1. Introduction
ProctorSafe ("we," "us," or "our") provides a browser-based proctoring solution designed with a "Privacy by Design" philosophy. Our mission is to provide assessment integrity without compromising the personal data of the test-taker.
2. Role of ProctorSafe
Data Processor
ProctorSafe acts as a Data Processor. We process data only on behalf of the organization or institution providing your test (the "Test Provider").
Data Controller
The Test Provider (University, Testing solution or employer) is the Data Controller. They are responsible for obtaining your consent and defining the legal basis for proctoring.
3. Data Minimization & Local Processing
To ensure maximum privacy, ProctorSafe utilizes Client-Side Processing.
No Video/Audio Uploads
Analysis of your webcam, microphone, and screen occurs entirely within your browser's local memory. We never record, stream, or store your video or audio on our servers.
Anonymous Sessions
We do not collect names, email addresses, or government IDs. We identify sessions only via an anonymous UUID (Unique Universal Identifier) provided by the Test Provider.
4. What We Collect
The only information transmitted to our servers are "Events." An event is a simple text-based log of a specific occurrence during a session.
Event Data
Metadata such as "Tab Switched," "Face Not Detected," or "Multiple Faces Detected," including a timestamp. These anonymous event series may be processed by AI analysis services to generate session insights, but no personally identifiable information, video, or audio data is ever included.
Technical Data
Browser type, operating system, and connection logs to ensure the SDK functions correctly and to prevent service abuse.
Local Storage
The SDK uses your browser's local storage to enable "Offline Sync," ensuring that if your internet drops, event logs are temporarily saved locally and synced once you are back online.
5. Infrastructure & Data Residency
All server-side data is hosted and processed on AWS (Amazon Web Services). To ensure compliance with EU data protection laws, all data is stored on servers located in Paris, France (eu-west-3 region).
6. Data Retention
We retain event logs for a period of 12 months, unless a shorter period is requested by the Test Provider. After this period, data is permanently deleted from our systems in accordance with our data retention policy.
7. Sub-processors
We keep our vendor list minimal to reduce data exposure. Our sub-processors are:
Amazon Web Services (AWS): Infrastructure and cloud hosting (Location: Germany). All proctoring session data is stored on AWS servers in Paris, France (eu-west-3 region).
Mistral AI: AI-powered session analysis service (Location: France/Europe). Only anonymous event series (compressed text-based timelines) are sent to Mistral AI for analysis. No personally identifiable information, video, audio, or any data that could identify you is included. These are purely anonymous behavioral event sequences.
GoatCounter: Privacy-friendly website analytics (Location: EU). Used only for our public website (proctorsafe.eu) to track page views. This service does not process any proctoring session data and is not used during exam sessions.
8. Your Rights
Under the GDPR, you have the right to access, rectify, or delete your data.
Note: Because we only store anonymous UUIDs, we cannot identify you by name. To exercise your rights, you must contact your Test Provider with your session details, or provide us with your specific UUID so we can locate the relevant logs.
9. Contact Us
For questions regarding this policy or our data practices, please contact:
ProctorSafe Privacy Team
[email protected]