You agree to have your identity verified by Proctorio using the methodology that is most currently employed by Proctorio.
You agree to allow Proctorio to monitor you by webcam, microphone, browser, desktop, or any other means necessary to uphold integrity. At the discretion of the exam administrator, this may include a scan of your surroundings and computer display. This monitoring will be conducted by machine or by a live person. The information from the session may be recorded and provided to the institution, university, college, school, or organization and can be viewed by authorized personnel thereof. It is important to note that this information is not sold, or given to any third parties.
Note: Proctorio is committed to maintaining the security and confidentiality of your information. Towards this end, we take the following actions: (a) we limit employee access to your information to only those employees who need the information to fulfill their job responsibilities; (b) we conduct regular employee privacy and data security training and education; and (c) we protect your information with technical, contractual, administrative, and physical security safeguards in order to protect against unauthorized access, release or use.
If you entered into a SaaS Agreement with Proctorio on behalf of an Institution or Customer, you agree that Proctorio shall collect and use Customer Content to fulfill its duties, provide services, and improve services under an applicable SaaS Agreement. Customer will make available any Customer Content upon request.
De-Identified Data and Aggregate Information.
Proctorio may use certain De-Identified Data collected from the use of our Site or the Services, such as from an Institution's Student Users who use the Application Service under Institution's rights, and through an agreement with Institution, for identifying trends, statistics, security, research, or other purposes. "De-Identified Data" is data we create from collected data by removing all direct and indirect personal identifiers including, but not limited to, name and location information. Proctorio agrees not to attempt to re-identify De-Identified Data and not to transfer De-Identified Data unless that party agrees not to attempt re-identification.
We may track the total number of visitors to our Site, the number of visitors to each page of our Site, browser type, and IP addresses. However, we use certain methods to anonymize your IP address at the earliest possible stage of the collection network. Specifically, we anonymize the IP address by removing the last octet of the address. We may also analyze tracked data for trends and statistics in the aggregate, but such information will be maintained, used and disclosed in aggregate form only and will not contain Personally Identifiable Information.
Note: Proctorio takes privacy extremely seriously, and strictly adheres to the Family Education Rights Protection Act of 1974 (FERPA). Proctorio works with Institution(s) to ensure compliance with FERPA and applicable privacy laws, and one of the most important ways in which it ensures compliance with FERPA is by never storing any student personally identifiable information or education records in unencrypted form. Refer to the FERPA Policy for more information.
Information Collection and Use.
You can generally visit our Site without revealing any Personally Identifiable Information. To use the Services, however, we may be required to collect personally identifiable information, such as your name, email address, phone number, and institution ("Personally Identifiable Information"). Additionally, we may invite you to participate in surveys, questionnaires, contests, or to contact us with questions, comments, or to provide us with feedback, which due to the nature of some of these activities, may include the collection of Personally Identifiable Information. By accessing or using the Services, we might collect additional data as set forth below in the "Aggregate Information" paragraph. All student records obtained by Proctorio from an Institution are the property of and are under the control of that Institution.
We may use your Personally Identifiable Information to contact you to deliver certain services, news, or information related to the Services, verify your authority to use our Services, and improve the content and general administration of the Services. If you do not wish for your Personally Identifiable Information to be used as described in this Section, you should not use the Services. You may also opt out of receiving promotional notifications by following the opt-out instructions in the emails that are sent to you.
Note: Under no circumstances will this information be disseminated to third parties for any use, and Proctorio will never use this information for targeted advertising.
Secure Exam Proctor Administration: To register an Institution to use the Proctorio Secure Exam Proctor solution, an administrator account must be created. To register this account, Personally Identifiable Information (such as name, phone number, Institution name, and campus email address), must be provided along with information regarding the learning management system ("LMS") used by the Institution.
Secure Exam Proctor Request for Demo: To request a demonstration of the Proctorio Secure Exam Proctor solution, Personally Identifiable Information (such as name, phone number, Institution name, and campus email address), must be provided along with information regarding the LMS used by the Institution.
