AutoProctor's Logo AutoProctor
Login

    How to Use

    AutoProctor Quiz Google Forms Microsoft Forms With Other Test Platforms
  • Features
  • API Integration
  • Pricing
  • Customers
  • FAQs
  • Help
Privacy Policy Terms of Service Trust Center Contact Privacy Officer

Privacy Policy

Socratease, Inc., doing business as AutoProctor

Last Updated: May 19, 2026 (v3.0)

On this page

  • Introduction
  • Our Role
  • Information We Collect
  • How We Collect Information
  • How We Use Your Information
  • Cookie Policy
  • Security & Protection
  • Data Storage & Location
  • Data Retention
  • Disclosure of Information
  • Automated Decision-Making
  • European Users (GDPR)
  • Canadian Users (PIPEDA)
  • California Users (CCPA)
  • US Education Laws
  • Email Communications
  • Third-Party Providers
  • Modifications
  • Contact Us
  • FAQs
Table of Contents
  • Introduction
  • Our Role
  • Information We Collect
  • How We Collect Information
  • How We Use Your Information
  • Cookie Policy
  • Security & Protection
  • Data Storage & Location
  • Data Retention
  • Disclosure of Information
  • Automated Decision-Making
  • European Users (GDPR)
  • Canadian Users (PIPEDA)
  • California Users (CCPA)
  • US Education Laws
  • Email Communications
  • Third-Party Providers
  • Modifications
  • Contact Us
  • FAQs

1. Introduction

Socratease, Inc., doing business as AutoProctor ("AutoProctor," "we," "us," or "our") respects the privacy of its users ("User," "your," or "you"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our product AutoProctor (the "Platform") through our website at www.autoproctor.co (the "Website") or AutoProctor's mobile application (the "App").

AutoProctor is SOC 2 Type 2 certified and GDPR compliant.

Visit our Trust Center for details on our security practices and compliance certifications.

WE DO NOT SELL YOUR PERSONAL INFORMATION, NOR DO WE INTEND TO DO SO. Candidate data is used exclusively for providing the proctoring service. It is never used for AI training, marketing, advertising, or product improvement.

Important: AutoProctor is a data processor, not a data controller, for exam and proctoring data.

The examiner or testing institution that creates the test is the data controller. They configure what data is collected and are responsible for obtaining consent from candidates. If you are a candidate and wish to request access to, correction of, or deletion of your exam data, please contact the examiner who administered your test. See Our Role for details.

Who this policy covers

AutoProctor is used by three types of users:

  • Examiners create and administer tests on the AutoProctor platform.
  • Candidates take proctored tests created by examiners.
  • SDK/API customers integrate AutoProctor's proctoring into their own platforms. SDK integrations collect less data than the standard platform: there is no candidate login or email requirement, and authentication is handled via secure tokens (HMAC). The data collection and retention sections of this policy still apply, but SDK customers should refer to their integration agreement for specifics.

This policy applies to all three. Where a section applies differently, it is noted.

Where candidates are under the age of majority in their jurisdiction, it is the responsibility of the examiner or testing institution to ensure compliance with applicable age-related laws and regulations, including obtaining any required parental or guardian consent before allowing such candidates to use AutoProctor.

The capitalized terms have the same meaning as ascribed in our Terms of Service as applicable, unless otherwise noted here.

Please read this Privacy Policy carefully. By accessing or using our Website, App, and Platform, you agree to accept the terms contained in this Privacy Policy. If you do not agree, please do not access or use our Website, App, or Platform.

If you have any questions, please contact us at .

2. Our Role as Data Processor and Controller

AutoProctor serves two roles depending on the type of data:

  • Data Processor for exam and proctoring data. The examiner (our customer) is the data controller. They configure what data is collected, obtain consent from candidates, and own the data subject relationship. AutoProctor processes and stores this data on the examiner's behalf, per their instructions.
  • Data Controller for first-party data, including examiner account information, billing details, and website analytics.

3. What Information Do We Collect?

At registration: We collect your name and email address. We use Google and Microsoft SSO or email one-time code authentication; there is no password stored by AutoProctor. SDK/API customers may not require any candidate registration at all.

