You agree to have your identity verified by Proctorio using the methodology that is most currently employed by Proctorio.
You agree to allow Proctorio to monitor you by webcam, microphone, browser, desktop, or any other means necessary to uphold integrity. At the discretion of the exam administrator, this may include a scan of your surroundings and computer display. This monitoring will be conducted by machine or by a live person. The information collected during the session may be recorded and provided to the institution, university, college, school, or organization and can be viewed by authorized personnel thereof.
Note: Proctorio is committed to maintaining the security and confidentiality of your information. Towards this end, we take the following actions: (a) we limit employee access to your information to only those employees who need the information to fulfill their job responsibilities; (b) we conduct regular employee privacy and data security training and education; and (c) we protect your information with technical, contractual, administrative, and physical security safeguards in order to protect against unauthorized access, release or use.
If you entered into a SaaS Agreement with Proctorio on behalf of an Institution or Customer, you agree that Proctorio shall collect and use Customer Content to fulfill its duties, provide services, and improve services under an applicable SaaS Agreement. Customer will make available any Customer Content upon request.
Proctorio may use certain De-Identified Data from an Institution’s Student Users who use the Application Service under Institution’s rights, and through an agreement with Institution, for product development, research, or other purposes. De-Identified Data is Customer Content that removes all direct and indirect personal identifiers of Student Users, including, but not limited to, name, location information, and school ID. Proctorio agrees not to attempt to re-identify De-Identified Data and not to transfer De-Identified Data unless that party agrees not to attempt re-identification.
Note: Proctorio takes privacy extremely seriously, and strictly adheres to the Family Education Rights Protection Act of 1974 (FERPA). Proctorio works with Institution(s) to ensure compliance with FERPA and applicable privacy laws, and one of the most important ways in which it ensures compliance with FERPA is by never storing any student personally identifiable information or student academic records in unencrypted form. Refer to the FERPA Policy for more information.
Information Collection and Use
You can generally visit our Site without revealing any Personally Identifiable Information. To use the Services, however, we may be required to collect personally identifiable information, such as your name, email address, phone number, and institution ("Personally Identifiable Information"). Additionally, we may invite you to participate in surveys, questionnaires, contests, or to contact us with questions, comments, or to provide us with feedback, which due to the nature of some of these activities, may include the collection of Personally Identifiable Information. By accessing or using the Services, we might collect additional data as set forth below in the "Aggregate Information" paragraph. All student records obtained by Proctorio from an Institution are the property of and are under the control of that Institution.
We may use your Personally Identifiable Information to contact you to deliver certain services, news, or information related to the Services, verify your authority to use our Services, and improve the content and general administration of the Services. If you do not wish for your Personally Identifiable Information to be used as described in this Section, you should not use the Services. You may also opt out of receiving promotional notifications by following the opt-out instructions in the emails that are sent to you.
Note: Under no circumstances will this information be disseminated to third parties for any use, and Proctorio will never use this information for targeted advertising.
Secure Exam Proctor Administration: To register an Institution to use the Proctorio Secure Exam Proctor solution, an administrator account must be created. To register this account, Personally Identifiable Information (such as name, phone number, Institution name, and campus email address), must be provided along with information regarding the learning management system ("LMS") used by the Institution.
Secure Exam Proctor Request for Demo: To request a demonstration of the Proctorio Secure Exam Proctor solution, Personally Identifiable Information (such as name, phone number, Institution name, and campus email address), must be provided along with information regarding the LMS used by the Institution.
Secure Exam Proctor Exam Environment: You can generally utilize the Secure Exam Proctor for taking a proctored examination without revealing any Personally Identifiable Information about yourself. The information collected during the examination process will only be used in an anonymized form for product development. The types of information collected depend on the exam settings and can include video, audio, and websites visited.
Secure Exam Proctor Technical Support: To contact technical support Personally Identifiable Information (such as name, phone number, Institution name, and campus email address), may be collected to facilitate the troubleshooting process. Disclosure of such information is considered voluntary and will not be used to create a record.
Note: Proctorio’s technical support complies with FERPA and all employees are required to complete FERPA training.
Our Services are directed towards adults who are of the legal age to access them in their respective jurisdictions. By accessing and using our Services, you represent and warrant that you are of the legal age to form a binding contract with us in your respective jurisdiction and that you meet the foregoing eligibility requirements. If you do not meet these requirements, you must not access or use the Services or the third-party payment functionality used by our Services. If we learn we have collected or received personal information from an individual who was ineligible to access or use the Services, we will take steps to remove such information. If you believe we might have any information from or about a user who is ineligible to use the Services, please contact us at [email protected].
Like many websites, we use "cookie" technology to collect additional website usage data and to improve our Services, but we do not require cookies to use the Site. A cookie is a small data file that is transferred to your computer's hard disk. Proctorio may use both session cookies and persistent cookies to better understand how you interact with our Services, to monitor aggregate usage by our users and web traffic routing on our Services, and to improve our Services. Most Internet browsers automatically accept cookies. You can instruct your browser, by editing its options, to stop accepting cookies or to prompt you before accepting a cookie from the websites you visit.
Note: Cookies used by the Services cannot personally identify you.
