records — are configured by your Institution's administrators.
4. How We Store and Protect Data
Personal data and submissions are stored in access-controlled systems, including a managed PostgreSQL database and, where configured by an Institution, integrated Google Workspace storage (Drive, Docs, and Sheets) used to organize and archive records. We apply the following safeguards:
- Encryption of data in transit (HTTPS/TLS) and, where applicable, at rest.
- Role-based access controls limiting who can view or edit records.
- Authenticated sessions and audit logging of key actions.
- Regular backups and restricted administrative access to production systems.
5. How We Share Information
We share personal data only in the following circumstances:
- With authorized staff at your Institution who require access to perform their role (e.g. lecturers reviewing submissions, HODs approving results, administrators managing accounts).
- With infrastructure and service providers that help us operate the Platform, such as cloud hosting and application-hosting providers, email delivery services, and Google Workspace (where an Institution uses Drive/Docs/Sheets integration). These providers are bound to handle data only as instructed.
- When required by law, regulation, or valid legal process.
- With your consent, or at your Institution's direction.
6. Data Retention
We retain personal data and submissions for as long as necessary to provide the Platform, in line with your Institution's retention policy and applicable academic record-keeping requirements. When an Institution requests deletion of specific records, we will delete them from active systems, subject to a limited period during which the data may still exist in encrypted backups.
7. Your Rights
Depending on your Institution's policies and applicable law, you may have the right to:
- Request access to the personal data we hold about you.
- Request correction of inaccurate information.
- Request deletion of your data, subject to academic record-keeping obligations.
- Ask how your data has been used, including in originality/duplicate checks.
Requests should generally be made through your Institution's administrator, who can escalate to ClinAssess where needed.
8. Cookies
ClinAssess uses a limited number of cookies necessary to keep you signed in and to remember basic preferences. See our Cookie Policy for full details.
9. International Data Storage
Some infrastructure providers we rely on (including cloud hosting and Google Workspace, where enabled) may store or process data outside your Institution's home country. Where this occurs, we require providers to maintain appropriate security and confidentiality safeguards.
10. Students and Minors
ClinAssess is intended for use by enrolled students, staff, and administrators of participating Institutions. It is not directed at children outside an educational enrollment context, and Institutions are responsible for ensuring appropriate consent and safeguarding where local law requires it for minors.
11. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. Material changes will be communicated where appropriate, and the "last updated" date above will be revised.
12. Contact Us
Questions about this Privacy Policy or your personal data can be directed to:
- Support email: support@clinassess.graundra.com
- Or through your Institution's ClinAssess administrator.