During a proctored exam session, AutoProctor uses the following data feeds (if enabled by the examiner): webcam, microphone, screen share, and auxiliary device (phone camera). From these feeds, AutoProctor captures:

  • Screenshots (the primary form of evidence)
  • Photos
  • Audio recordings
  • Videos (if full session recording is enabled by the examiner)

Candidates are shown exactly which monitoring features are enabled before the test begins.

Technical metadata: We collect your IP address, browser type, and operating system version (user agent). We do not collect GPS coordinates.

Financial information: We do not collect or store credit card or bank information. Payments are handled by Stripe, a third-party payment processor.

4. How Do We Collect Information?

We collect personal information in the following ways:

  1. At registration on our Website, App, or Platform
  2. In email, text, and other electronic messages between you and our Platform
  3. From transactions you carry out on our Platform
  4. From forms filled out by you
  5. Through our integrated SDK on third-party websites
  6. From correspondence records if you contact us
  7. Through browser-based monitoring during proctored exams (screenshots, photos, audio recordings, and video if enabled)

We also collect information automatically when you navigate our Platform:

  1. Usage details
  2. IP addresses
  3. Information obtained through browser cookies
  4. Other tracking technologies

5. How Do We Use Your Information?

For Examiners (account holders):

  • Account management and authentication
  • Billing and subscription management
  • Service notifications (expiration, renewal)
  • Marketing communications (with opt-out available)
  • Platform improvement and customer support

For Candidates (test-takers):

  • Proctoring service delivery (monitoring and evidence collection)
  • Trust Score calculation
  • Presenting evidence to the examiner
  • Transactional communications only (test links, results)

Candidate data is never used for marketing, advertising, AI training, or product improvement.

6. Cookie Policy

Cookies are small pieces of text used to store information on web browsers. We use cookies on our Website and App to compile aggregate data about site traffic and interactions, and to allow trusted third-party services that track this information on our behalf.

We use CookieYes, a consent management platform, to manage your cookie preferences. You can set your browser to refuse all or some browser cookies, but this may affect your user experience.

We may include or offer third-party products or services on our Platform. These third-party sites have separate and independent privacy policies. We have no responsibility or liability for the content and activities of linked sites. Contact us at with any feedback.

7. Security and Data Protection

We take the security of your data seriously. Our measures include:

  • Regular security scans and penetration testing
  • SOC 2 Type 2 audit cycle, conducted annually
  • SSL/TLS encryption for all data in transit
  • Encrypted storage for data at rest
  • Role-based access controls for employees
  • Third-party payment processing (we never store payment card data)

All information you provide is stored on secure servers behind firewalls. The safety and security of your information also depends on you. Please keep your login credentials confidential and do not share access to your account with anyone.

Breach Notification: In the event of a personal data breach, we will notify affected users within seventy-two (72) hours via email and/or our Platform notification system. We will also notify relevant data protection authorities as required by applicable law (including GDPR, PIPEDA, and other applicable regulations).

8. Data Storage and Location

All data is stored in the United States on Amazon Web Services (AWS) infrastructure. All storage and processing infrastructure is located in the US.

When you take a proctored exam, evidence data (screenshots, photos, audio recordings, and videos if enabled) is stored securely in the cloud. The evidence collection window and data stored during your session are determined by the monitoring features your examiner has enabled. You can see exactly what is being collected before you begin the test.

9. Data Retention

We categorize the data we collect and apply different retention periods:

Data Type Retention Period
Evidence data (screenshots, photos, audio, video): AutoProctor platform Maximum 3 months
Evidence data (screenshots, photos, audio, video): SDK / API customers Maximum 6 months
Session metadata (event logs, Trust Scores, timestamps) Retained indefinitely (contains no PII)
Account data (email, name, test records) Retained while the account is active

Session metadata consists of event types and timestamps (e.g., "tab switch at 12:24 PM") and does not contain personally identifiable information. Evidence data (the screenshots, photos, audio recordings, and video files) is the only category subject to automatic deletion.

10. Disclosure of Personal Information

We may share your Personal Information in the following circumstances:

To Examiners: We disclose exam session information to the examiner (data controller) who created the test. This includes trust scores, screenshots, photos, audio recordings, candidate email, IP address, and browser/OS information. The examiner configures what monitoring features are enabled, and candidates see this on the consent screen before the test.