We may track the total number of visitors to our Site, the number of visitors to each page of our Site, browser type, and IP addresses. We may also analyze this data for trends and statistics in the aggregate, but such information will be maintained, used and disclosed in aggregate form only and will not contain Personally Identifiable Information. We may use such aggregate information to analyze trends, administer the Site, track users' movement, and gather broad demographic information for aggregate use.
Third Party Services
Proctorio uses a variety of services hosted by third parties to help provide our Services, such as hosting our various blogs, help center, and knowledge bases, and to help us understand the use of our Services. These services may collect information sent by your browser as part of a web page request, such as cookies or your IP request.
We do not control third parties' tracking technologies. If you have any questions about these third-party technologies, you should contact the responsible provider directly.
Data Deletion and Destruction
Proctorio will store and maintain institutional data for up to 30 days after the termination of an applicable agreement, unless otherwise specified. If, however, you have entered into a SaaS Agreement with Proctorio then we will retain your data for six months by active data retention and for one year by cold storage. We may be able to retain your data for longer periods of time subject to an additional fee and agreement by you and Proctorio.
According to the Institution’s preference regarding data destruction, Proctorio will either: 1) destroy the data, or 2) deliver it to the Institution.
Questions regarding data storage, recovery, and deletion should be directed to:
6840 E. Indian School Road
Scottsdale, Arizona 85251
Phone: +1 480 428 4076
Email: [email protected]
We do not disclose your Personally Identifiable Information except in the following limited circumstances:
Law and Harm: We may disclose your information if we believe that it is reasonably necessary to comply with a law, regulation or legal request; to protect the safety of any person; to address fraud, security or technical issues; or to protect Proctorio's rights or property.
Other Disclosures: We may disclose your information to fulfill the purpose for which you provide it and to enforce or apply your SaaS and other agreements with us.
Links to Third Party Sites
We employ procedural and technological security measures that are reasonably designed to help protect your Personally Identifiable Information from loss, unauthorized access, disclosure, alteration or destruction, which includes encryption and other security measures to help prevent unauthorized access to your Personally Identifiable Information. The data you transmit as part of your use of the Services ("Storage Data") is in encrypted form and Proctorio does not have access to your Storage Data in its unencrypted form.
Note: Only authorized users, defined as "School Officials" in FERPA, will have the ability to decrypt any academic records stored by Proctorio
Proctorio conducts daily security audits including penetration testing and vulnerability assessments. Client Institution or their designated representatives may review security testing results or conduct their own security audit of Proctorio’s data security and storage practices. Written requests for inspection and testing can be made to [email protected].
Correcting or Deleting Information
Parents, legal guardians, or eligible students may review any Personally Identifiable Information in the student’s records and correct any erroneous information only by contacting the applicable Institution. Proctorio does not store unencrypted student academic records, and accordingly does not have any ability to edit, revise, or delete any student Personally Identifiable Information contained in student records.
Data Breach Notification
Proctorio maintains an information security plan to protect the security, confidentiality, and integrity of Personally Identifiable Information of users and client Institution. As part of its information security plan, Proctorio will notify affected individuals and institutions of a data security breach without unreasonable delay and in no event later than 72 hours from discovery of the breach. Written notification will be sent by first-class mail to the address on record for the individual or Institution.
Written notification will contain:
- A brief description of what occurred with respect to the breach, including, to the extent known, the date of the breach and the date on which the breach was discovered;
- A description of the types of Personally Identifiable Information that were involved in the breach;
- A description of the steps the affected individual or Institution should take to protect against potential harm from the breach;
- A description of what Proctorio is doing to investigate and mitigate the breach and to prevent future breaches; and
- Contact procedures for individuals to ask questions or learn additional information, which will include a toll-free telephone number, an email address, website or postal address.
If Proctorio determines individuals or Institution should be notified urgently of a breach because of possible imminent misuse of unsecured Personally Identifiable Information, Proctorio may, in addition to providing notice as outlined above, contact the individual or Institution by telephone or other means, as appropriate.
Note: Proctorio does not store any unencrypted student records.
California Privacy Rights
Proctorio does not provide your Personal Information to any third parties for direct marketing purposes as defined in California Civil Code Section § 1798.83. Please contact us at [email protected] for any questions regarding your Personal Information.
EU-U.S. and Swiss-U.S. Privacy Shield Frameworks
Note: Proctorio adheres to EU General Data Protection Regulation ("GDPR"). Refer to our GDPR page for more information.
Under the Privacy Shield frameworks, Proctorio is responsible for processing the personal data it receives, under each Privacy Shield Framework, as well as transfers to a third party acting as an agent on its behalf. Proctorio complies with the Privacy Shield principles for all onward transfers of personal data from the EU and Switzerland, including the onward transfer liability provisions.
With respect to personal data received or transferred pursuant to the Privacy Shield frameworks, Proctorio is subject to the regulatory enforcement powers of the U.S. Federal Trade Commission (for issues pertaining to Privacy Shield). In situations where public authorities make lawful requests for information, such as to meet national security or law enforcement requirements, Proctorio may be required to disclose personal data.
If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact our U.S.-based, third-party dispute resolution provider (free of charge) at https://www.jamsadr.com/eu-us-privacy-shield.
As more fully described on the Privacy Shield website, you may be entitled to invoke binding arbitration when other dispute resolution procedures have been exhausted.