Privacy Policy

Hi there. Welcome to Proctorio's Privacy Policy. Privacy policies can be messy and complicated. But, at Proctorio, your privacy is important to us, which is why we have tried to unscramble the legal jargon to provide one comprehensive spot to provide information to you about our privacy practices.

Before you dive in

Proctorio would like to start by defining two terms you'll see used throughout Proctorio’s Privacy Policy: data processor and data controller.

Proctorio is a data processor when Proctorio proctors an exam, verify identities, protect content, or verify originality of an assignment. In these instances, your Institution controls your information, not Proctorio. Please see your Institution's privacy policy and contact them for inquiries regarding your Personal Information.

Proctorio is a data controller when you have directly input Personal Information into a form on Proctorio’s website, or directly provide Personal Information through Proctorio's customer and/or product services.

Users can utilize Proctorio's Sites or Services without providing Personal Information.

Proctorio encrypts exam audio, video, and screen recordings and images with Zero-Knowledge Encryption. This means that once these images and recordings are encrypted, they can only be decrypted by Institution-approved representatives.

Proctorio may have access to some of this data (if the Institution chooses to collect it) when providing live technical support to an exam taker during the exam.

With the Live Proctoring Services, Proctorio proctors are able to review exam sessions (including this data, if the Institution chooses to collect it) in real time.

With Professional Review Services, the Institution gives authorized Proctorio staff members temporary access to review exam sessions (including this data, if the Institution chooses to collect it), typically within 48 hours after the exam session.

Learn more about this and other useful information by clicking the links below:

Last modified July 31, 2021.

Read our Privacy Policy

To read the Policy, choose one of the options below:

Customized Policy

You can customize the Policy to only see the portions that apply to you. Just choose from the options below:

Where is your institution located?

What kind of user are you?

Collecting Personal Information 

  • Proctorio limits the Personal Information collected from end-users through their use of Proctorio’s Services.
  • Proctorio only collects Personal Information as instructed by your Institution. This is dependent on the Services and settings selected by the relevant Institution-approved representatives.
  • Proctorio pseudoanonymizes specific test-taker Personal Information.
  • Audio, video, and screen recordings and images collected and stored by Proctorio are encrypted and can only be decrypted by Institution-approved representatives.
  • If you voluntarily provide Personal Information through Proctorio’s Sites or Services, Proctorio may retain this Information.

Proctorio’s Institution Services: When an Institution purchases Proctorio’s Service(s), the type of Service and settings selected by the Institution determine what Personal Information an Institution may provide to Proctorio or what Proctorio can collect from the test taker. This is described in more detail below.

Test-taker audio, video, and screen recordings and images received from Institutions and processed by Proctorio are end-to-end encrypted and can only be decrypted by Institution-approved representatives.

Proctoring 

Only an Institution may request Proctorio to use Automated or Live Proctoring during the administration of an exam.

With either Automated or Live Proctoring, an exam administrator may instruct Proctorio to monitor test takers via a webcam, microphone, browser, and/or desktop in an effort to uphold the integrity of the assessment. This may include a scan of the test taker’s surroundings, screen, and computer display. This monitoring will either be automated and/or conducted by a live proctor. The test taker will be notified, before the beginning of an exam, whether Automated or Live Proctoring is being used.

Video and audio recording

Only your Institution maintains and controls the decryption keys necessary to decrypt test-taker audio and video recordings and images.

The Institution determines whether audio and/or video is used to monitor and/or record exam sessions and only the exam administrators have access to these audio and/or video recordings. If selected, the entire exam session is recorded.

The Institution also decides whether to record the test taker’s audio during the exam attempt. If selected, the test taker’s microphone is turned on during the session.

Audio, video, and image files are encrypted prior to being transferred to Proctorio's cloud service provider in the location specified by the Institution. The Institution maintains and controls decryption keys, and only the Institution may assign these keys to individuals. The Institution designates these individuals as appropriate.

Depending on the Institution’s location these audio and video files are stored on Proctorio's cloud service provider’s servers in the US, Europe, Canada, Japan, Australia, South Africa, Singapore, or Abu Dhabi. These files never leave the controlling location of the Institution.

Record Screen, Record Web Traffic and Record Room/ Periodic Desk Scan are additional options that an exam administrator can select for an exam.

Verify Audio, Video, Desktop and Signature may also be selected by the exam administrator and the test taker is required to take those actions prior to the start of the exam.

As a result of these Institution-selected monitoring or verification options, Proctorio may collect Personal Information such as a test taker’s image and Personal Information that may be shared through the screen, desktop, webcam, web traffic or microphone of the test taker’s device.

Facial and gaze detection 

If your Institution elects to use Proctorio's proctoring Services that enable video recording, Proctorio uses facial detection or gaze detection to flag potentially suspicious test activity to help Institution-approved representatives maintain assessment integrity. The Institution may choose to disable facial detection and gaze detection as a secondary setting of the video recording feature if It wishes to opt out of facial detection and gaze detection, but still record the exam session.

Proctorio does not use what is conventionally known as “biometrics” or “facial recognition” technology. Facial recognition uniquely identifies specific people by assessing whether the face in one image matches the face in another image. It requires a database of either images of people’s faces, or biometric representations of them, and technology that compares new images or biometric representations with entries in that database.

Instead, Proctorio uses “facial detection” or “gaze detection” technology. A fundamental difference between these technologies and biometrics or facial recognition technology is that facial or gaze detection technologies do not use geometry or landmarks as identifiers. Additionally this difference, can be illustrated by the questions they answer:

Facial Recognition: “Does the face in this picture match the face in this other picture?”

Facial Detection: “Is there a face in this picture?”

Gaze Detection: “Is the person looking away from the camera or the exam screen?”

Facial detection can identify that there is a human face present in an image or video recording, but it cannot identify that person – only that there is, indeed, a person in the image or recording.

Gaze detection can determine the direction that the individual is looking, but cannot identify who they are or what they are looking at.

If the exam administrator enables the use of video recording, Proctorio uses facial detection to flag video evidence that may indicate the number of individuals present within the immediate vicinity of the test taker, but Proctorio does not attempt to determine who those individuals are.

If a test taker is not able to pass the face detection process and enter an exam within three attempts, a Proctorio Support Agent initiates a live chat to troubleshoot the issue. The Support Agent can request access to webcam images from the system, provide instructions that ensure clearly-captured images, and override the system if needed to expedite exam entry.