To Sub-processors: We share data with service providers who assist us in operating our Platform, as listed in the Third-Party Service Providers section. These parties are required to protect your information.

Legal Requirements: We will disclose personal information (i) to comply with court orders, laws, or legal processes, (ii) to enforce our Terms of Service, (iii) to protect the rights, property, or safety of AutoProctor, our customers, or others, and (iv) for fraud protection and credit risk reduction.

We do not sell, trade, rent, or otherwise transfer personal information to others. We do not provide non-personally identifiable visitor information for marketing purposes.

Tracking and Advertising: You can set your browser to refuse some or all browser cookies, but if you disable or refuse cookies, some parts of our Website may not be accessible or function properly.

11. Automated Decision-Making and AI

AutoProctor uses automated processing to generate a Trust Score based on behavioral signals observed during a proctored exam, including face presence, tab switching, and screen activity.

  • The Trust Score is advisory only. The examiner reviews the evidence and makes the final determination on exam integrity.
  • By default, AutoProctor does not perform biometric identification or facial recognition. Our system uses behavioral anomaly detection to flag potential irregularities.
  • If the examiner enables the ID card verification feature, AutoProctor will compare the candidate's face on camera with the photo on their uploaded ID card. This is a one-time comparison performed at the start of the session and is used solely to verify the candidate's identity. The ID card image is stored as part of the session evidence and subject to the same retention and deletion schedule.
  • No decisions with legal or similarly significant effects are made solely by automated means.

12. For Our European Customers and Visitors

This section supplements the information above and applies to users who are residents of or visitors from the European Economic Area (EEA), the United Kingdom, or Switzerland.

Data Location and Transfers: We are headquartered in the United States. All data is stored and processed on US-based infrastructure. By using our Platform, you consent to the transfer of your Personal Information to the US for processing.

Transfer Mechanism: We rely on the EU Standard Contractual Clauses (Commission Implementing Decision (EU) 2021/914) for the transfer of Personal Data from the EEA to the United States. If there is any conflict between this Privacy Policy and your rights under the Standard Contractual Clauses, the Standard Contractual Clauses will govern. Full terms are available in our Data Processing Agreement (DPA), which is available upon request at .

Our EU GDPR Representative:

Rickert Rechtsanwaltsgesellschaft mbH
— Socratease —
Colmantstraße 15
53115 Bonn, Germany

Your Rights: If you are a resident of or visitor to Europe, you have the following rights with respect to your Personal Information:

  • Access: Request information about and a copy of the Personal Information we hold about you.
  • Rectification: Request correction of inaccurate or incomplete Personal Information.
  • Objection: Object to the collection or use of your Personal Information for certain purposes.
  • Erasure: Request that we erase some or all of your Personal Information. For exam data, we may need to verify with the examiner (data controller) before processing your request.
  • Restriction of Processing: Request that we restrict further processing of your Personal Information.
  • Portability: Request a copy of your Personal Information in a machine-readable format, or request transfer to another entity where technically feasible.
  • Withdrawal of Consent: Withdraw your consent at any time. This may limit your ability to use some or all of our Services.
  • Right to File Complaint: Lodge a complaint with the supervisory authority of your country or EU Member State. Visit the EDPB website to locate your Data Protection Authority.

To exercise any of these rights, contact us at or write to us at Socratease, Inc., 16192 Coastal Highway, Lewes, Delaware 19958, United States. We will respond within thirty (30) days.

13. For Our Canadian Users

This section supplements the information above and applies to users who reside in Canada. We comply with the Personal Information Protection and Electronic Documents Act ("PIPEDA") and any terms defined in PIPEDA have the same meaning when used here.

  • Definition of Personal Information: Any information about an identifiable individual, including business contact information (name, position, title, address, professional phone number, etc.).
  • Right to Access: You can request access to your personal information. We will explain how we have used it, provide a list of parties with whom it has been shared, and provide a copy in an accessible format.
  • Right to be Forgotten: Your information will be kept for as long as required for the purposes of our Platform. Unless we otherwise give you notice, we will retain your information until you or we terminate your account.
  • Data Breach Notification: We will notify you as soon as feasible regarding any breach that creates a "real risk of significant harm." We keep a record of every data breach and, on request, provide the Office of the Privacy Commissioner with access to the record.
  • Canadian Privacy Officer: Jayanth Neelakanta at .
  • Contact: Email or write to Jayanth Neelakanta, 16192 Coastal Highway, Lewes, Delaware 19958, United States. We will respond within thirty (30) calendar days.