Secure Exam Proctor Exam Environment: You can generally utilize the Secure Exam Proctor for taking a proctored examination without revealing any Personally Identifiable Information about yourself. The information collected during the examination process will only be used in an anonymized form for product development. The types of information collected depend on the exam settings and can include video, audio, and websites visited.
Secure Exam Proctor Technical Support: To contact technical support Personally Identifiable Information (such as name, phone number, Institution name, and campus email address), may be collected to facilitate the troubleshooting process. Disclosure of such information is considered voluntary and will not be used to create an academic record nor given or sold to third parties.
Note: Proctorio's technical support complies with FERPA and all employees are required to complete FERPA training.
Legal Basis for processing your information. If you are a user or located in the European Economic Area ("EEA"), our legal basis for collecting and using the personal information described above will depend on the personal information concerned and the specific context in which we collect it. We will normally collect personal information from you only where we have your consent to do so, where we need the personal information to perform a contract with you, or where the processing is in our legitimate business interests. In some cases, we may also have a legal obligation to collect personal information from you. If you have questions about or need further information concerning the legal basis on which we collect and use your personal information, please contact us using the contact details provided below.
Children's Online Privacy and Protection Act of 1998 (COPPA).
Except for our specific services offered to K-12 Institutions, our Services are directed towards adults who are of the legal age to access them in their respective jurisdictions and who reside in the United States. By accessing and using our Services, you represent and warrant that you are of the legal age to form a binding contract with us in your respective jurisdiction and that you meet the foregoing eligibility requirements. If you do not meet these requirements, you must not access or use the Services. If we learn we have collected or received personal information from an individual who was ineligible to access or use the Services, we will take steps to remove such information. If you believe we might have any information from or about a user who is ineligible to use the Services, please contact us at [email protected].
We are COPPA certified by the Internet Keep Safe Coalition which signifies our compliance with relevant laws and regulations. Please see our COPPA policy page and Personal Data Protections page for more information.
Proctorio does not disseminate personal information to third parties for any use. All data that enters our system has been encrypted using an unshared key stored in the learning management system (LMS) and can only be unlocked by authorized users within the LMS. Proctorio utilizes the LMS to gain information about the user's role. This restricts information from being shared with users who do not fall under the Institution's "School Official" role. The entire process is transparent to the end-user, but prevents Proctorio and unauthorized individuals from accessing student data. In compliance with section 16 C.F.R. § 312.4(c)(2) of COPPA, Proctorio will notify parents when it learns that it has collected any personal information of a child under 13 years of age.
K-12 Institutions and Children's Privacy.
As mentioned above, we are COPPA compliant. We collect limited Personal Information from administrative personnel at the K-12 Institution only as needed for the operation and management of the Services as contracted by the K-12 Institution.
Minor Users can access many parts of the Services and its content and use many of its features without providing us with Personal Information.
We only collect as much information about a Minor User as is reasonably necessary for the minor to receive the Services provided to the minor through an agreement between us and the K-12 Institution. We do not condition his or her participation on the disclosure of more personal information than is reasonably necessary.
Notice to Parents - Consent.
By inputting any Personal Information (whether your Personal Information, or Personal Information of your child), you consent to the use of that Personal Information within the Services, and you represent and warrant that you have obtained any permissions or authorizations for any Personal Information of others that you input or send through the Services.
Notice to Minors.
If you are a Minor User, do not send any personal information about yourself or other students to us, other than what is requested upon signing up for the Services. Students who have signed up with an access code provided by a school or teacher should be aware that their parent/legal guardian has access to all information within or associated with their account.