If the exam administrator enables the use of video recording, Proctorio can use gaze detection to flag video evidence that the individual was looking at something other than the device they were using to take the exam. This helps Institution-approved representatives prioritize where to review exam video recordings to determine if the test taker was consulting unauthorized materials or was receiving outside assistance during the exam attempt. However, the Institution may choose to disable facial detection and gaze detection as a secondary setting of the video recording feature if It wishes to opt out of facial detection and gaze detection, but still record the exam session.

Monitoring during an exam

When exam administrators select Automated or Live Proctoring Services, Proctorio uses technology to automatically collect certain information about a test taker’s activities during the exam session for purposes of protecting exam integrity. The flagged behaviors may include facial and gaze detection (described above) to monitor if the test taker leaves the session, tracked head movement to monitor how frequently the test taker looks away, sound detection to monitor if other voices are in the room, question response time, dropped internet connections, and other activities that may indicate irregular testing activities. When using these services, Proctorio’s automated technology continually monitors the applications and processes that are running on the device during an exam session and during exam review.

If an Institution has requested reporting, test-taker data may be aggregated, and then individual test-taker data may be compared to the aggregated data to look for patterns or anomalies, such as whether a test taker spent an unusually long time answering a question relative to other users.

Proctorio does not and has not established "normal" profiles or compare test takers against any preserved or aggregated normal.

At the end of an exam session, the Institution-approved representative will have access to a summary report of these flagged activities, as well as the raw data the Service collects from each test-taker’s session. The Institution-approved representative then determines if any further action is warranted. Aggregated data is also provided to the Institution-approved representative (e.g. the average length of time users spent on an exam question, the average time spent on the entire assessment and the average date/time that users started the exam session).

Only an Institution determines whether to enable settings, which settings are enabled for flagging of irregular testing behaviors, and the indication levels (green, yellow, red) assigned to certain activities of the test taker during an exam. Following the Institution-approved representative’s review, only they can determine what, if any, action to take related to a test taker.

Proctorio does not make any decisions related to the test taker from flagged activity.

ID Verification

Additionally, an Institution may select an option to verify the test taker’s identity before they start their exam. The Institution can choose the Live ID Verification or the Automated ID Verification option. In both options, the Personal Information that is collected may include name, government ID number, and date of birth if the test taker chooses to utilize their government-issued ID or the Institution requires the test taker to use the government-issued ID to validate their identity.

This ID image along with other test-taker audio, video, and screen recordings and images are stored with Zero-Knowledge Encryption by Proctorio as described below.

Live ID

If this option is selected by the Institution, a photo of the Institution-accepted form of ID will be collected with the webcam and encrypted on Proctorio's servers. The image will be accessible by an Institution-approved representative along with the exam results within the Institution’s assessment platform. Additionally, during the pre-checks a Proctorio proctor will request to see the Institution-accepted form of ID and will record this information. A proctor cannot personally store or use this information other than to verify the test taker’s identity.

The file is transmitted directly from the test taker to the proctor. After the transmission and the identity is verified the file is immediately deleted.

Automated ID

If this option is selected by the Institution, a photo of the Institution-accepted form of ID will be collected with the webcam and encrypted on Proctorio's servers. The image will only be accessible by an Institution-approved representative along with the exam results within the Institution’s assessment platform.

Originality Verification

If an Institution selects Proctorio's Originality Verification tool, the test taker may voluntarily submit an assignment that has content or data with Personal Information included.

Lock Down Settings

If these settings are selected by an Institution and enabled on an assessment that uses Proctorio's Services, these features can be used instead of or alongside the monitoring features described above.

Depending on which features are selected by an Institution, the test taker’s device will be locked down so that they cannot access websites, files, or other online or device resources. The test takers will be prevented from downloading materials or entering information that doesn’t relate to the exam only during the exam session. This is done to help ensure test integrity.

When operating as a browser extension, Proctorio only has restricted access to a test taker’s computer system. This includes no access to any personal documents or files stored on the machine.

Users have the ability to disable the Proctorio extension immediately after an exam is submitted.

Although it is not necessary to do so, test takers can uninstall or disable Proctorio immediately after taking an exam, and re-install or enable it only when taking future Proctorio-proctored exams.

Test takers can understand when Proctorio is running, through the exam entering process, when the Proctorio shield icon in the upper-right-hand corner of the browser turns green, and during exam review.

This green icon indicates that the extension is running during the exam.

Lock Down settings include the following, and exam administrators can choose to implement some, all, or none of these during the exam.

Lock Down permissions and Settings

Here are more details on the which Browser Permissions can be required by an Institution and why these Browser Permissions might be required:

Read and change data on the websites you visit

This allows Proctorio to run on each and every website required by your exam administrator or Institution without requiring additional permissions.

Display notifications

Proctorio may display a pop-up notification while you are in the exam if you navigate away from the exam. This notification states that you are required to return to the exam window.

Modify data your copy and paste functionality

The Proctorio platform’s functionality does not include the ability to read or collect the contents in the test taker's clipboard. Instead, during the exam, Proctorio replaces the clipboard text with Proctorio's own content to prevent exam content distribution.

Capture content from your screen

This recording setting only runs during the exam and exam review. This ensures that test takers are remaining within the exam and showing their work with authorized tools and resources.

Manage your downloads

Downloads by a test taker will be prevented only during the course of the exam. This ensures that exam content is not shared externally.

Identify storage devices

Test-taker storage devices are detected and identified during the exam. Proctorio does not eject storage devices.

Manage your apps, extensions, and themes

Proctorio does not manage the themes of a test taker’s device. But Proctorio does manage extensions and applications that may hinder Proctorio from operating properly.

Change your privacy-related settings

Proctorio uses this to temporarily block the test taker’s browser "password" fill option during the course of the exam.

Zero-Knowledge Encryption

When processing and securing test-taker Information from an Institution, Proctorio does not mess around. That’s why Proctorio utilizes an end to end encryption method called “Zero-Knowledge Encryption”.

“Zero-Knowledge Encryption” means that only Institution-approved representatives at Institutions can decrypt and review the encrypted exam recordings on Proctorio’s servers.

Only the Institution has the “key” that is needed to access Personal Information that they’ve provided to their test takers or test-taker Personal Information that has been provided to Proctorio. Proctorio utilizes PBKDF2-HMAC-SHA512 to generate the keys. Then AES-256 GCM encryption is used to encrypt the files and finally Proctorio uses TLSv1.2 and TLSv1.3 with perfect forward secrecy to transfer any and all data. 

Proctorio uses Zero-Knowledge Encryption for any audio, video, and screen recordings and images sent by a test taker. This means only Institution-approved representatives can decrypt, watch, and review the encrypted Information.

