Ensuring trust in the exams that we proctor has always been our top priority. We understand the privacy questions and concerns that come with the use of data for online proctoring and exam monitoring, and we know how important it is to be clear about what we do with your data, and, more importantly, what we don’t do.
What We Do:
- We use your name, email, photo ID, digital signature, and challenge questions to validate your identity before taking an exam.
- We use your name and email to make sure our support team provides effective support.
- We use your name and email to confirm that you are registered to take an exam as well as send you reminders about it.
- We use your timezone to show you the right exam schedule.
What We Don’t Do:
- We do not sell, share, or market your data to third-parties.
- We do not analyze your data to infer more information about you.
- We do not store your data past the length of our contract with your institution/organization.
- We do not use your information to sell or market to you.
Online proctoring requires authentication of the test-taker and a comprehensive review of the test environment. Authentication is typically confirmed by the presentation of an ID and limited personal information, such as challenge questions and a digital signature. The review of the test environment is typically accomplished by monitoring a test-taker’s desktop, microphone, and webcam.
We know that providing such sensitive information, even temporarily, demands a type of trust that must be earned. That’s why, along with being compliant with all industry standards, Examity meets all privacy requirements, so that we can provide you with the highest level of trust when working with us. That includes using SSAE-16 certified data centers, role-based authorization, PCI compliance, and more to keep your information safe.
Examity complies with international privacy regulations and laws, including those listed below. That means that you can feel secure that our privacy and security practices meet the highest standards for online proctoring.
FERPA: Family Educational Rights and Privacy Act of 1974
FIPPA: Freedom of Information and Protection of Privacy Act
GDPR: The General Data Protection Regulation
COPPA: The Children’s Online Privacy Protection Act
HIPAA: The Health Insurance Portability and Accountability Act
Examity is also the first and only LTI 1.3 certified online proctoring provider, enabling us to provide a safer, more streamlined testing experience for hundreds of education institutions, employers, and certification providers around the world.
We are proud to announce that we have received SOC 2 Type II certification for Security, Availability, Processing Integrity, Confidentiality, and Privacy. This certification affirms Examity’s dedication to ensuring security and privacy for our partners and customers.
Frequently Asked Questions
Q: What data does Examity collect for proctoring?
Typically, and whenever possible, only essential, limited test-taker data and test data are collected to proctor your test. This may include:
- Data to authenticate you as the test-taker for an exam (such as your name, ID, digital signature, and responses to challenge questions)
- Data to process your payment for a proctoring session (such as a credit card or debit card number)
Q: Where is my data stored?
Q: Does Examity meet common regulations that apply to data processing?
Yes. We are fully compliant with regulations that govern the storage and transmission of your data, including but not limited to FERPA, FIPPA, GDPR, and HIPAA.
Q: What additional steps are taken by Examity beyond following government regulations?
Along with being fully compliant with all government regulations, Examity maintains industry-leading security through the use of SSAE-16 certified data centers, role-based authorization, and PCI compliance for secure transactions.
Q: How can I be sure my data is safe?
In addition to meeting the above privacy regulations and storing data in accordance with the highest standards, Examity has database-wide encryption used for data security both at transmission and at rest.
Q: Will the proctor be able to access my computer?
For instances where our proctors need to access your computer screen, such as to troubleshoot technical issues, they will always request permission first and will only gain access to the mouse and keyboard. If you grant access, you will always have the ability to revoke privileges. In addition, any access granted will be automatically disabled at the end of the proctoring session. For some exams, a proctor will request access in order to enter a password for the test. This helps keep the password and exam secure, protecting the integrity of test content. Once the password is entered, complete control is returned to the test-taker.
Q: Why am I being asked to download a browser extension?
Q: Are you LTI 1.3 certified, and what does that mean in regards to the level of security that Examity provides?
Examity became LTI 1.3 certified in September of 2019. This certification is the gold standard in education technology. 1EdTech’s LTI Advantage enables a more secure exchange of student data between education tools and systems and is designed to enhance data privacy for higher education institutions, states, and technology developers. We are the first and only online proctoring provider to be certified at the new standards. This means that we provide the most secure LMS integration on the market.
Q: Will you need to collect any of my financial data?
On occasion, an assessment provider may require a test-taker to directly pay for a proctoring session. When that happens, Examity must collect information about the payment method. While that may be very infrequent, privacy law regards Examity as the “data controller” for this type of data and requires us to explain this in our privacy notice and policy. Examity doesn’t directly process or store this information, but passes it securely on to an industry-leading payment processing service.
Q: What happens to my exam video after my testing session concludes?
Typically, exam data is available to program administrators for 60 days and then destroyed. If a red flag is raised, the exam data is available for 1 year. Please note, some programs have unique data retention policies that are longer or shorter than this standard.
If you have additional questions related to your exam’s retention policy, we recommend you follow-up with your program administrator to confirm the retention timeframe for your exam.