Privacy and Cookies

Privacy Policy.

Effective 12/18/2019

Proctorio ("we," "our," "us") provides services to users throughout the world and thanks you for visiting proctorio.com, our Internet website ("Site"). If you use our services in the United States, Proctor.io Incorporated (a Delaware corporation) is the data processor for your information. If you use our services anywhere else, Proctorio d.o.o. (a European corporation) is the data processor. This privacy Policy ("Privacy Policy") details Proctorio's use of Personally Identifiable Information (as defined below) about users of our Services.

Note: This Privacy Policy is incorporated into and subject to the Terms of Service and, if applicable, the terms of your SaaS Agreement with us. Any terms not defined herein are defined in our Terms of Service or our SaaS Agreement.

Policy Updates.

Due to the Internet's rapidly evolving nature, Proctorio may need to update this Privacy Policy from time to time. If so, Proctorio will post its updated Privacy Policy on our Site located at proctorio.com and may not notify you of the updated posting. Proctorio encourages you to review this Privacy Policy regularly for any changes and to subscribe to receive update notifications from us on GitHub. Your continued use of the Services and/or continued provision of Personally Identifiable Information to us will be subject to the terms of the then-current Privacy Policy.

Privacy.

Any content you provide to Proctorio is subject to this Privacy Policy, which governs our collection of your information and content, and the forwarding of such information to your institution, university, college, school, or organization (collectively, "Institution"). You understand that through your use of the Services you consent to the collection and forwarding (as set forth in this Privacy Policy) of this information, including the transfer of this information to your college, university, instructor, school or organization. In providing the Services, we may need to provide you with certain communications, such as technical support messages. These communications are considered part of the Services, which you may not be able to opt-out from receiving.

You agree to have your identity verified by Proctorio using the methodology that is most currently employed by Proctorio.

You agree to allow Proctorio to monitor you by webcam, microphone, browser, desktop, or any other means necessary to uphold integrity. At the discretion of the exam administrator, this may include a scan of your surroundings and computer display. This monitoring will be conducted by machine or by a live person. The information from the session may be recorded and provided to the institution, university, college, school, or organization and can be viewed by authorized personnel thereof. It is important to note that this information is not sold, or given to any third parties.

Note: Proctorio is committed to maintaining the security and confidentiality of your information. Towards this end, we take the following actions: (a) we limit employee access to your information to only those employees who need the information to fulfill their job responsibilities; (b) we conduct regular employee privacy and data security training and education; and (c) we protect your information with technical, contractual, administrative, and physical security safeguards in order to protect against unauthorized access, release or use.

If you entered into a SaaS Agreement with Proctorio on behalf of an Institution or Customer, you agree that Proctorio shall collect and use Customer Content to fulfill its duties, provide services, and improve services under an applicable SaaS Agreement. Customer will make available any Customer Content upon request.

De-Identified Data and Aggregate Information.

Proctorio may use certain De-Identified Data collected from the use of our Site or the Services, such as from an Institution's Student Users who use the Application Service under Institution's rights, and through an agreement with Institution, for identifying trends, statistics, security, research, or other purposes. "De-Identified Data" is data we create from collected data by removing all direct and indirect personal identifiers including, but not limited to, name and location information. Proctorio agrees not to attempt to re-identify De-Identified Data and not to transfer De-Identified Data unless that party agrees not to attempt re-identification.

We may track the total number of visitors to our Site, the number of visitors to each page of our Site, browser type, and IP addresses. However, we use certain methods to anonymize your IP address at the earliest possible stage of the collection network. Specifically, we anonymize the IP address by removing the last octet of the address. We may also analyze tracked data for trends and statistics in the aggregate, but such information will be maintained, used and disclosed in aggregate form only and will not contain Personally Identifiable Information.

Proctorio does not directly collect payment information and is not a money-services business. To the extent such functionality is made available in the Services, it is provided by an unaffiliated third party, and like any other third-party service, subject to their terms of use. Notwithstanding the foregoing, Proctorio may invoice Customers according to an applicable SaaS Agreement.