Like many websites, we use "cookie" technology to collect additional website usage data and to improve our Services, but we do not require cookies to use the Site. A cookie is a small data file that is transferred to your computer's hard disk. Proctorio may use both session cookies and persistent cookies to better understand how you interact with our Services, to monitor aggregate usage by our users and web traffic routing on our Services, and to improve our Services. Most Internet browsers automatically accept cookies. You can instruct your browser, by editing its options, to stop accepting cookies or to prompt you before accepting a cookie from the websites you visit.
Note: Cookies used by the Services cannot personally identify you.
Do Not Track Settings.
Some internet browsers have incorporated "Do Not Track" features. We respond to Do Not Track signals by not tracking browser and URL information collected through a tracking pixel. However, for security purposes, we do not respond to Do Not Track signals for information collected via server logs, such as user IP address and firewall events.
We may track the total number of visitors to our Site, the number of visitors to each page of our Site, browser type, and IP addresses. We may also analyze this data for trends and statistics in the aggregate, but such information will be maintained, used and disclosed in aggregate form only and will not contain Personally Identifiable Information. We may use such aggregate information to analyze trends, administer the Site, track users' movement, and gather broad demographic information for aggregate use.
Third Party Services.
Proctorio uses a variety of services hosted by third parties to help provide our Services, such as hosting our various blogs, help center, and knowledge bases, and to help us understand the use of our Services. These services may collect information sent by your browser as part of a web page request, such as cookies or your IP request.
We do not control third parties' tracking technologies. If you have any questions about these third-party technologies, you should contact the responsible provider directly.
Data Deletion and Destruction
Proctorio will store and maintain institutional data for up to 30 days after the termination of an applicable agreement, unless otherwise specified. If, however, you have entered into a SaaS Agreement with Proctorio then we will retain your data for six months by active data retention and for one year by cold storage. We may be able to retain your data for longer periods of time subject to an additional fee and agreement by you and Proctorio.
According to the Institution's preference regarding data destruction, Proctorio will either: 1) destroy the data, or 2) deliver it to the Institution.
Questions regarding data storage, recovery, and deletion should be directed to:
6840 E. Indian School Road
Scottsdale, Arizona 85251
Phone: +1 480 428 4076
Email: [email protected]
We do not disclose your Personally Identifiable Information except in the following limited circumstances:
Law and Harm: We may disclose your information if we believe that it is reasonably necessary to comply with a law, regulation or legal request; to protect the safety of any person; to address fraud, security or technical issues; or to protect Proctorio's rights or property.
Other Disclosures: We may disclose your information to fulfill the purpose for which you provide it and to enforce or apply your SaaS and other agreements with us.
Links to Third Party Sites.
We employ procedural and technological security measures that are reasonably designed to help protect your Personally Identifiable Information from loss, unauthorized access, disclosure, alteration or destruction, which includes encryption and other security measures to help prevent unauthorized access to your Personally Identifiable Information. The data you transmit as part of your use of the Services ("Storage Data") is in encrypted form and Proctorio does not have access to your Storage Data in its unencrypted form.
Note: Only authorized users, defined as "School Officials" in FERPA, will have the ability to decrypt any academic records stored by Proctorio.
Proctorio conducts daily security audits including penetration testing and vulnerability assessments. Client Institution or their designated representatives may review security testing results or conduct their own security audit of Proctorio’s data security and storage practices. Written requests for inspection and testing can be made to [email protected].
Correcting or Deleting Information.
Parents, legal guardians, or eligible students may review any Personally Identifiable Information in the student’s records and correct any erroneous information only by contacting the applicable Institution. Proctorio does not store unencrypted student academic records, and accordingly does not have any ability to edit, revise, or delete any student Personally Identifiable Information contained in student records.
Data Breach Notification.
Proctorio maintains an information security plan to protect the security, confidentiality, and integrity of Personally Identifiable Information of users and client institutions. As part of its information security plan, Proctorio will notify affected individuals and Institution of a data security breach without unreasonable delay and in no event later than 72 hours from discovery of the breach. Written notification will be sent by first-class mail to the address on record for the individual or Institution.