Test-taker records

All test-taker records that are “student” or “educational records” obtained by Proctorio from an educational Institution are the property of the Institution and are under the control of that Institution. Institutions or the respective test taker owns the data.

Proctorio will follow the instructions provided by the Institution and make every effort to comply with applicable law. In these instances, Proctorio is a processor for the educational Institution and the educational Institution is the controller. Their Privacy Policy controls the use of test-taker Information.

If you are looking for information regarding your test-taker records please reach out to your Institution.

Information collected from Institution-approved representatives 

The sections below describe Personal Information that may be collected from an Institution-approved representative.

Secure Exam Proctor administration - Institution registrations 

To register an Institution to use the Proctorio’s suite of services an administrator account must be created. To register an account for your institution, an Institution-approved representative must provide Personal Information, such as:

  • Institution-approved representative’s name
  • Phone number
  • Institution name
  • Campus email address

Request for demo

For Institution-approved representatives to request a demonstration of the Proctorio Services, you must provide Personal Information such as:

  • Institution-approved representative’s name
  • Phone number
  • Institution name
  • Campus email address

Secure Exam Proctor exam enabling

An Institution-approved representative can generally utilize Secure Exam Proctor to conduct exams. To do so, the Institution-approved representative does not have to provide their name or other Personal Information. They only have to provide the single sign-on data managed through the Institution exam platform. Institution-approved representatives configure their exam settings to select whether to collect the following types of test-taker data:

  • Audio Recordings
  • Video Recordings
  • Facial Detection
  • Gaze Detection
  • Information on test taker computer screen
  • Websites visited during the exam session

Secure Exam Proctor Technical Support

To contact technical support, Personal Information such as:

  • Institution-approved representative’s name
  • Phone number
  • Email address

may be collected from an Institution-approved representative to facilitate the troubleshooting process.

Disclosure of such information by an exam administrator is voluntary and will not be sold to third parties. 

Surveys, contests, feedback

Additionally, Proctorio may invite Institution-approved representatives or test takers to participate in surveys, questionnaires, contests, or to contact Proctorio with questions, comments, or feedback.

Participation is voluntary and only those that have opted in/ consented will be contacted.

Due to the nature of some of these activities, they may include the collection of Personal Information, such as your:

  • Institution-approved representative’s name
  • Email
  • Institution details
  • Location

Customer service

You may contact Proctorio about Proctorio's products and Services or with customer service inquiries. Depending on the method by which you contact Proctorio, certain Personal Information will be visible to Proctorio. This information is identified below. Other than this information that is inherently visible based on your selected communication platform and optionally if information is needed to verify your identity, Proctorio never requires that you disclose Personal Information.

Customer service emails

If you contact us by email, Proctorio will obtain and store your email address.

Customer service phone calls

If you contact us by phone call, Proctorio will obtain and store your phone number.

Customer service Live Chat

If you contact us through chat, Proctorio will obtain your IP Address and store only part of it.

Job applicants 

Proctorio may also collect Personal Information from job applicants needed for the employment applications, such as:

  • Job applicant name
  • Email
  • Postal address
  • Government ID numbers
  • Date of birth
  • Employment history
  • Academic history

Marketing 

Proctorio may also collect Personal Information from Institution representatives and other professionals, such as their name and email address, to send marketing communications about Proctorio's products and Services. These communications will only occur if they have consented to receiving this information. Proctorio does not sell, transfer or utilize your data for any purpose other than to provide Proctorio's Services.

Proctorio does NOT send marketing communications to test takers.

Automatically collected Information; log Information

When you access the Sites and Services via a browser, application, or other device, Proctorio's servers automatically record certain information. These server logs will include information such as:

  • Your web request
  • Your interaction with a Service
  • IP address (only part of the IP address is stored)
  • Browser type (high level only)
  • Browser language
  • The date and time of your request

Proctorio stores anonymized web server log files by keeping only part of the user’s IP address and generalizing the user agent.

Proctorio does not utilize any device fingerprinting in logs.

Test-taker payments 

Some Institutions may require the test taker to pay for the Services. In those instances, Proctorio uses a third-party processor to process test-taker assessment payments. The information collected will only be used by Proctorio's third-party processor for the purpose of purchasing the Service. The information collected may include:

  • Credit card number
  • Credit card 3-4 digit security code
  • IP address
  • User agent
  • Email address - to receive a digital receipt

Customer accounts and payments

Proctorio may also collect Personal Information from Institution-approved representatives using Proctorio's Services to verify business information, establish customer accounts, and to process payments. Proctorio may collect financial information from potential customers to process Proctorio's customer payments, such as:

  • Business name or Business representative
  • Business email
  • Business phone number
  • Business address
  • Bank account information
  • Tax ID numbers

Sometimes Institution-approved representatives may pay for the Services with a credit card. In those instances, Proctorio uses a third-party processor to process test-taker assessment payments. The information collected will only be used by Proctorio's third-party processor for the purpose of purchasing the service. The information collected may include:

  • Credit card number
  • Credit card 3-4 digit security code
  • IP address
  • User agent
  • Email address - to receive a digital receipt

Using your Information

  • Proctorio's use of Personal Information depends on whether we are processing Information for an Institution or if an individual provides Personal Information to us directly or visits Proctorio's Sites.

As a data processor

When Proctorio is a processor for an Institution, Proctorio uses Personal Information as instructed by the respective Institution for the following Institution purposes. The services listed below are described in full in the “Collecting Personal Information” section.

Please remember an Institution decides which of Proctorio's products or Services to use:

  • Automated Proctoring
  • Live Proctoring
  • Automated ID Verification
  • Live ID Verification
  • Originality Verification
  • Registering an Institution
  • Administrative account creation
  • Institution assessment platform use
  • Administering the Secure Exam Proctor environment
  • Processing client payments and/or test taker payments

Please Note: The Institution decides which of Proctorio's products or Services to use and which settings and features to enable.

As a data controller

Proctorio uses Personal Information as follows when an individual contacts us directly, agrees to participate in certain activities, or when visiting Proctorio's Sites such as:

  • Surveys
  • Contests
  • Feedback
  • Customer service
  • Customer accounts and test-taker payments (Proctorio may collect customer Information to establish Institution accounts and process payments)
  • Job applications
  • Marketing
  • Continuous improvement, product development, and research
  • Site operations and security

Site operations and security

As a controller and operator of Proctorio's Site, Proctorio automatically collects information and log details to operate Proctorio's Sites.

