Privacy Notice
Last Updated: 2026-01-12
1. Introduction
Welcome to qesx. This is a web application Steve Butterfill (s.butterfill@warwick.ac.uk) created to provide formative exercises with rapid feedback, and to allow tutors and lecturers to monitor their students’ progress. Steve is an amateur. He’s done his absolute best to keep everything secure, but you should know that (i) he’s no expert & (ii) this software is undergoing rapid change.
You do not have to use this application. Steve will provide copies of questions on request if you choose not to.
This notice explains how we process your information in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
2. Data Collected
We collect data strictly necessary to facilitate your learning, assessment, and account management. This includes:
A. Identity & Academic Data
- Account Details: Full Name and email address.
- Enrollment Data: Which modules you enroll on, your assigned "Track" (e.g., Standard vs. Fast), and your role (Student, Tutor, or Lecturer).
- Invitation Data: If you are invited to join the platform as staff, we temporarily process your email address to generate a secure invitation link.
B. Assessment & Performance Data
- Attempts: When you start and finish exercises.
- Responses: The specific answers you submit (e.g., multiple-choice selections, logic proofs, free text).
- Grades & Feedback: Automated scores calculated by the system and manual feedback provided by staff.
- Interaction Logs: We record timestamps for when you submit answers to calculate progress statistics and verify submission timeliness.
C. Support Data
- Help Requests: If you use the "Ask for Help" feature, we store your message, the specific snapshot of your answer at that moment, and your self-reported checklist status (e.g., "I have read the notes").
D. Technical Data
- Device Info: IP address, browser type, and cookies necessary for the site to function and for security purposes.
3. How We Use Your Data
We process your data for the following purposes:
| Purpose | Lawful Basis (UK GDPR) |
|---|---|
| Delivering Education: Allowing you to take quizzes, tracking your progress, and recording your grades. | Public Task (if Public University) or Contract |
| Providing Support: Allowing Tutors to view your specific answers to reply to Help Requests. | Public Task / Contract |
| Academic Analytics: Identifying students who may be struggling based on performance data so staff can intervene. | Public Task |
| System Optimization: Using anonymized answer patterns to improve auto-grading accuracy (see "Crowdsourced Grading"). | Legitimate Interests |
| Authentication: Sending you "Magic Links" to log in via email. | Legitimate Interests / Contract |
No Marketing: We do not use your data for marketing purposes (and there is no marketing). The qesx application will only email you transactional messages requested by you (e.g., Sign-in links).
4. Automated Decision Making & Profiling
The Platform uses algorithms to assist in your education. You have a right to be informed about this logic:
A. Automated Grading
Most questions are graded immediately by the system code. * Effect: You receive immediate feedback (Correct/Incorrect). * Human Review: If you believe the system has graded you incorrectly, you may raise a Help Request or contact your module leader.
B. Staff Analytics (Profiling)
The Platform aggregates your performance data to help staff understand cohort progress. * What Staff See: Tutors can view dashboards showing "Struggling Students" based on incorrect answer frequency or inactivity. * Effect: Staff may reach out to offer extra support based on these indicators.
C. Crowdsourced Grading
We use a "Crowdsourced Grading" system to improve feedback speed. * How it works: If you submit a unique answer that requires manual grading, a Tutor grades it once. That grade and feedback are saved to a central "Answer Key." * Effect: If another student submits the exact same answer later, the system automatically applies the Tutor's previous feedback. * Privacy: The "Answer Key" stores only the standardized text of the answer and the feedback. It does not store your name or ID; your identity is not linked to the shared key.
5. Who Can See Your Data?
We enforce strict Cohort Scoping to minimize data access:
- You: You can see only your own attempts, grades, and feedback. You cannot see data belonging to other students.
- Your Selected Tutor: Can see your name, email, progress, attempts, and help requests only if you explicitly select that tutor on the module page.
- Lecturers: As module owners, Lecturers can view performance data for all students enrolled in their module.
- System Administrators: Have access to the underlying infrastructure for maintenance and security purposes.
6. Service Providers & Infrastructure
The application relies on the following services:
| Service | Provider | Region / Location | Purpose |
|---|---|---|---|
| Hosting (servers and storage) | Oracle Cloud Infrastructure (OCI) & Vultr | UK Regions Only | Hosting the application code and database. Your data is encrypted at rest and in transit using customer keys where supported. |
| Database Backups | OCI & Scaleway | UK (OCI) & EEA (Scaleway) | Secure encrypted backups of assessment data to prevent data loss. |
| Email Delivery | Amazon Web Services (SES) | UK (London) Region | Primary provider for sending secure "Magic Link" sign-in emails. |
| Email Delivery (Backup) | Brevo | EEA | Fallback provider for sign-in emails if AWS is unavailable. |
| DNS & CDN | Cloudflare | Global (Anycast) | Domain Name System resolution, security firewall, and content delivery (static assets). |
We do not sell or rent your data to these providers; they process data only on our instructions to provide the infrastructure.
7. Data Retention
We retain your assessment data for the duration of your course plus [Insert Years, e.g., 6 years] in line with the University's retention policy for academic records.
- Invitation Data: Unused staff invitation links are automatically deleted from our system after 30 days.
- Soft Unenrollment: If you leave a module via the "Unenroll" button, your history is preserved in the database (marked inactive) so you can resume later if you rejoin.
- Erasure: If you request permanent deletion via Settings, your personal identifiers (User record, Email, Name) are permanently deleted.
- Anonymized Data: Content you contributed to the "Answer Key" (the text of academic answers and their grades) is retained indefinitely as it contains no PII and is necessary for the system's grading logic to function for other students.
8. Exporting or Deleting Your Data
- Export: Go to Settings > Download My Data for an automated JSON export.
- Delete: Go to Settings > Delete Account. If you do delete your data, you will not be able to use the application. You are forbidden from signing up again after deleting your data.
9. Cookies Policy
We use a minimal set of cookies strictly necessary for the application to function securely. We do not use tracking, advertising, or marketing cookies.
| Cookie Name | Purpose | Duration |
|---|---|---|
sessionid |
Essential. Identifies your secure session after you log in. | 1 Year |
csrftoken |
Essential. Protects your account from malicious actions (Cross-Site Request Forgery). | 1 Year |
theme |
Functional. Remembers your preference for Dark Mode vs. Light Mode. | 1 Year |
show_solution |
Functional. (Staff Only) Remembers if you prefer to see solutions by default. | 1 Year |
__cf_bm / _cfuvid |
Security. Placed by Cloudflare to distinguish humans from bots and secure the connection. | Session / 30 mins |
By using the Platform, you agree to the placement of these essential cookies.
10. Contact Us
If you have questions, please contact s.butterfill@warwick.ac.uk