Note: Proctorio takes privacy extremely seriously, and strictly adheres to the Family Education Rights Protection Act of 1974 (FERPA). Proctorio works with Institution(s) to ensure compliance with FERPA and applicable privacy laws, and one of the most important ways in which it ensures compliance with FERPA is by never storing any student personally identifiable information or education records in unencrypted form. Refer to the FERPA Policy for more information.

Information Collection and Use.

You can generally visit our Site without revealing any Personally Identifiable Information. To use the Services, however, we may be required to collect personally identifiable information, such as your name, email address, phone number, and institution ("Personally Identifiable Information"). Additionally, we may invite you to participate in surveys, questionnaires, contests, or to contact us with questions, comments, or to provide us with feedback, which due to the nature of some of these activities, may include the collection of Personally Identifiable Information. By accessing or using the Services, we might collect additional data as set forth below in the "Aggregate Information" paragraph. All student records obtained by Proctorio from an Institution are the property of and are under the control of that Institution.

We may use your Personally Identifiable Information to contact you to deliver certain services, news, or information related to the Services, verify your authority to use our Services, and improve the content and general administration of the Services. If you do not wish for your Personally Identifiable Information to be used as described in this Section, you should not use the Services. You may also opt out of receiving promotional notifications by following the opt-out instructions in the emails that are sent to you.

Note: Under no circumstances will this information be disseminated to third parties for any use, and Proctorio will never use this information for targeted advertising.

Secure Exam Proctor Administration: To register an Institution to use the Proctorio Secure Exam Proctor solution, an administrator account must be created. To register this account, Personally Identifiable Information (such as name, phone number, Institution name, and campus email address), must be provided along with information regarding the learning management system ("LMS") used by the Institution.

Secure Exam Proctor Request for Demo: To request a demonstration of the Proctorio Secure Exam Proctor solution, Personally Identifiable Information (such as name, phone number, Institution name, and campus email address), must be provided along with information regarding the LMS used by the Institution.

Secure Exam Proctor Exam Environment: You can generally utilize the Secure Exam Proctor for taking a proctored examination without revealing any Personally Identifiable Information about yourself. The information collected during the examination process will only be used in an anonymized form for product development. The types of information collected depend on the exam settings and can include video, audio, and websites visited.

Secure Exam Proctor Technical Support: To contact technical support Personally Identifiable Information (such as name, phone number, Institution name, and campus email address), may be collected to facilitate the troubleshooting process. Disclosure of such information is considered voluntary and will not be used to create an academic record nor given or sold to third parties.

Note: Proctorio's technical support complies with FERPA and all employees are required to complete FERPA training.

Legal Basis for processing your information. If you are a user or located in the European Economic Area ("EEA"), our legal basis for collecting and using the personal information described above will depend on the personal information concerned and the specific context in which we collect it. We will normally collect personal information from you only where we have your consent to do so, where we need the personal information to perform a contract with you, or where the processing is in our legitimate business interests. In some cases, we may also have a legal obligation to collect personal information from you. If you have questions about or need further information concerning the legal basis on which we collect and use your personal information, please contact us using the contact details provided below.

Children's Online Privacy and Protection Act of 1998 (COPPA).

Except for our specific services offered to K-12 Institutions, our Services are directed towards adults who are of the legal age to access them in their respective jurisdictions and who reside in the United States. By accessing and using our Services, you represent and warrant that you are of the legal age to form a binding contract with us in your respective jurisdiction and that you meet the foregoing eligibility requirements. If you do not meet these requirements, you must not access or use the Services. If we learn we have collected or received personal information from an individual who was ineligible to access or use the Services, we will take steps to remove such information. If you believe we might have any information from or about a user who is ineligible to use the Services, please contact us at [email protected].

We are COPPA certified by the Internet Keep Safe Coalition which signifies our compliance with relevant laws and regulations. Please see our COPPA policy page and Personal Data Protections page for more information.

