Back to blog
Security Sep 23, 2025 6 min read

Student Data Privacy: Your Information, Your Control

Author: Sarah Mitchell. Edited for clarity and security accuracy.

Article highlights
  • Time-locked delivery and trust-minimized storage.
  • Auditability, encryption, and policy enforcement.
  • Practical guidance for secure exam operations.
Security focus Readable summary

Data Collection and Control

Educational technology platforms collect vast amounts of student data. T.A.L.A. is designed so that students maintain control over their information.

What Data Does T.A.L.A. Collect?

Essential Data

  • Student identity (name, email, national ID if required)
  • Institutional affiliation (university, program)
  • Exam access history (when documents were accessed)
  • Assessment responses (exam answers and submissions)

System Data

  • Device information for security purposes
  • Network data for anomaly detection
  • Usage metrics for platform optimization

What T.A.L.A. Does NOT Collect

  • Video surveillance or facial recognition data
  • Keystroke logs or mouse movement tracking
  • Audio recordings unless explicitly authorized
  • Access to personal files on student devices
  • Biometric data without consent

Data Encryption

End-to-End Encryption

All student data is encrypted using AES-256-GCM before transmission. Encryption keys are held by institutions, not T.A.L.A.

Encryption at Rest

Data stored on T.A.L.A. servers is encrypted. Even if servers are compromised, attackers cannot access unencrypted information.

Data Access and Control

Student Rights

Under GDPR and similar regulations, students have the right to:

  • Access: Request all data we hold about them
  • Correction: Update inaccurate information
  • Deletion: Request complete data removal
  • Portability: Download their data in standard formats

Data Minimization

We practice strict data minimization:

  • Collect only data necessary for stated purposes
  • Do not perform data fusion or enrichment from external sources
  • Delete data when it is no longer needed
  • Anonymize data for analytics and research

Third Party Sharing

Limited Sharing

T.A.L.A. shares student data only with:

  • Educational Institution: The university or school managing the exam
  • Service Providers: Third parties processing data on our behalf under strict contracts
  • Legal Authorities: Only when required by law and after exhausting legal remedies

We never sell student data to advertisers, data brokers, or commercial entities.

Data Retention

Retention Schedules

Different data types are retained for different periods:

  • Assessment responses: 7 years (compliance with educational archival standards)
  • Access logs: 3 years (audit trail and legal hold)
  • System logs: 90 days (debugging and security monitoring)
  • Account information: Until student graduation plus 2 years

Data Breach Response

If data is compromised:

  1. We immediately notify affected students and institutions
  2. We coordinate with legal counsel and regulators
  3. We provide credit monitoring and identity protection services
  4. We conduct thorough investigation to understand the breach
  5. We implement measures to prevent recurrence

Student Transparency

Students can access their T.A.L.A. privacy dashboard to:

  • See what data we hold about them
  • Review access logs
  • Download their data
  • Delete their account and associated data
  • Adjust privacy preferences

The Philosophy

Student data is not a commodity. It is entrusted to educational institutions and technology providers. T.A.L.A. treats this trust as sacred and implements systems that put genuine student control at the center of our design.

Share

Keep exploring the T.A.L.A. blog

More research notes, release breakdowns, and security guidance.

Back to blog
T.A.R.A. - Trustworthy AI Response Assistant
Blog | T.A.L.A.