  • Proctorio tracks the total number of visitors to Proctorio's Site, the number of visitors to each page of Proctorio's Site, browser type, and IP addresses. However, Proctorio anonymizes the IP address by removing the last octet of the address, making Proctorio unable to identify you or your exact location.
  • Proctorio may also analyze tracked data for trends and statistics in the aggregate. Such information will be maintained, used, and disclosed in aggregate form only and will not contain Personal Information.
  • Proctorio also has in place website security tools and processes, including penetration testing and vulnerability scans, to better ensure Site security and protection of Information. In the event of a firewall event or other attempt that triggers a firewall rule, either active or passive, the offending IP address is recorded in its entirety and maintained in our data security tracking systems.

De-identified data/aggregate information 

For Customer Billing and Usage

Proctorio uses de-identified information for billing and utilization analysis of Proctorio's Services.

Sharing your Information 

  • Proctorio doesn’t sell test-taker data to third parties.
  • Proctorio doesn’t share test-taker data with third parties for any marketing purposes.

As a data processor

Data that enters Proctorio's system has been encrypted using an unshared key stored in an Institution’s assessment platform and can only be unlocked by the Institution-approved representative within the assessment platform. Proctorio utilizes the assessment platform to gain information about the user's role. This restricts information from being shared with users who are not labeled as an Institution-approved representative. The entire process is transparent to the end user.

As a data controller

In instances where Proctorio is the controller and Proctorio collects test-taker Personal Information, such as when a test taker contacts Proctorio's Customer Service or requests Service information, information about Proctorio's company, or other inquiries, Proctorio may disclose your Personal Information in the following limited circumstances:

Law and harm

Proctorio may disclose test-taker Information if Proctorio believes that it is reasonably necessary to comply with a law, regulation, or legal request; to protect the safety of any person; to address fraud, security, or technical issues; or to protect Proctorio's rights or property.

Business transfers

Test-taker Personal Information maintained in the Institution’s exam platform is the property of the Institution. Test-taker audio, video, and screen recordings and images stored within the Proctorio servers are pseudoanonymized and encrypted and will not be sold or transferred to a third party if Proctorio is involved in an acquisition, merger or other corporate reorganization transaction. In such instances, and consistent with and limited to data protection laws and privacy commitments, marketing analytics data, CRM data, customer lists, and other pseudoanonymized data may be disclosed or transferred as part of a corporate reorganization transaction; provided that the acquirer commits to using the information in a manner consistent with applicable law and this Privacy Policy.

Proctorio does not and will not sell or otherwise transfer your data to any third party except as specifically stated in Proctorio’s Terms.

Identify verification

Proctorio may use third parties for identity verification with individual consent to successfully enter or submit a proctored exam using Proctorio's Services.

Payment processing

Proctorio uses a third-party payment processor to process payments. Proctorio does not directly collect payment information and is not a money-services business. To the extent such functionality is made available in the Services, it is provided by an unaffiliated third party, and like any other third-party service, is subject to their terms of use.

Third-party service providers

Proctorio uses third-party service providers to help provide Proctorio's Services, such as hosting Proctorio's various blogs, Help Center, and knowledge bases, and to help Proctorio understand the use of Proctorio's Services. As Proctorio uses Zero-Knowledge Encryption for audio, video, and screen recordings and images, it is encrypted and not accessible by the third-party service provider. In all instances, third-party services providers can only use any data for Proctorio's business purposes as specified in Proctorio's written agreement with them and not their own purposes. These Services may collect information sent by your browser as part of a web page request, such as cookies or your IP request.

The sub-processors that Proctorio uses are listed below but Proctorio may update this list periodically:

AWS

Purpose: Cloud service provider

Location: International

Website: https://aws.amazon.com/

Azure

Purpose: Cloud service provider

Location: International

Website: https://azure.microsoft.com/

Cloudflare

Purpose: Cloud service provider

Location: International

Website: https://cloudflare.com/

Maxmind

Purpose: Geo-Location of IP address provider for the Proctorio Gradebook

Location: USA

Website: https://maxmind.com/

Olark

Purpose: Chat support provider

Location: USA

Website: https://olark.com/

Proctorio d.o.o

Purpose: Sales, support and engineering

Location: Serbia

Website: https://proctorio.com/

Stripe

Purpose: Payment processing provider

Location: USA and Ireland

Website: https://stripe.com/

Twilio

Purpose: Internal and external call routing provider

Location: USA

Website: https://twilio.com/

Zendesk

Purpose: Helpdesk and support

Location: USA

Website: https://zendesk.com/

Proctorio will update this list as Proctorio may make changes to it.

To ensure you are aware of all updates, please periodically check for updates here. You can also subscribe to receive update notifications on GitHub.com.

Marketing

Proctorio uses search engines (Bing and Google), paid social media (LinkedIn, Twitter, and Facebook), email marketing (current and future Proctorio blog), contests (CRM info), surveys, (anonymous and/or CRM), lead generation forms (Facebook and LinkedIn) to provide marketing to Institution representatives, who have opted in to receive marketing materials.

Proctorio does not market to test takers.

Data transfers from Proctorio branches

Support Tickets are assigned an anonymous ID so that no support inquiry is personally identifiable. Additionally support tickets do not contain embedded Personal Information/ Personal Data unless specifically provided by the user in the text of the support request. Proctorio Support Representatives are located in the US, Germany and Serbia.

Support Representatives will have read-only access to the ID assigned to the user, along with any Personal Information/ Personal Data needed to verify identity or that is voluntarily given by the user. The Support Representatives are required to delete all Personal Information/Personal Data, required or voluntarily given, immediately after responding to and resolving the support request.

In addition, Proctorio may collect and transfer the following information to Germany, Serbia and/or the US when deemed necessary for operating of business or hired service(s):

  • IP addresses
  • User agent details
  • Administrator account information
  • Assessment platform functionality information
  • Client billing information

This data is transferred depending on what is required by the Institution, its users, and what is deemed necessary for the operation of Proctorio's website(s), application(s), and/or Services.

Other disclosures

Proctorio may disclose test-taker Information to fulfill the purpose for which you provide it and to enforce or apply agreements with Proctorio.

What about student education records and FERPA?

Proctorio makes every effort to adhere to the Family Educational Rights and Privacy Act (FERPA) as applicable when it is providing Services to educational Institutions in the United States that are subject to FERPA.

Proctorio works with Institution(s) to ensure compliance with FERPA and applicable privacy laws. One of the most important ways in which we strive to adhere to FERPA and restrict disclosure is to encrypt test-taker audio, video, and screen recordings and images. As described in this Privacy Policy, Proctorio uses Zero-Knowledge Encryption to do this when an Institution has an agreement to utilize Proctorio's Services.

