Last updated: May 2025

Table of Contents

1. Data Controller Identity

The data controller for personal data collected on mcq-corrector.com is:

IAFORM – MCQ Corrector

Legal form: Sole trader (auto-entrepreneur)

SIRET: 885 249 466 000 24

Address: Livry-Gargan, 93190, France

Email: amccreateur@gmail.com

Website: www.mcq-corrector.com

2. Data Collected

Identification data

  • Last name and first name
  • Email address
  • School / organisation (optional)

Usage data

  • MCQs created and their content
  • Scanned answer sheets and their corrections
  • Imported student lists
  • Generative AI usage history
  • Login and activity logs

Technical data

  • IP address
  • Browser type and version
  • Operating system
  • Pages visited and session duration
Important: We never collect sensitive data (ethnic origin, political opinions, health data) unless it appears in the educational content you upload.

3. Purposes of Processing

Your data is processed for:

  • Service delivery: AI MCQ generation, automatic grading, account management
  • Service improvement: Optimisation of AI and recognition algorithms
  • Technical support: Troubleshooting, user assistance
  • Communication: Service notifications, updates, support
  • Security: Fraud prevention, account protection
  • Legal compliance: Meeting our legal obligations

5. Retention Period

  • Active account: Data retained for the duration of use
  • Inactive account: Automatic deletion after 3 years of inactivity
  • MCQs and corrections: Can be deleted at any time by the user
  • Technical logs: Retained for a maximum of 12 months
  • Billing data: Retained for 10 years (legal obligation)
Automatic deletion: You can delete your projects and data at any time from your account.

6. Data Sharing & Subcontractors

Your data is never sold or rented. It is only shared with the technical subcontractors strictly necessary for the service to function, all bound by GDPR-compliant confidentiality agreements:

Role Provider Data transferred Location
Hosting OVH SAS All service data πŸ‡«πŸ‡· France / EU
Artificial intelligence Mistral AI Content submitted for MCQ generation (topics, documents) πŸ‡«πŸ‡· France / EU
Payment Stripe Inc. Billing data (card, amount, email) πŸ‡ΊπŸ‡Έ USA – EU standard contractual clauses
Transactional emails To be specified Email address, notifications β€”
Note on Stripe: Payment data is transferred to the United States via Stripe Inc., governed by standard contractual clauses approved by the European Commission, in accordance with Article 46 of the GDPR. IAFORM never stores card numbers.

Authorities

Data is shared with judicial authorities, the CNIL or equivalent only upon legal request.

7. Data Security

We implement robust security measures:

Technical measures

  • SSL/TLS encryption for all communications
  • Encrypted data storage
  • Strong authentication and secure sessions
  • Automated encrypted backups
  • Continuous access monitoring

Organisational measures

  • Limited data access (principle of least privilege)
  • Security incident management procedures
  • Regular security audits

8. Your Rights

Under the GDPR, you have the following rights:

Access and control rights

  • Access: Obtain a copy of your personal data
  • Rectification: Correct inaccurate data
  • Erasure: Delete your data ("right to be forgotten")
  • Restriction: Restrict certain processing activities
  • Portability: Retrieve your data in a usable format
  • Objection: Object to certain processing activities

How to exercise your rights

Complaints: You can lodge a complaint with the CNIL (www.cnil.fr) or your local data protection authority if you believe your rights are not being respected.

9. Cookies and Similar Technologies

Essential cookies

Required for the service to function (session, security, preferences). These do not require your consent.

Analytics cookies

Anonymised audience measurement to improve the service. Only placed with your explicit consent.

Cookie management

  • Settings via the consent banner displayed on your first visit
  • Can be changed at any time
  • Configuration in your browser settings

10. AI Processing

MCQ generation via Mistral AI

Content you submit (topics, documents, course materials) is sent to Mistral AI (French company, EU hosting) to generate questions. This data:

  • Is transmitted securely via encrypted API
  • Is not used by Mistral AI to train its models (per Mistral AI API terms of use)
  • Is not shared with third parties by IAFORM
  • Can be deleted at any time from your account

Improving our algorithms

Anonymised usage data may be used to improve our own OCR recognition and correction algorithms. No identifying data is used for this purpose.

Control: You retain full control over your educational content and can refuse its use for service improvement by contacting us at amccreateur@gmail.com.

11. Policy Changes

This policy may be updated to reflect changes to the service or applicable regulations. Significant changes will be notified to you by email and/or via the interface.

By continuing to use MCQ Corrector after notification, you accept the updated policy.

Questions about this policy?

Contact IAFORM: amccreateur@gmail.com

Response time: maximum 1 month β€” Complaints can be lodged with the CNIL