Privacy policy

Scope

This policy covers ProctorOps's collection, processing, and retention of personal data in the course of providing online exam proctoring services to institutions of higher education and training providers. Institutions remain the data controllers for student data; ProctorOps acts as a data processor under our partner agreements.

What we collect

• Identity: name, email, institution-issued user ID.
• Identity verification: a photograph of a government-issued ID and a selfie, captured at the start of an exam session.
• Session recordings: webcam, screen, and (optionally) audio for the duration of the exam.
• Proctoring events: browser focus changes, fullscreen state, AI detection flags, and other integrity signals.
• Operational telemetry: IP address (hashed at rest), user agent, timestamps for audit logging.

Retention

Recordings and ID assets are retained for 90 days by default and deleted thereafter unless an institution configures a longer retention period for compliance reasons. Proctoring events and audit logs are retained for 13 months.

Data residency

All data is stored in US-based infrastructure (US East region). ProctorOps does not transfer student data outside the United States.

Subprocessors

ProctorOps uses a small set of infrastructure subprocessors: Neon (Postgres), Upstash (Redis and message queue), Cloudflare (object storage and CDN), Calimatic Identity (authentication), and Stripe (billing). All subprocessors are bound by data processing agreements consistent with this policy.

Contact

Data protection inquiries: privacy@proctorops.com.