What is FERPA?

FERPA is a federal law that affords students (or parents/guardians for students under 18 or not enrolled in a post-secondary Institution) certain rights with respect to their education records.

In the United States, Proctorio has agreements with educational Institutions that are subject to FERPA and Proctorio acts as a third-party service provider of such educational Institutions and must make every effort to comply with FERPA generally as a “School Official.” This means Proctorio is providing Proctorio's Services on behalf of the educational Institution and only as authorized by them for legitimate educational purposes.

Why is FERPA important?

FERPA protects students from having their information disclosed to third parties without the eligible student (18+) or parent’s/guardian’s consent unless there is an applicable exception under FERPA, such as when a third-party service provider is authorized by an educational Institution by a written agreement to provide services as a “School Official.”

Proctorio makes every effort to comply with FERPA by only using student Personal Information as a School Official as authorized by an educational Institution in Proctorio's written agreements.

Proctorio certified as FERPA compliant by the iKeep Safe Coalition which signifies Proctorio's compliance with relevant laws and regulations. Proctorio is also a signatory of the Student Privacy Pledge, where Proctorio pledges responsible stewardship and appropriate use of student Personal Information according to the commitments in the Pledge and in an effort to adhere to all laws applicable to Proctorio as a school service provider.

Remember audio, video, and screen recordings and images collected during the exam attempt, stored by Proctorio, and received from an Institution are encrypted using Zero-Knowledge Encryption. These recordings and images can only be decrypted and reviewed by Institution-approved representatives within the Institution’s assessment platform. Proctorio dictates who these authorized users are by utilizing the educational Institution’s assessment platform to gain information about the user's role. This restricts information from being shared with users who do not fall under the "School Official" role. The entire process is transparent to the end user. Proctorio securely delivers all content for the Services encrypted and Proctorio's servers make every effort to comply with industry security standards, including ISO 27001 and PCI-DSS.

For Proctorio's technical support channels, Proctorio's Support Representatives are trained on privacy and security and are instructed not to ask for information beyond what FERPA defines as "Directory Information”. This information may include:

  • Student full name
  • Campus email address
  • Institution name

To better ensure FERPA and privacy and security compliance, Proctorio's employees receive periodic privacy and security training. Proctorio has been ISO 27001 certified.

Cookies

We only utilize Single Sign-On technology to authenticate end users. Proctorio does not use registration or a log-in system on any of Proctorio's Sites or Services. Proctorio manages sessions without using cookies (or HTML Web Storage) and runs cookie-free domains.

Third-party platforms or payment processors may utilize cookies on their own domains.

Do not track settings

Proctorio does not use any client-side tracking pixels such as those used for advertising, marketing, and targeting.

When a client uses the “Do Not Track” client setting, Proctorio will only log the action, but will not store the user agent or IP address.

Your Rights 

  • Some countries and/or states have their own privacy and data security laws, Proctorio makes every effort to comply with each and every one of them.

As a data processor

Parents, legal guardians, or eligible students should contact their Institution directly if they want to access, correct, delete, export, import, request a copy, exercise other rights they may have, or if they have questions about their Personal Information. Proctorio does not have the ability to edit, revise or delete any test-taker Personal Information contained in test-taker records. We will send all requests regarding test-taker Personal Information to the respective Institution.

California residents should read the CCPA Notice in this Privacy Policy for more information about their rights.

When Proctorio is the controller, Proctorio will respond to your request regarding your Personal Information held by Proctorio as required by applicable laws and Proctorio's legitimate business purposes.

US K-12 Institutions and children's privacy rights

When Proctorio’s Services are used by an educational Institution in the classroom for an educational purpose, Proctorio is permitted by the Institution to process that student Information as a School Official and only for legitimate educational purposes authorized by the Institution. In these instances, the Institution (on behalf of the parent) provides the required consent for Proctorio to collect Personal Information of a child under 18 for this purpose as a “School Official.” Under FERPA, Institutions in the United States subject to this law must provide an annual notice to parents of third parties that are providing services under the FERPA “School Official” exception.

Other than as described above, Proctorio's Site and Services are not directed to children.

COPPA

Except for Proctorio's specific services offered to K-12 Institutions, Proctorio's Services are directed towards adults who are of the legal age to access them in their respective jurisdictions.

If you are under the age of 13, please do not use Proctorio's Sites without explicit permission from your School Official, parent, and/or guardian.

By accessing and using Proctorio's Sites and Services, you represent and warrant that you are of the legal age to form a binding contract with Proctorio in your respective jurisdiction and that you meet the foregoing eligibility requirements. If you do not meet these requirements, you must not access or use Proctorio's Sites or Services. If Proctorio learns Proctorio has collected or received Personal Information from an individual who was ineligible to access or use the Sites or Services, Proctorio will take steps to remove such Information. If you believe Proctorio might have any Information from or about a user who is ineligible to use the Sites or Services, please contact [email protected].

California privacy rights 

Proctorio does not sell your Personal Information to any third parties for direct marketing purposes as defined in California Civil Code Section § 1798.83.

Please contact [email protected] for any questions regarding your Personal Information.

Proctorio does not sell Personal Information to third parties.

Proctorio does not market to test takers and does not permit any third-party marketing to them.

Proctorio uses Zero-Knowledge Encryption, so only Institution-approved representatives can decrypt and review encrypted exam recordings.

CCPA notice

The following disclosures are made pursuant to the California Consumer Privacy Act of 2018 (“CCPA”). These disclosures supplement any privacy notices Proctorio has provided to you. In Proctorio's Privacy Policy, Proctorio describes the categories of Personal Information Proctorio has collected from California consumers over the past twelve (12) months, the categories of sources from which the Information was collected, the business or commercial purpose for which the Information was collected, and the categories of third parties with whom it has been shared. Proctorio will not collect additional categories of Personal Information or use the Personal Information Proctorio collected for materially different, unrelated, or incompatible purposes without providing you notice.

For purposes of this CCPA Notice, “Personal Information” means information that identifies, relates to, describes, is capable of being associated with or could reasonably be linked, directly or indirectly, with a particular consumer or household.

Institution test takers

Proctorio provides Services to Institutions as a “School Official” under FERPA as described above. Under the CCPA, Proctorio collects, retains, uses, and discloses Personal Information, which may include student data under these Institution agreements only as a “service provider” to Proctorio's Institution customers. The respective Institution’s privacy policies apply to their test takers.

Please note that government agencies, including public Institutions, are not subject to CCPA.

If you have a question or would like to exercise your California consumer rights to knowledge, access, or deletion, please contact your Institution directly.