Proctorio does not disseminate personal information to third parties for any use. All data that enters our system has been encrypted using an unshared key stored in the learning management system (LMS) and can only be unlocked by authorized users within the LMS. Proctorio utilizes the LMS to gain information about the user's role. This restricts information from being shared with users who do not fall under the Institution's "School Official" role. The entire process is transparent to the end-user, but prevents Proctorio and unauthorized individuals from accessing student data. In compliance with section 16 C.F.R. § 312.4(c)(2) of COPPA, Proctorio will notify parents when it learns that it has collected any personal information of a child under 13 years of age.

K-12 Institutions and Children's Privacy.

As mentioned above, we are COPPA compliant. We collect limited Personal Information from administrative personnel at the K-12 Institution only as needed for the operation and management of the Services as contracted by the K-12 Institution.

Minor Users can access many parts of the Services and its content and use many of its features without providing us with Personal Information.

We only collect as much information about a Minor User as is reasonably necessary for the minor to receive the Services provided to the minor through an agreement between us and the K-12 Institution. We do not condition his or her participation on the disclosure of more personal information than is reasonably necessary.

Notice to Parents - Consent.

By inputting any Personal Information (whether your Personal Information, or Personal Information of your child), you consent to the use of that Personal Information within the Services, and you represent and warrant that you have obtained any permissions or authorizations for any Personal Information of others that you input or send through the Services.

Notice to Minors.

If you are a Minor User, do not send any personal information about yourself or other students to us, other than what is requested upon signing up for the Services. Students who have signed up with an access code provided by a school or teacher should be aware that their parent/legal guardian has access to all information within or associated with their account.

Cookies.

Like many websites, we use "cookie" technology to collect additional website usage data and to improve our Services, but we do not require cookies to use the Site. A cookie is a small data file that is transferred to your computer's hard disk. Proctorio may use both session cookies and persistent cookies to better understand how you interact with our Services, to monitor aggregate usage by our users and web traffic routing on our Services, and to improve our Services. Most Internet browsers automatically accept cookies. You can instruct your browser, by editing its options, to stop accepting cookies or to prompt you before accepting a cookie from the websites you visit.

Note: Cookies used by the Services cannot personally identify you.

Do Not Track Settings.

Some internet browsers have incorporated "Do Not Track" features. We respond to Do Not Track signals by not tracking browser and URL information collected through a tracking pixel. However, for security purposes, we do not respond to Do Not Track signals for information collected via server logs, such as user IP address and firewall events.

Aggregate Information

We may track the total number of visitors to our Site, the number of visitors to each page of our Site, browser type, and IP addresses. We may also analyze this data for trends and statistics in the aggregate, but such information will be maintained, used and disclosed in aggregate form only and will not contain Personally Identifiable Information. We may use such aggregate information to analyze trends, administer the Site, track users' movement, and gather broad demographic information for aggregate use.

Third Party Services.

Proctorio uses a variety of services hosted by third parties to help provide our Services, such as hosting our various blogs, help center, and knowledge bases, and to help us understand the use of our Services. These services may collect information sent by your browser as part of a web page request, such as cookies or your IP request.

We do not control third parties' tracking technologies. If you have any questions about these third-party technologies, you should contact the responsible provider directly.

Data Deletion and Destruction

Proctorio will store and maintain institutional data for up to 30 days after the termination of an applicable agreement, unless otherwise specified. If, however, you have entered into a SaaS Agreement with Proctorio then we will retain your data for six months by active data retention and for one year by cold storage. We may be able to retain your data for longer periods of time subject to an additional fee and agreement by you and Proctorio.

According to the Institution's preference regarding data destruction, Proctorio will either: 1) destroy the data, or 2) deliver it to the Institution.

Questions regarding data storage, recovery, and deletion should be directed to:

Proctorio
6840 E. Indian School Road
Scottsdale, Arizona 85251
Phone: +1 480 428 4076
Email: [email protected]

Disclosure.

We do not disclose your Personally Identifiable Information except in the following limited circumstances:

Law and Harm: We may disclose your information if we believe that it is reasonably necessary to comply with a law, regulation or legal request; to protect the safety of any person; to address fraud, security or technical issues; or to protect Proctorio's rights or property.