14. Your California Privacy Rights

This section applies to California residents under the California Consumer Privacy Act ("CCPA") and the California Privacy Rights Act ("CPRA").

AutoProctor does not sell your personal information. We do not sell, trade, or otherwise transfer personal information to third parties for monetary or other valuable consideration.

As a California resident, you have the following rights:

  • Right to Know: You may request that we disclose the categories and specific pieces of personal information we have collected about you, the categories of sources, the business purpose for collecting it, and the categories of third parties with whom we share it.
  • Right to Delete: You may request that we delete your personal information, subject to certain exceptions.
  • Right to Opt-Out of Sale: We do not sell personal information. No opt-out is necessary.
  • Right to Non-Discrimination: We will not discriminate against you for exercising any of your CCPA rights.

To exercise these rights, email or write to Socratease, Inc., 16192 Coastal Highway, Lewes, Delaware 19958, United States.

15. US Education Privacy Laws

SOPIPA (Student Online Personal Information Protection Act): Under SOPIPA, we do not use any personally identifiable information of candidates under 18 collected while using our Platform to send them marketing or targeted advertising. All collected PII is used only to provide, maintain, and support the Platform.

FERPA (Family Educational Rights and Privacy Act): We handle all student data in compliance with FERPA regulations. Educational records such as course names, assessment grades, and proctored exam recordings are given heightened protection. To make a request to inspect, review, or amend an education record, email .

PPRA (Protection of Pupil Rights Act): AutoProctor does not administer or conduct surveys or evaluations that elicit information on any of the eight protected categories of the PPRA.

COPPA (Children's Online Privacy Protection Act): COPPA applies to the collection of personal information from children under 13. We are committed to COPPA compliance. We only collect as much information about a child as is reasonably necessary for participation in an activity, and we do not condition participation on the disclosure of more information than is reasonably necessary. Contact for more details.

16. Email Communications

Marketing and promotional emails are sent only to examiners (account holders), never to candidates. Candidates receive only transactional communications related to their tests.

All marketing emails include an unsubscribe option. If you wish to opt out, follow the instructions at the bottom of any email or contact us at .

17. Third-Party Service Providers

AutoProctor uses the following third-party service providers:

Provider Contact
Amazon Web Services Inc. aws.amazon.com/contact-us
410 Terry Avenue North, Seattle, WA 98109, US
Stripe, Inc. info@stripe.com
510 Townsend St, San Francisco, CA 94103, US
Google about.google/contact-google
1600 Amphitheatre Parkway, Mountain View, CA 94043, US
CookieYes cookieyes.com
CookieYes Limited, UK
Sentry sentry.io
Functional Software, Inc., San Francisco, CA, US
Sprinto sprinto.com
Sprinto, Bengaluru, India

If you have any questions about our third-party service providers, email .

18. Modifications to This Privacy Policy

AutoProctor reserves the right to change or modify this Privacy Policy at any time. Modifications shall be binding upon your acceptance of the modified Privacy Policy. We will inform you about modifications via email, on our Website, App, or Platform, or by comparable means within a reasonable time period. Your continued use of our Website, App, or Platform shall constitute your consent to such changes.

19. Contact Us

To ask questions or comment about this Privacy Policy and our privacy practices, please contact our Privacy Officer:

Jayanth Neelakanta

Email:

Socratease, Inc.
16192 Coastal Highway,
Lewes, Delaware 19958, United States

By using our Website, App, or Platform, you agree to the practices described in this Privacy Policy and the terms set forth in our Terms of Service. If you do not agree, please do not use our Website, App, or Platform.

Common Questions About Data & Privacy

Because AutoProctor is a proctoring service, we understand that users and organizations have heightened concerns about how data is collected, stored, and protected. Below are answers to the most common questions we receive.

What data does AutoProctor collect during a proctored exam?

