← Back to Pathora

Privacy Policy

Last updated: 13 April 2026

1. Who we are

Pathora is a smart learning assistant operated by First Exams Ltd (“we”, “us”, “our”). We provide AI-powered exam marking and feedback for students and their parents.

If you have any questions about this policy, contact us at privacy@pathora.com.

2. What data we collect

We collect only what is necessary to provide the service:

  • Account information – your name, email address, and password (stored as a secure hash).
  • Child profiles – first name, year group, and school stage you provide for each child.
  • Exam paper images – photos you upload for marking.
  • Usage data – pages visited, features used, and timestamps, to improve the product.
  • Payment information – handled entirely by our payment processor; we never store card details.

3. How we use your data

  • To mark exam papers and return feedback to you.
  • To track your child's progress over time within the app.
  • To send transactional emails (e.g. results ready, account changes).
  • To improve our AI models and marking accuracy (using anonymised data only).
  • To comply with legal obligations.

We do not sell your data to third parties. We do not use your data for advertising.

4. Children's data

Pathora is used by parents and guardians on behalf of children. We treat children's data with extra care:

  • We collect only the minimum information needed (first name and year group).
  • Children's data is never used for marketing or shared with advertisers.
  • Exam paper images are processed for marking and then stored securely; you can request deletion at any time.

5. Data sharing

We share data only with trusted service providers who process it on our behalf:

  • Google Cloud – cloud infrastructure and storage.
  • Google Gemini AI – AI-powered marking (images are transmitted securely and not retained by Google for training without our consent).
  • Payment processor – for subscription billing.

All providers are contractually bound to handle your data in accordance with applicable data protection law.

6. Data retention

We retain your data for as long as your account is active. Specifically:

  • Account and profile data – kept until you delete your account.
  • Exam paper images and results – kept for 24 months, then automatically deleted.
  • Usage logs – anonymised after 90 days.

You can request early deletion of any data at any time (see Section 8).

7. Cookies

We use essential cookies only:

  • Session cookie – keeps you logged in.
  • CSRF token – protects your account from cross-site request forgery.

We do not use advertising, tracking, or analytics cookies from third parties.

8. Your rights

Under applicable data protection law you have the right to:

  • Access – request a copy of the data we hold about you.
  • Correction – ask us to fix inaccurate data.
  • Deletion – ask us to delete your account and all associated data.
  • Portability – receive your data in a machine-readable format.
  • Objection – object to certain uses of your data.

To exercise any of these rights, email privacy@pathora.com. We will respond within 30 days.

9. Security

We use industry-standard encryption (TLS in transit, AES-256 at rest) and access controls to protect your data. In the event of a data breach that affects your rights, we will notify you within 72 hours of becoming aware of it.

10. Changes to this policy

We may update this policy from time to time. When we do, we will update the “last updated” date at the top and, for material changes, notify you by email or an in-app notice before the change takes effect.