Proctorio does not sell Personal Information. Proctorio uses Personal Information to administer assessments, provide Proctorio's Services, and respond to individual inquiries.

Third parties receiving Personal Information are only permitted to process that Personal Information as described in Proctorio's Privacy Policy and Proctorio's written agreements and are not permitted to sell Personal Information or market to any test taker.

If you are a resident of California, you have other rights under the CCPA as follows:

  • Right of Access: you can access your collected Personal Information by contacting Proctorio. Proctorio describes in Proctorio's Privacy Policy about Personal Information Proctorio collects, how Proctorio uses it, and to whom Proctorio discloses it.
  • Right to Correct, Update, or Delete: you can correct, update, or request deletion of your Personal Information by contacting Proctorio through one of the channels listed below. Proctorio can’t make changes to or delete your Information in some situations where it is necessary for Proctorio to maintain your Information, for example if Proctorio needs the Information to comply with applicable law or based on other exceptions as indicated in the CCPA.
  • Right to Request Disclosure of Information Collected: please contact Proctorio as indicated below to request further information about the categories of Personal Information Proctorio has collected about you, where Proctorio collected your Personal Information, and for what purpose Proctorio uses your Personal Information.
  • Right to Disclosure of Information Sold and Right to Opt-Out: you have the right to know what Information of yours Proctorio has sold and you have the right to opt-out of any sale of your Information. Proctorio does not sell your Personal Information.
  • Right to Non-Discrimination: Proctorio does not and will not discriminate against you if you exercise your rights under the CCPA.

To exercise the rights described in this Privacy Policy, please submit a verifiable consumer request to us:
via phone: Toll Free +1 866 948 9087
via email: [email protected] 

Only you, or someone legally authorized to act on your behalf and registered with the California Secretary of State, may make a verifiable consumer request related to your Personal Information. You may also make a verifiable consumer request on behalf of your minor child. You may only make a verifiable consumer request for access or data portability twice within a 12-month period. The verifiable consumer request must:

  1. Provide sufficient information that allows Proctorio to reasonably verify you are the person about whom Proctorio collected Personal Information or an authorized representative, which may include the user’s:
    1. First name
    2. Last name
    3. Email address
  2. Describe your request with sufficient detail that allows Proctorio to properly understand, evaluate, and respond to your request.

Verify requests

Proctorio cannot respond to your request or provide you with Personal Information if Proctorio cannot verify your identity or authority to make the request and confirm the Personal Information relates to you. If Proctorio cannot verify your identity or authority, Proctorio will follow procedures to verify your identity and authority. Proctorio attempts to respond to a verifiable consumer request within forty-five (45) days of its receipt. If Proctorio requires more time (up to 45 days), Proctorio will inform you of the reason and extension period in writing.

If you have an account with Proctorio, Proctorio will deliver Proctorio's written response to that account. If you do not have an account with Proctorio, Proctorio will deliver Proctorio's written response by mail or electronically, at your option.

Any disclosures Proctorio provides will only cover the 12-month period preceding the verifiable consumer request’s receipt. The response Proctorio provides will also explain the reasons Proctorio cannot comply with a request, if applicable. For data portability requests, Proctorio will select a format to provide your Personal Information that is readily usable and should allow you to transmit the Information from one entity to another entity.

Proctorio does not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If Proctorio determines that the request warrants a fee, Proctorio will tell you why Proctorio made that decision and provide you with a cost estimate before completing your request.

Changes to Proctorio's CCPA privacy notice

Proctorio reserves the right to amend this CCPA privacy notice at Proctorio's discretion and at any time. When Proctorio makes changes to this CCPA privacy notice, Proctorio will notify you by email or through a notice on Proctorio's website homepage.

Contact Proctorio

When you contact Proctorio regarding any of your rights under the CCPA, Proctorio will verify your identity before Proctorio provides any information. You may contact Proctorio through the following channels:

via email:
[email protected] 

We do not discriminate against California residents who exercise their CCPA privacy rights.

AB 1584 is a California law that defines student and educational agencies rights regarding student records. Proctorio makes every effort to comply with AB 1584 as described in this Privacy Policy and as applicable in Proctorio's agreements with California Institution(s).

Legal basis for processing your Information

If you are a Proctorio user or are visiting Proctorio's Site(s) and are located in the European Economic Area ("EEA"), Proctorio's legal basis for collecting and using the Personal Information described above will depend on the Personal Data concerned and the specific context in which Proctorio collects it. When Proctorio is a processor for an Institution, their privacy policy controls the processing of your Personal Data. Proctorio encourages you to read your Institution’s privacy policy for a legal understanding of how, when, and why your Personal Data may be collected and how it is used.

When Proctorio is a data controller

When Proctorio is a controller, Proctorio will normally collect Personal Information from you only where Proctorio has your consent to do so for marketing purposes, to perform a contract, or where the processing is in Proctorio's legitimate business interests for Site and Proctorio's business operations purposes. Where legitimate interest is Proctorio's lawful basis for processing, Proctorio has conducted an assessment to balance the individual’s privacy rights against Proctorio's legitimate need to process the Personal Information. In some cases, Proctorio may also have a legal obligation to collect Personal Information from you.

Where Proctorio is the controller, if you have questions about or need further information concerning the legal basis on which Proctorio collects and uses your Personal Information, please contact us through one of Proctorio's channels.

Canadian User Rights - FIPPA

Proctorio makes every effort to cooperate with Institutions in the compliance with the Canadian Freedom of Information and Protection of Privacy Act ("FIPPA"), as well as all federal and provincial laws and regulations, including those related to privacy and anti-spam legislation.

FIPPA provides Canadian citizens with the right to access information under the control of institutions.

The SaaS Agreement and the Terms of Service fully detail both Proctorio’s and the Institution’s obligations in relation to the confidentiality of data. FIPPA compliance is predicated on the Parties’ compliance to these provisions. These Confidentiality Obligations can be found in the Terms of Service.

EU-US and Swiss-US Privacy Shield frameworks 

Proctorio makes every effort to comply with the EU General Data Protection Regulation ("GDPR").

Please Note: Privacy Shield has been invalidated by the Court of Justice of the European Union. Proctorio is using Standard Contractual Clauses (“SCCs”) in addition to other mechanisms and implementing supplemental measures as applicable to better ensure that EU individuals’ Personal Data is subject to adequate protections.

