Menu
Legal

Data Processing Addendum (DPA)

Last updated: 05 Feb 2026

This Data Processing Addendum (“DPA”) forms part of the agreement between the customer (school/coaching institute/educator organization) (“Customer”) and Evaluate AI LLP (“Processor” or “Evaluate AI”) governing the processing of personal data in connection with the E-Valuate services at evaluate-ai.app (the “Service”).

Contact (privacy/grievance): support@evaluate-ai.app

1) Definitions

  • Personal Data: information relating to an identified or identifiable person, including student identifiers on answer sheets.
  • Processing: any operation performed on Personal Data (collection, storage, OCR, evaluation, marking, deletion, etc.).
  • Controller/Fiduciary: the party that determines the purpose and means of processing (typically the Customer for student exam data).
  • Processor: the party that processes data on behalf of the Controller/Fiduciary (Evaluate AI for student exam data).

2) Scope and roles

For student answer sheets and related exam content uploaded by the Customer, the Customer acts as the Controller/Fiduciary and Evaluate AI acts as the Processor. Evaluate AI processes Personal Data only to provide the Service, and only in accordance with the Customer’s documented instructions (including these Terms, the platform configuration, and support requests).

3) Details of processing

A) Subject matter

AI-assisted evaluation of handwritten answer sheets, including OCR, rubric-based grading, annotations/marking, and reporting.

B) Duration

Processing occurs during the Customer’s use of the Service. By default, evaluation outputs and related files are retained for approximately 48 hours after evaluated answer sheets are generated, unless the Customer deletes earlier or a different retention setting is enabled for the Customer’s institution/plan.

C) Nature and purpose

To deliver: (i) OCR extraction, (ii) per-question evaluation, (iii) marked PDFs with scores/remarks, (iv) summaries and analytics, (v) downloads (PDF/ZIP/Excel) and related support/troubleshooting.

D) Categories of data

  • Student answer sheets (handwriting, diagrams, responses)
  • Student identifiers that may appear on sheets (name, roll number, class/section)
  • Exam artifacts: question paper, model answer, rubrics, marks, remarks, scores
  • Operational logs necessary for security and troubleshooting (limited)

E) Categories of data subjects

  • Students
  • Teachers/examiners
  • Customer staff (admin/users)

4) Customer obligations

  • Customer will ensure it has a lawful basis/authority to process and share Personal Data with Evaluate AI.
  • Customer will provide required notices and obtain consents (if applicable) from students/guardians as per its policies and law.
  • Customer will ensure User Content does not violate laws, exam-board rules, or third-party rights.
  • Customer is responsible for final verification and publication of marks/feedback.

5) Processor obligations (Evaluate AI)

  • Process Personal Data only on documented Customer instructions and to provide the Service.
  • Ensure persons authorized to process Personal Data are bound by confidentiality.
  • Implement reasonable security measures to protect Personal Data.
  • Notify Customer of a suspected Personal Data breach affecting Customer data within a reasonable time after discovery.
  • Assist Customer, where reasonable, with responding to data subject requests relating to Customer data.

6) Security measures

Evaluate AI maintains reasonable technical and organizational measures such as:

  • Access controls and least-privilege permissions
  • Encryption in transit
  • Monitoring and logging for security and reliability
  • Segregation of environments and role-based access (where applicable)

7) Sub-processors

Customer grants Evaluate AI a general authorization to use sub-processors (e.g., cloud hosting, storage, OCR/AI services, monitoring, and payment gateways) to provide the Service. Evaluate AI will ensure sub-processors are bound by appropriate contractual obligations to protect data.

8) Cross-border transfers

Depending on the location of sub-processors and infrastructure, Personal Data may be processed on servers located outside India. Evaluate AI will apply reasonable safeguards via contracts and security controls.

9) Return or deletion

Upon termination of the Service or upon Customer request (where feasible), Evaluate AI will delete Customer content from active systems within a reasonable period, subject to (i) default retention configuration, (ii) backups retained for limited periods for security/recovery, and (iii) legal and audit requirements (e.g., invoice retention).

10) Audits

On reasonable written request, Evaluate AI will provide reasonable information (such as security/process summaries) to help Customer verify compliance with this DPA, subject to confidentiality and security limitations.

11) Priority

If there is a conflict between this DPA and the Terms, this DPA governs for matters related to processing of Customer’s Personal Data.

12) Contact

Email: support@evaluate-ai.app

© Copyright E-Valuate AI LLP - 2026
Support: support@evaluate-ai.app