Business Transfers: If Proctorio is involved in a bankruptcy, merger, acquisition, reorganization or sale of assets, your information may be sold or transferred as part of that transaction. The promises in this Privacy Policy will apply to your information as transferred to the new entity.

Other Disclosures: We may disclose your information to fulfill the purpose for which you provide it and to enforce or apply your SaaS and other agreements with us.

Links to Third Party Sites.

The Site may provide links to other Web Sites or resources over which Proctorio does not have control ("External Web Sites"). Such links do not constitute an endorsement by Proctorio of those External Web Sites. You acknowledge that Proctorio is providing these links to you only as a convenience, and further agree that Proctorio is not responsible for the content of such External Web Sites. Your use of External Web Sites is subject to the terms of use and privacy policies located on the linked to External Web Sites.

Security.

We employ procedural and technological security measures that are reasonably designed to help protect your Personally Identifiable Information from loss, unauthorized access, disclosure, alteration or destruction, which includes encryption and other security measures to help prevent unauthorized access to your Personally Identifiable Information. The data you transmit as part of your use of the Services ("Storage Data") is in encrypted form and Proctorio does not have access to your Storage Data in its unencrypted form.

Note: Only authorized users, defined as "School Officials" in FERPA, will have the ability to decrypt any academic records stored by Proctorio.

Proctorio conducts daily security audits including penetration testing and vulnerability assessments. Client Institution or their designated representatives may review security testing results or conduct their own security audit of Proctorio’s data security and storage practices. Written requests for inspection and testing can be made to [email protected].

Correcting or Deleting Information.

Parents, legal guardians, or eligible students may review any Personally Identifiable Information in the student’s records and correct any erroneous information only by contacting the applicable Institution. Proctorio does not store unencrypted student academic records, and accordingly does not have any ability to edit, revise, or delete any student Personally Identifiable Information contained in student records.

Data Breach Notification.

Proctorio maintains an information security plan to protect the security, confidentiality, and integrity of Personally Identifiable Information of users and client institutions. As part of its information security plan, Proctorio will notify affected individuals and Institution of a data security breach without unreasonable delay and in no event later than 72 hours from discovery of the breach. Written notification will be sent by first-class mail to the address on record for the individual or Institution.

Written notification will contain:

  • A brief description of what occurred with respect to the breach, including, to the extent known, the date of the breach and the date on which the breach was discovered;
  • A description of the types of Personally Identifiable Information that were involved in the breach;
  • A description of the steps the affected individual or Institution should take to protect against potential harm from the breach;
  • A description of what Proctorio is doing to investigate and mitigate the breach and to prevent future breaches; and
  • Contact procedures for individuals to ask questions or learn additional information, which will include a toll-free telephone number, an email address, website or postal address.

If Proctorio determines individuals or Institution should be notified urgently of a breach because of possible imminent misuse of unsecured Personally Identifiable Information, Proctorio may, in addition to providing notice as outlined above, contact the individual or Institution by telephone or other means, as appropriate.

Note: Proctorio does not store any unencrypted education records.

California Privacy Rights.

Proctorio does not provide your Personal Information to any third parties for direct marketing purposes as defined in California Civil Code Section § 1798.83. Please contact us at [email protected] for any questions regarding your Personal Information. AB 1584 is a California law that defines student and educational agencies rights regarding student records. We comply with AB 1584 as described in this Privacy Statement and as applicable, any agreements with California Institution(s).

If you are a resident of California, you have other rights under the California Consumer Privacy Act (“CCPA”):

  • Right of Access: You can access your collected personal information by contacting us at [email protected].
  • Right to correct, update, or delete: You can correct, update or request deletion of your personal information by contacting us at [email protected]. We can’t make changes to or delete your information in some situations where it is necessary for us to maintain your information, for example if we need the information to comply with applicable law.
  • Right to Request Disclosure of Information Collected: Please contact us at [email protected] to request further information about the categories of personal information we have collected about you, where we collected your personal information, and for what purpose we use your personal information.
  • Right to Disclosure of Information Sold and Right to Opt-Out: You have the right to know what information of yours we have sold, and you have the right to opt-out of any sale of your information. We do not sell any of your information. If you have any questions about these rights, please contact us at [email protected].
  • Right to Non-Discrimination: We do not and will not discriminate against you if you exercise your rights under the CCPA.