Proctorio participates in and has certified its compliance with the EU-US Privacy Shield Framework and the Swiss-US Privacy Shield Framework. Although this is no longer a valid data transfer mechanism in the EU, Proctorio will continue to self-certify under Privacy Shield as it provides additional protections. Proctorio is committed to subjecting all Personal Data received from European Union (EU) member countries and Switzerland, respectively, in reliance on each Privacy Shield Framework, to the Framework's applicable principles. To learn more about the Privacy Shield Frameworks, and to view Proctorio's certification, visit the US Department of Commerce's Privacy Shield website.

With respect to Personal Data received or transferred pursuant to the Privacy Shield frameworks, Proctorio remains subject to the regulatory enforcement powers of the US Federal Trade Commission (for issues pertaining to Privacy Shield). In situations where public authorities make lawful requests for information, such as to meet national security or law enforcement requirements, Proctorio may be required to disclose Personal Data.

If you have an unresolved privacy or data use concern that Proctorio has not addressed satisfactorily, please contact Proctorio's US-based, third-party dispute resolution provider: Jams. This service is free of charge.

As more fully described on the Privacy Shield website, you may be entitled to invoke binding arbitration when other dispute resolution procedures have been exhausted.

European Economic Area (EEA) or Switzerland User Rights 

When Proctorio is a processor, you must contact your Institution regarding your Information and exercising any of your rights.

When Proctorio is a data controller

If you are based in the EEA or Switzerland, you acknowledge that Proctorio may transfer your Information (including Personal Data) to Proctorio and Proctorio’s facilities in the United States or elsewhere, including those of third parties as described in the “Business transfers” and “Third-party service providers” sections of this Privacy Policy. Please review Proctorio's Site Terms of Service for more information regarding any other applicable data protections.

When Proctorio is a controller with respect to your Personal Data, such as for customer support, service, and other inquiries, and you are based in the EEA or Switzerland, you may have other rights as provided below:

Access

If you wish to access your Personal Data that Proctorio collects, you can do so at any time through the Service or by contacting Proctorio using the contact details provided at the bottom of this page.

Correction, update, or deletion

You can correct, update, or request deletion of your Personal Data through the Service-interface, or by contacting Proctorio using the contact details provided at the bottom of this page.

Data protection authority

You have a right to raise questions or complaints with your local data protection authority at any time.

Right to object

You have the right to object, on grounds relating to your particular situation, at any time to the processing of your Personal Data by Proctorio. If you have a right to object and you exercise this right, your Personal Data will no longer be processed for such purposes by Proctorio. You may exercise this right without incurring any costs. 

Right to withdraw consent

You have the right to withdraw your consent for Proctorio to process your Personal Data when your consent is the lawful basis for processing.

Right to restriction

You may have the right to restrict Proctorio's processing of your Personal Data unless Proctorio's processing is otherwise authorized by applicable law.

Right to data portability

You may have the right to receive the Personal Data that you have given Proctorio, in a structured, commonly-used, and machine-readable format. You have the right to send that Personal Data to another controller if the processing is based on consent or on a contract and is carried out by automated means.

Marketing

For Institution-approved representatives, you have the right to opt-out of marketing communications Proctorio sends you at any time. You can do this by clicking the "unsubscribe" link in the marketing email Proctorio sent you or by contacting Proctorio using one of the contact channels provided.

If using the contact details please provide your:

  • Full name
  • Email address
  • Any other relevant information that may be required to address your request

Please note that such marketing opt-out does not impact any transaction or operation notices that Proctorio may need to send you. Note that Proctorio does not market to test takers.

If you have any questions or comments about this Privacy Policy, please contact Proctorio through one of Proctorio's contact channels.

Protecting your Information

  • For test-taker Information that Proctorio processes for an Institution, Proctorio implements Zero-Knowledge Encryption, which means only Institution-approved representatives can decrypt and review encrypted exam recordings.

Security 

Proctorio employs procedural and technical security measures that are reasonably designed to help protect Proctorio's test takers’ Personal Information from loss, unauthorized access, disclosure, alteration, or destruction, which includes encryption and other security measures to help prevent unauthorized access to a test taker’s Personal Information. The data a test taker transmits as part of their use of the Institution Services ("Storage Data") is encrypted and Proctorio does not have the decryption keys to decrypt or review test-taker Storage Data in its unencrypted form.

Proctorio is committed to maintaining the security and confidentiality of test-taker Information.

Towards this end, Proctorio takes the following actions:

(a) Proctorio limits employee access to test-taker information to only those employees and contractors who need the information to fulfill their job responsibilities;

(b) Proctorio conducts regular employee privacy and data security training and education; and

(c) Proctorio protects your Information with technical, contractual, administrative, and physical security safeguards in order to protect against unauthorized access, release, or use.

Proctorio is SOC 2 and ISO 27001 certified and conducts regular security audits including penetration testing and vulnerability assessments. Institutions or their designated representatives may review security testing results, subject to confidentiality requirements, or conduct their own security audit of Proctorio’s data security and storage practices, subject to mutual agreement. Written requests for inspection and testing can be made to [email protected].

Test-taker audio, video, and screen recordings and images are secured and processed through three layers of encryption:

  1. The Zero-Knowledge Encryption layer is used when information is stored and is secured using AES-GCM.
  2. Transmission into the datacenter is over TLSv1.2 / TLSv1.3 and, if the client supports it, Proctorio uses Perfect Forward Secrecy (PFS).
  3. All data centers are ISO 270001 certified, SOC 2 attested.

To learn more about Proctorio’s approach to data security, please see Proctorio's Data Security page.

Security systems breach notification 

As a data processor

Proctorio will notify the Institution. The Institution is responsible for notifying its test takers.

As a data controller

If Proctorio learns of a security systems breach, Proctorio may attempt to notify you electronically. Proctorio may post a notice on Proctorio's Sites and/or Services if a security breach occurs. Proctorio may also send an email at the email address provided. Depending on where you live, you may have a legal right to receive notice of a security breach in writing.

Live proctors 

Live proctors are used for Live Proctoring and Live ID Verification Services only when selected by an Institution.

All Proctorio proctors sign a confidentiality agreement restricting them from using and disclosing any of the test taker’s Personal Information for any purpose other than providing the testing services.

All proctors are full-time Proctorio employees and are required to go through an extensive background check and fingerprinting process. All Proctorio proctors can view, note, and record exam attempts. Proctorio proctors go through a five-week training process with Proctorio's Proctorio Training Specialists and must complete Privacy & Security Training. The proctors are the only employees who have access to the tools required for Live Proctoring and only company-owned and controlled devices can access this information. This is further restricted using IP address restrictions to ensure these devices are being accessed in appropriate locations. Proctorio proctors are then uniquely identified at sign-on by using two-factor authentication and the device is restricted based on the user's group, department, and access level. Device compliance testing is run regularly and devices out of compliance are blocked from accessing any restricted resources until compliance is restored.

