✏️ Markah

Privacy Policy

Last updated: 18 May 2025

1. Introduction

Markah ("we", "our", or "us") is operated by Niskala, Kuala Lumpur, Malaysia. This Privacy Policy explains how we collect, use, store, and protect your personal information when you use the Markah platform at markah.my.

By using Markah, you agree to the practices described in this policy. This policy is prepared in accordance with the Personal Data Protection Act 2010 (PDPA) of Malaysia.

2. Information We Collect

Account information: When you register, we collect your email address and a hashed password (or a Google account identifier if you sign in with Google).

Essay photos and text: You may upload photos of handwritten essays for OCR processing and grading. Photos are processed immediately and permanently deleted after text extraction — we do not store original images.

Grading results: The extracted essay text, criterion scores, feedback, and related metadata are stored in your account so you can review and export them later.

Usage data: We track the number of essays graded per account to enforce the free-tier limits. We do not use cookies for advertising or tracking purposes.

3. How We Use Your Information

  • To provide the Markah grading service
  • To send account-related emails (welcome message, password reset)
  • To enforce usage limits and prevent abuse
  • To improve the accuracy and quality of the grading AI

We do not sell, rent, or share your personal data with third parties for marketing purposes.

4. Third-Party Service Providers

We use the following third-party providers to operate Markah. Each receives only the minimum data necessary to perform their function:

  • Google Cloud Vision — used for handwriting recognition. Essay images are processed by Google's API and immediately discarded. Google's privacy policy applies: policies.google.com/privacy
  • OpenAI — used for rubric-aligned grading and personalised feedback. Extracted essay text is processed by OpenAI's API. OpenAI's privacy policy applies: openai.com/policies/privacy-policy
  • Railway — cloud hosting. Our servers and database run on Railway's infrastructure.
  • Google OAuth — optional sign-in method. If you use "Continue with Google", Google authenticates your identity.

5. Data Retention

Your account data (email, grading sessions, essay results) is retained for as long as your account is active. You may delete your account at any time by contacting us at contact@niskala.my. Upon deletion, all associated data is permanently removed within 30 days.

Essay photos are deleted immediately after OCR processing. They are never stored on our servers.

6. Data Security

We use industry-standard measures to protect your data, including:

  • HTTPS encryption for all data in transit
  • Bcrypt hashing for passwords (we never store plain-text passwords)
  • JWT-based authentication with 30-day token expiry
  • Database access restricted to our application servers only

7. Your Rights (PDPA Malaysia)

Under the Personal Data Protection Act 2010, you have the right to:

  • Access the personal data we hold about you
  • Correct inaccurate or incomplete data
  • Request deletion of your data
  • Withdraw consent for data processing

To exercise any of these rights, email us at contact@niskala.my.

8. Children's Privacy

Markah is intended for use by teachers, not students. We do not knowingly collect personal data from individuals under the age of 18. If you believe a minor has created an account, please contact us and we will remove it promptly.

9. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will update the "Last updated" date at the top of this page. Continued use of Markah after changes constitutes acceptance of the updated policy.

10. Contact

For privacy-related questions or requests, contact:
Niskala
Email: contact@niskala.my
Kuala Lumpur, Malaysia