← Back to Terms

Acceptable Use Policy

Version 1.0 · Effective from 9 May 2026

This Acceptable Use Policy forms part of the eViva Terms of Service. By using eViva, each teacher and authorised school user agrees to comply with it.

The policy exists for two reasons: to protect students from inappropriate processing, and to keep eViva within the legal and ethical boundaries on which its data-protection design depends. Breach may result in account suspension or termination under the Terms of Service or under the Pilot or Case-Study Licence Agreement between Copeland Digital Ltd and the relevant school.

1. What eViva is for

eViva supports academic assessment in schools. Permitted uses are:

  • Asynchronous oral defence of student work.
  • Comprehension checks on submitted coursework.
  • Short oral assessments tied to a teacher-set learning objective.
  • Practice and rehearsal of oral assessment formats by students, under teacher direction.

Use of eViva for anything else requires our prior written consent.

2. Prompts you must not set

eViva is a teaching instrument, not a fishing expedition. When designing assignment prompts, teachers must not write prompts that:

  • Solicit Sensitive Personal Data under the PDPL or Special Category Data under UK GDPR. This includes prompts likely to elicit family information, racial or ethnic origin, political or philosophical opinions, religious beliefs, criminal record, health information, medical history or symptoms, physical, psychological or mental health, genetic information, sexual condition, sex life, or sexual orientation. It also includes biometric identifiers or biometric templates beyond the ordinary video and voice recording required for the assessment. Where UK GDPR applies, this also includes trade union membership and biometric data processed for the purpose of uniquely identifying a person.
  • Solicit information about identifiable third parties who have not consented to the processing. That includes peers, family members, and members of staff where the context is unconnected to the assessment objective, as well as accounts or allegations of named individuals’ behaviour.
  • Pursue safeguarding or pastoral disclosures. eViva is an assessment tool. If a teacher reasonably believes a student is at risk, they must follow their school’s safeguarding procedures using the appropriate channels.
  • Compel disclosure of personal circumstances unrelated to the assessment objective, such as financial circumstances, family arrangements, mental health, or relationships.
  • Mislead students about the nature of the recording. Do not suggest that the recording is private to the student, is not stored, or will be marked by a system other than the named teacher.

The same limits apply to any reference image a teacher attaches to a question. Do not upload images that contain personal data about students or other identifiable individuals, such as photographs of pupils, pupil names, or sensitive documents. Reference images are for stimulus material, such as diagrams, passages, charts, or photographs of objects.

The same limits also apply to written feedback and follow-up questions a teacher returns to a student, which eViva stores and emails to that student. Keep feedback factual, professional, and relevant to the assessment. Do not record special-category or sensitive personal data, information about identifiable third parties, or safeguarding or pastoral disclosures in feedback; those belong in the school’s own systems and channels.

3. Using eViva with minors

eViva is designed for use with school students, including minors under 18.

Teachers using eViva with minors must:

  • Operate within their school’s existing consent and notice framework for educational technology.
  • Provide the parental notice issued in connection with the DPIA in advance of first use.
  • Not record students for any purpose unrelated to assessment.
  • Not retain recordings beyond their school’s published retention schedule for assessment evidence.

Use of eViva with students under 13 requires the school’s express prior authorisation, recorded against the school’s existing safeguarding and DPIA framework. We may require evidence of this authorisation on request.

4. What students should expect

Schools are responsible for ensuring that students using eViva:

  • Understand that their responses are recorded and shared with their named teacher.
  • Have a fair opportunity to record under conditions reasonably comparable to those of their peers.
  • Are not penalised for technical failures outside their control.
  • Have a route to raise concerns about the assessment without retaliation.

eViva is not a substitute for the school’s existing safeguarding procedures or complaints channels.

5. AI and automated processing

We do not use student recordings to train machine-learning models, score assessments, transcribe, summarise, or otherwise process recording content. Recordings are stored in the school’s own cloud storage (Google Drive or OneDrive, per the school’s platform). eViva does not store or access recording content in production. eViva holds assessment metadata and may process technical logs necessary to deliver and secure the Service, as described in the compliance documentation.

Schools and teachers must not use eViva in conjunction with third-party AI tools in any way that:

  • Sends student recordings, or transcripts of student recordings, to an AI model without the school’s explicit lawful basis and our prior written confirmation.
  • Uses an AI tool to mark or score recordings in place of the teacher, in any setting where the resulting mark is reported to the student, parents, or a regulatory body as the teacher’s mark.
  • Trains or fine-tunes an AI model on student personal data processed through eViva.

Teachers may use AI tools for their own preparatory purposes (drafting questions, exploring prompts) provided no student personal data is included in the inputs and provided the final question selection is the teacher’s own.

6. Security and access

Teachers must:

  • Sign in only through the school-authorised Google Workspace or Microsoft 365 domain.
  • Maintain 2-step verification (Google) or multi-factor authentication (Microsoft) on the school account used to sign in.
  • Not share login credentials with any other person.
  • Not share assignment links beyond the named student or class for which the link is generated.
  • Report any suspected account compromise to the school’s IT lead and to admin@eviva.tech without delay.

Teachers must not:

  • Attempt to access another teacher’s assignments, students, or recordings.
  • Attempt to access eViva’s administrative functions or infrastructure other than through the published user interface.
  • Probe, scan, or test the security of the service without our prior written consent.
  • Use automated tools or scripts to interact with eViva at a rate inconsistent with normal classroom use.

7. Content and conduct

Schools and teachers must not use eViva to:

  • Process content that is unlawful, defamatory, harassing, or discriminatory.
  • Process content that infringes a third party’s intellectual property or privacy rights.
  • Distribute malware or attempt to compromise the integrity of eViva or its sub-processors.
  • Reverse-engineer eViva, except to the extent permitted by mandatory applicable law.

8. Reporting a concern

If a teacher, student, or parent is concerned that eViva is being used in a way that breaches this policy, they may report the concern to:

  • Their school’s safeguarding or data protection lead in the first instance.
  • hello@eviva.techfor matters concerning Copeland Digital’s operation of eViva.
  • admin@eviva.tech for security-related concerns.

We acknowledge reports within two working days and provide either an outcome or a status update within ten working days, for matters within our control.

9. What happens if the policy is breached

Where we reasonably believe that eViva is being used in breach of this policy, we may:

  • Notify the school and request remediation within an agreed period.
  • Suspend the relevant account or assignment, if remediation is not achieved or harm to a student is reasonably believed to be imminent.
  • Terminate the Pilot Agreement or the Case-Study Licence Agreement, where the breach is material and unremedied.

We do not exercise these rights in a way that disrupts an active assessment for a student where this can reasonably be avoided.

10. Updates

We review this policy at least once a year and on any material change to eViva or to applicable data protection law. The current version is here at eviva.tech/terms/acceptable-use. Schools are notified by email of any material change at least 30 days before it takes effect.

This policy is incorporated into the eViva Terms of Service at eviva.tech/terms. For the full compliance pack (privacy policy, DPA template, DPIA pack, sub-processor register, incident response procedure), see eviva.tech/compliance.