Back to Home

Privacy Policy

Last updated: March 25, 2026

Effective Date: March 25, 2026

Carna Test Platform ("we", "us", or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our platform.

1. Information We Collect

1.1 Personal Information

When you register for an account or use our services, we may collect:

  • Account Information: Name, email address, organization name, and role
  • Test Data: Test responses, scores, CEFR level results, and session metadata
  • Usage Data: Pages visited, features used, browser type, IP address, and device information
  • Payment Information: Billing details processed through our secure payment provider

1.2 Information from Organizations

When an organization administrator creates accounts or assigns tests, we collect participant names and email addresses as provided by the administrator.

2. How We Use Your Information

We use the information we collect to:

  • Provide, maintain, and improve our testing platform
  • Process and deliver test results and CEFR certifications
  • Send transactional emails (test invitations, results, account notifications)
  • Analyze usage patterns to improve user experience
  • Comply with legal obligations

3. Data Sharing and Disclosure

We do not sell your personal information. We may share data with:

  • Organization Administrators: Test results and participant data within their organization
  • Service Providers: Hosting (Cloudflare), analytics, and email delivery services
  • Legal Requirements: When required by law or to protect our rights

4. Data Retention

  • Account Data: Retained while your account is active, deleted within 30 days of account closure
  • Test Results: Retained for the duration specified by the organization's subscription plan
  • Usage Logs: Retained for 12 months for analytics and security purposes

5. Your Rights

Depending on your jurisdiction, you may have the right to:

  • Access your personal data
  • Correct inaccurate data
  • Request deletion of your data
  • Export your data in a portable format
  • Withdraw consent for data processing
  • Lodge a complaint with a supervisory authority

6. Data Security

We implement industry-standard security measures including encryption in transit (TLS 1.3), encryption at rest, regular security audits, and access controls.

7. International Data Transfers

Your data may be processed in servers located in the European Union. We ensure appropriate safeguards are in place for any international data transfers.

8. Children's Privacy

Our services are not directed to individuals under 13 years of age. We do not knowingly collect personal information from children under 13.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the updated policy on our platform and updating the effective date.

10. Contact Us

If you have questions about this Privacy Policy, please contact us at:

  • Email: privacy@carnatest.com
  • Address: Carna Test Platform, Istanbul, Turkey