Written notification will contain:
- A brief description of what occurred with respect to the breach, including, to the extent known, the date of the breach and the date on which the breach was discovered;
- A description of the types of Personally Identifiable Information that were involved in the breach;
- A description of the steps the affected individual or Institution should take to protect against potential harm from the breach;
- A description of what Proctorio is doing to investigate and mitigate the breach and to prevent future breaches; and
- Contact procedures for individuals to ask questions or learn additional information, which will include a toll-free telephone number, an email address, website or postal address.
If Proctorio determines individuals or Institution should be notified urgently of a breach because of possible imminent misuse of unsecured Personally Identifiable Information, Proctorio may, in addition to providing notice as outlined above, contact the individual or Institution by telephone or other means, as appropriate.
Note: Proctorio does not store any unencrypted education records.
California Privacy Rights.
Proctorio does not provide your Personal Information to any third parties for direct marketing purposes as defined in California Civil Code Section § 1798.83. Please contact us at [email protected] for any questions regarding your Personal Information.
Users from Outside of the United States.
European Economic Area (EEA) or Switzerland: If you are based in the EEA or Switzerland, you acknowledge and agree that we may transfer your information (including personal information) to us and our facilities in the United States or elsewhere, including those of third parties as described in this policy. Please review our Terms of Service and the applicable SaaS Agreement for more information regarding any other applicable data protections.
EU-U.S. and Swiss-U.S. Privacy Shield Frameworks.
Note: Proctorio adheres to EU General Data Protection Regulation ("GDPR"). Refer to our GDPR page for more information.
Proctorio participates in and has certified its compliance with the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework. We are committed to subjecting all personal data received from European Union (EU) member countries and Switzerland, respectively, in reliance on each Privacy Shield Framework, to the Framework's applicable principles. To learn more about the Privacy Shield Frameworks, and to view our certification, visit the U.S. Department of Commerce's Privacy Shield website https://www.privacyshield.gov.
Under the Privacy Shield frameworks, Proctorio is responsible for processing the personal data it receives, under each Privacy Shield Framework, as well as transfers to a third party acting as an agent on its behalf. Proctorio complies with the Privacy Shield principles for all onward transfers of personal data from the EU and Switzerland, including the onward transfer liability provisions.
With respect to personal data received or transferred pursuant to the Privacy Shield frameworks, Proctorio is subject to the regulatory enforcement powers of the U.S. Federal Trade Commission (for issues pertaining to Privacy Shield). In situations where public authorities make lawful requests for information, such as to meet national security or law enforcement requirements, Proctorio may be required to disclose personal data.
If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact our U.S.-based, third-party dispute resolution provider (free of charge) at https://www.jamsadr.com/eu-us-privacy-shield.
As more fully described on the Privacy Shield website, you may be entitled to invoke binding arbitration when other dispute resolution procedures have been exhausted.
European Economic Area (EEA) or Switzerland.
If you are based in the EEA or Switzerland you have other rights as provided below:
Access: If you wish to access your personal information that we collect, you can do so at any time through the Service or by contacting us using the contact details provided below.
Correction, update or deletion: You can correct, update or request deletion of your personal information through the Service interface, or by contacting us using the contact details provided below.
Data Protection Authority: You have a right to raise questions or complaints with your local data protection authority at any time.
Right to Object: You have the right to object, on grounds relating to your particular situation, at any time to the processing of your personal data by us. If you have a right to object and you exercise this right, your personal data will no longer be processed for such purposes by us. You may exercise this right without incurring any costs.
Marketing: You have the right to opt-out of marketing communications we send you at any time. You can do this by clicking the "unsubscribe" link in the marketing e-mails we sent you or by contacting us using the contact details provided below (if using the contact details please provide your complete name, e-mail address, and any other relevant information that may be required to address your request). Please note that such marketing opt-out does not impact any transaction or operation notices that we may need to send you.