Data storage 

  • Proctorio stores test-taker Personal Information, including all audio, video, and screen recordings and images, which Proctorio collects during the exam for the minimum amount of time required by the Institution or by applicable law.
  • The length and location of how and where data for operations is stored varies and is dependent on applicable law and the information itself.
  • Whether Proctorio is acting as the data controller or the data processor all Personal Information is encrypted in transmission and at rest.

As a data processor

Proctorio retains data as directed by an Institution related to the Services that Proctorio provides to them.

Proctorio retains test-taker De-Identified Data to track usage, allow Proctorio to process billing for Institutions that are Proctorio’s customers, and track global usage of Proctorio’s Services. "De-Identified Data" (or pseudonymized) includes:

  • A pseudonymous hash of the User ID
  • A pseudonymous hash of the Exam ID
  • A pseudonymous hash of the Course ID (when applicable)
  • Approximate location where the exam was taken
  • Exam attempt number
  • Length of exam
  • Date of exam
  • Anonymous telemetry events

As a data controller 

In situations when Proctorio acts as a data controller, the Personal Information provided by an individual is dependent on the Services, Site(s), or third-party applications accessed by the individual.

Retention, location, data deletion, and destruction

When Proctorio is the data processor, Proctorio uses a third-party cloud provider for the storage of encrypted, collected data. Data is stored in data centers requested or chosen by the partnered Institution. Institutions can choose to store the data in a data center that is geographically relevant to their location or in another, potentially further away data center.

Proctorio retains data only as directed by an Institution related to the Services that Proctorio provides to them. Proctorio will store and maintain Institutional data for up to 30 days after the termination of an applicable agreement, unless otherwise specified by the Institution or as required by applicable law.

Proctorio cannot and does not retain exam attempt recordings or chat transcripts for longer than required by the Institution or applicable law.

When Proctorio is a processor for an Institution, Proctorio will direct the test taker to contact their respective Institution with any requests related to their Personal Information

When Proctorio is a data controller, this data is stored in locations and for time frames dependent on the Services used or Site(s) and/or third-party application(s) accessed by the individual.

Proctorio retains the previously described Information only for as long as needed for Proctorio’s legitimate business purposes and as required by applicable laws, investigations, or other security matters.

US Test-Taker Payment Processing: Data is stored within the US by a third-party subprocessor headquartered in the US.

US Client Payment Processing: Data is stored within the US by a third-party subprocessor headquartered in the US.

US User and Client Support: Data is stored by a third-party subprocessor headquartered in the US and Europe.

EU Test-Taker Payment Processing: Data is stored by a third-party subprocessor headquartered in Ireland.

EU Client Payment Processing: Data is stored within Germany by a third-party subprocessor headquartered in Germany.

EU User and Client Support: Data is stored by a third-party subprocessor headquartered in the US and Europe.

Institution Assessment Platform Monitoring: Data is stored in Europe by a third-party subprocessor based in Europe.

When Proctorio is the data controller, questions regarding data storage, recovery, and deletion should be directed through one of Proctorio’s contact channels.

Data Processor vs. Data Controller

Proctorio as a data processor

Proctorio acts as a data processor for “Institutions” (organizations and customers utilizing Proctorio Services) and only processes Personal Information (or Personal Data) based on instructions from Institutions. Personal Information is information that identifies an individual and is defined more fully under applicable law. In these instances, test-taker Personal Information is encrypted.

Proctorio utilizes end-to-end encryption to encrypt test-taker exam recordings that Proctorio receives from an Institution. This means that no one but approved “Institution representatives” (including instructors, faculty, administrators, and other authorized staff of an Institution) can access test-taker Personal Information. Proctorio does not have the cryptographic key so it cannot access Personal Information and cannot disclose test-taker Personal Information in these instances.

Institutions Control Test-Taker Personal Information. As the data processor, Proctorio only follows the instructions provided by the Institution (a “processor”). The Institution is the data controller (“controller”) and their privacy policy controls the processing of their test-taker and Institution-representative Information. The information provided in Proctorio’s Privacy Policy below is provided to test takers and Institution representatives for a general understanding of Proctorio’s privacy practices, but they should also review their respective Institution’s controlling privacy policies.

Proctorio as a data controller

It is important to note that this Privacy Policy is incorporated into and subject to the Proctorio Terms of Service for Proctorio's Sites, when Proctorio is the controller. Any terms not defined here can be found in Proctorio's Sites' Terms of Service.

What does this Privacy Policy apply to?

This Privacy Policy applies to all of Proctorio’s Product and Services Users (test takers and Institution representatives), Partnered Institutions and their representatives, and those who are visiting Proctorio’s websites, including potential clients and interested parties.

This Privacy Policy applies to Personal Information that Proctorio collects when it is a data controller from any of Proctorio’s websites (Proctorio’s “Sites”), pruefungendaheim.de, proctorio.com, getproctorio.com, proctoriostatus.com, Proctorio’s mobile apps, customer service, partner relationships, and when someone contacts Proctorio directly. In those instances, individuals may be providing Personal Information to Proctorio. When Proctorio operates as a processor for an Institution, the Institution’s privacy policies are in control. See the section above for a description of when we operate as a processor.

Institution uses

Institutions determine which of Proctorio’s services to use and this, in turn, determines the Information that Proctorio processes. Institution products and services include, but are not limited to: Automated Proctoring, Live Proctoring, Live ID Verification, Automated ID Verification, Lock Down, WebSweep, WebFreeze, Professional Review, and Originality Verification (collectively the “Services”).

You can find more information about Proctorio's Services on the Products page.

Got questions? Let's hear 'em!

By email:

By mail:

7340 E Main St, Suite 203
Scottsdale, AZ 85251

Looking for Proctorio's other policies like the Terms of Service, Service Level Agreement, and Acceptable Use Policy?

Check out Proctorio's Policies center by clicking below:

Policies Center

Updates

Proctorio is constantly improving and expanding, so we may need to update this Privacy Policy from time to time.

If so, Proctorio will post its updated Privacy Policy on Proctorio’s Site located at proctorio.com, include a notice on the homepage of proctorio.com, and include updates on Github. You do not have to be registered users of GitHub to view these updates. Please visit Github to see Proctorio’s page regarding updates.

Proctorio encourages you to review this Privacy Policy regularly for any changes. Your continued use of the Services and/or continued provision of Personal Information to Proctorio will be subject to the terms of the then-current Privacy Policy.