AutoProctor captures screenshots, photos, audio recordings, and (if enabled) videos from the webcam, microphone, screen share, and auxiliary device feeds. The examiner configures which monitoring features are active for each test, and the candidate sees exactly what is being monitored before the test begins.

Where is my data stored?

All data is stored in the United States on Amazon Web Services (AWS) infrastructure.

How long is exam data retained?

Evidence files (screenshots, photos, audio recordings, and videos if enabled) are retained for a maximum of 3 months for AutoProctor platform users, or 6 months for SDK/API customers. Session metadata (event logs, Trust Scores) is retained indefinitely as it contains no personally identifiable information. Account data is retained while the account is active.

Is candidate data used for AI training, product improvement, or marketing?

No. Candidate data is used exclusively for providing the proctoring service. It is never used for AI model training, product analytics, marketing, advertising, or any purpose other than delivering the service to the examiner.

Does AutoProctor perform biometric analysis or facial recognition?

By default, no. AutoProctor uses behavioral anomaly detection. It monitors for the presence of a face, tab switching, screen activity, and similar behavioral signals. However, if the examiner enables the ID card verification feature, AutoProctor performs a one-time facial comparison between the candidate's live camera image and their uploaded ID card photo to verify identity. This is configured by the examiner and disclosed to the candidate before the test begins.

What is the Trust Score and is it an automated decision?

The Trust Score is an advisory metric generated from behavioral signals during a proctored session. It is not a binding or final decision. The examiner reviews the evidence and the Trust Score, and makes the final determination on exam integrity. No decisions with legal or significant effects are made solely by automated means.

Who can access candidate exam data?

The examiner who created the test can access all evidence, trust scores, and metadata for their candidates. AutoProctor support staff may access data for troubleshooting when requested. Data is never shared with other examiners or third parties.

Can I request deletion of my data?

Yes. Contact . For exam data, we may need to verify with the examiner (data controller) before processing the request, as they may need the data for assessment verification.

Does AutoProctor have a Data Processing Agreement (DPA)?

Yes. Our DPA, which includes Standard Contractual Clauses, is available upon request at .

What compliance certifications does AutoProctor hold?

AutoProctor is SOC 2 Type 2 certified and GDPR compliant. For full details on our security posture and compliance certifications, visit our Trust Center.

How does AutoProctor handle international data transfers?

All data is stored in the United States. For EU users, we rely on the 2021 Standard Contractual Clauses (Commission Implementing Decision (EU) 2021/914) as our legal basis for data transfers. Our EU GDPR representative is Rickert Rechtsanwaltsgesellschaft mbH in Bonn, Germany.

What happens to data after I cancel my subscription?

Evidence files (screenshots, photos, audio, video) are deleted according to the retention schedule (3 months for platform, 6 months for SDK). Account records and session metadata are retained. Contact to request full account deletion.

What are my rights as a European user?

Under GDPR, you have the right to access, rectification, erasure, portability, restriction of processing, objection, and withdrawal of consent. Contact or our EU representative at . Our DPA is available on request. We respond within 30 days. See Section 12 for full details.

​

Ok
AutoProctor Logo AutoProctor
hello@autoproctor.co
Blog Helpdesk FAQs Conduct Exam
SOC 2 Type 2 GDPR Compliant Trust Center

Use AutoProctor

  • Educational Exams
  • Olympiads
  • Internal Assessments
  • Hiring
  • On Your Site
  • Resources
  • With Google Forms

Proctoring Features

  • Session Recording
  • Tab Switch
  • Face and Audio
  • Enhanced Proctoring
  • See All Features

Compare Proctoring

  • AutoProctor vs Honorlock
  • AutoProctor vs ProctorU
  • AutoProctor vs Proctorio
  • AutoProctor vs Proctor360
  • AutoProctor vs Quilgo
  • AutoProctor vs ProctorEdu
  • AutoProctor vs Respondus
  • Best Proctoring Tools

Compare Quizzing

  • AutoProctor vs Google Forms
  • AutoProctor vs Classmarker
  • AutoProctor vs Quizizz
  • AutoProctor vs ProProfs
  • AutoProctor vs Quizalize
  • AutoProctor vs Socrative
  • AutoProctor vs FlexiQuiz
  • Best Quizzing Tools

© Socratease, Inc. All rights reserved.

Privacy Policy Terms of Service