Security

Built with security
at every layer.

Teachers trust us with their question banks. Students trust us with their learning progress. Here is how we take that trust seriously.

🔒

TLS encryption in transit

🔑

No passwords stored

🚫

No ads, no data selling

Rate limiting & abuse prevention

🔐

Google Authentication — no passwords

Examly uses Google OAuth 2.0 for all sign-ins. We never store your password — not even in encrypted form — because we never receive it.

When you click "Continue with Google", you are redirected to Google's own login page. Google authenticates you and returns a secure, time-limited token to Examly. We use that token to identify your account.

You can revoke Examly's access to your Google account at any time via myaccount.google.com/permissions.

🗄️

Secure data storage

Your data is stored in Supabase — a PostgreSQL-based cloud database with enterprise-grade security. All data is encrypted at rest using AES-256.

All data in transit is protected by TLS 1.2 or higher. Any connection to Examly over plain HTTP is automatically redirected to HTTPS.

Database access is restricted to authorised team members only. We use row-level security to ensure teachers can only access their own academy's data, and students can only see results from academies they have joined.

👤

User privacy by design

Examly collects the minimum data needed to operate the service. We do not track your browsing history, sell your data, or show you ads.

Students' test results are visible only to the student themselves and the teacher whose academy they joined. No other teachers, no other students.

Teachers' question banks and test content are private by default. Only students who have joined their academy with the correct link can access published tests.

🛡️

Platform integrity

We rate-limit authentication attempts and API requests to prevent abuse.

We use CSRF protection to prevent cross-site request forgery attacks.

Uploaded content is validated and sanitised before storage. We do not execute user-uploaded code.

We monitor server logs for anomalous activity and respond to incidents promptly.

Found a security issue?

If you discover a potential security vulnerability in Examly, please report it responsibly. Email us at security@examly.io with a description of the issue and the steps to reproduce it. We will respond within 2 business days.

Report a vulnerability →