When you contact us regarding any of your rights under the CCPA, we will verify your identity before we provide any information. If you have any questions or comments about your rights under the CCPA, please contact us at [email protected].

Users from Outside of the United States.

General: By using the Services you acknowledge and agree that: (i) your information will be processed as described in this Privacy Policy; and (ii) you consent to have your information transferred to us and our facilities in the United States or elsewhere, including those of third parties as described in this policy.

European Economic Area (EEA) or Switzerland: If you are based in the EEA or Switzerland, you acknowledge and agree that we may transfer your information (including personal information) to us and our facilities in the United States or elsewhere, including those of third parties as described in this policy. Please review our Terms of Service and the applicable SaaS Agreement for more information regarding any other applicable data protections.

EU-U.S. and Swiss-U.S. Privacy Shield Frameworks.

Note: Privacy Shield has been invalidated by the Court of Justice of the European Union and we are using alternative transfer mechanisms and taking supplemental measures as applicable to better ensure that the personal data of individuals in the EU is subject to adequate protections.

Note: Proctorio adheres to EU General Data Protection Regulation ("GDPR"). Refer to our GDPR page for more information.

Proctorio participates in and has certified its compliance with the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework. We are committed to subjecting all personal data received from European Union (EU) member countries and Switzerland, respectively, in reliance on each Privacy Shield Framework, to the Framework's applicable principles. To learn more about the Privacy Shield Frameworks, and to view our certification, visit the U.S. Department of Commerce's Privacy Shield website https://www.privacyshield.gov.

Under the Privacy Shield frameworks, Proctorio is responsible for processing the personal data it receives, under each Privacy Shield Framework, as well as transfers to a third party acting as an agent on its behalf. Proctorio complies with the Privacy Shield principles for all onward transfers of personal data from the EU and Switzerland, including the onward transfer liability provisions.

With respect to personal data received or transferred pursuant to the Privacy Shield frameworks, Proctorio is subject to the regulatory enforcement powers of the U.S. Federal Trade Commission (for issues pertaining to Privacy Shield). In situations where public authorities make lawful requests for information, such as to meet national security or law enforcement requirements, Proctorio may be required to disclose personal data.

If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact our U.S.-based, third-party dispute resolution provider (free of charge) at https://www.jamsadr.com/eu-us-privacy-shield.

As more fully described on the Privacy Shield website, you may be entitled to invoke binding arbitration when other dispute resolution procedures have been exhausted.

European Economic Area (EEA) or Switzerland.

If you are based in the EEA or Switzerland you have other rights as provided below:

Access: If you wish to access your personal information that we collect, you can do so at any time through the Service or by contacting us using the contact details provided below.

Correction, update or deletion: You can correct, update or request deletion of your personal information through the Service interface, or by contacting us using the contact details provided below.

Data Protection Authority: You have a right to raise questions or complaints with your local data protection authority at any time.

Right to Object: You have the right to object, on grounds relating to your particular situation, at any time to the processing of your personal data by us. If you have a right to object and you exercise this right, your personal data will no longer be processed for such purposes by us. You may exercise this right without incurring any costs.

Marketing: You have the right to opt-out of marketing communications we send you at any time. You can do this by clicking the "unsubscribe" link in the marketing e-mails we sent you or by contacting us using the contact details provided below (if using the contact details please provide your complete name, e-mail address, and any other relevant information that may be required to address your request). Please note that such marketing opt-out does not impact any transaction or operation notices that we may need to send you.

If you have any questions or comments about this Privacy Policy, please contact us at [email protected].

If you have any questions regarding data storage or recovery, please contact us at:

Proctorio
6840 E. Indian School Road
Scottsdale, Arizona 85251
Email: [email protected]