MonitorEDU PRIVACY POLICY

Effective Date: November 25, 2025

Last Updated: November 25, 2025

Welcome to MonitorEDU! We are an online proctoring company dedicated to ensuring the integrity and fairness of remote examinations. Our services help educational institutions, certification bodies, and other organizations maintain the credibility of their online assessments by providing secure, reliable proctoring.

At MonitorEDU, we understand the critical importance of privacy and are deeply committed to protecting the personal information of all individuals who interact with our services. This Privacy Policy outlines our practices regarding the collection, use, storage, and disclosure of your personal data. It's important to note that information collected during your proctored exam is used solely for proctoring purposes and is never used for marketing. However, for individuals who are not taking a proctored exam (non-testers) but engage with our website or services, we may collect information for marketing and engagement purposes, as detailed below.

This policy is meticulously crafted to comply with the EU-U.S. Data Privacy Framework (DPF) and its UK Extension, ensuring robust protection for data transferred from these regions. Furthermore, it addresses key requirements under various U.S. federal and state laws, including but not limited to the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA), the Virginia Consumer Data Protection Act (VCDPA), the Colorado Privacy Act (CPA), the Connecticut Data Privacy Act (CTDPA), the Utah Consumer Privacy Act (UCPA), and the Children's Online Privacy Protection Act (COPPA).

By accessing or using any part of MonitorEDU's services, you signify your understanding and agreement to the data practices described in this Privacy Policy. We encourage you to read it carefully.

MonitorEDU proudly complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF) and the UK Extension to the EU-U.S. DPF, as established by the U.S. Department of Commerce. We have officially certified to the U.S. Department of Commerce that we adhere to the DPF Principles concerning the processing of personal data received from the European Union and the United Kingdom.

Should there be any discrepancy or conflict between the terms presented in this Privacy Policy and the DPF Principles, the DPF Principles shall take precedence. To learn more about the DPF program, and to view our official certification, please visit the U.S. Department of Commerce's Data Privacy Framework website: https://www.dataprivacyframework.gov.

Our primary goal in collecting personal information is to provide a secure and reliable proctoring service while collecting only the data essential for identity confirmation and exam integrity. For non-testers, we collect information to communicate about our services and updates.

We collect various types of personal information, which can be broadly categorized as follows:

This category includes data you voluntarily furnish when you register for an exam, interact with our support, make a payment, or subscribe to our marketing communications:

• Contact and Identification Information (for Testers):
  • Full Name: Used for identity verification and to link you to your exam registration.
  • Email Address: Primarily for sending important exam-related communications, confirmations, and support.
  • Phone Number: For direct communication, particularly during live proctoring sessions or for urgent support.
  • State of Residence: Occasionally collected to comply with specific regional or institutional requirements.
• Identity Verification Documents (for Testers):
  • Images of Photo ID: You will be asked to provide images of a government-issued photo identification (e.g., driver's license, passport, national ID card) to verify your identity before an exam. This is a critical step to ensure that the individual taking the exam is the authorized test-taker.
• Marketing Information (for Non-Testers):
  • Email Address: When you subscribe to our newsletters or request marketing materials.
  • Name: If provided, to personalize communications.
  • Preferences: Information about your interests in our services or content, if you provide it.
  • Inquiry Details: Information you provide when contacting us with questions about our services that are not related to an ongoing proctoring session.
• Payment Information:
  • When you make a payment for our proctoring services, financial transaction details (e.g., credit card number, billing address) are collected and processed directly by our secure third-party payment processor, Square. MonitorEDU does not store your full payment card details on its servers. We only receive confirmation of payment from Square.
• Communications and Support Data:
  • Live Chat Transcripts: Records of your interactions with our support team via live chat.
  • Verbal Communications: Content of discussions during Google Meet video calls with proctors.

When you use our services or visit our website, certain technical and usage information is automatically gathered:

• Technical Information:
  • IP Address: Collected by our live chat provider, Google Meet, and website analytics for connection purposes, security, and to infer approximate geographic location.
  • Device Information: Type of device, operating system, browser type, and version used to access our services.
  • Usage Data: Information about how you interact with our platform (for testers) or website (for non-testers), such as access times, pages viewed, and features used.
• Geolocation Data:
  • Our live chat system may collect approximate geolocation data (e.g., city, state, country) inferred from your IP address. This is used for security monitoring, fraud prevention, and to ensure compliance with specific proctoring requirements. We do not collect precise GPS-based geolocation data.
• Exam Session Data (Proctoring Recordings - for Testers Only):
  • Audio and Video Recordings: During a proctored exam session, our system records your webcam video feed (showing your face and surrounding environment as required), a secondary video feed where applicable, and audio.
  • Screen Recordings: We also record your computer screen to monitor for prohibited applications, websites, or activities during the exam.
  • These recordings are exclusively used for proctoring purposes to detect and prevent cheating or other policy violations, and they are conducted with your explicit consent prior to beginning the exam. This data is strictly for proctoring and is never used for marketing.

We process your personal information based on specific legal grounds and for clearly defined purposes:

• Performance of a Contract (Providing Proctoring Services):
  • To provide you with access to our online proctoring services.
  • To verify your identity using your name, contact information, and photo ID, ensuring the registered individual is the person taking the exam.
  • To facilitate live communication and support through our chat system and Google Meet video calls.
  • To process your payments for services rendered via Squareup.
• Legitimate Interests (Ensuring Exam Integrity, Security, and Business Operations):
  • Proctoring: The core purpose of collecting audio, video, and screen recordings is to monitor exam sessions for academic integrity, detect potential cheating, and enforce exam rules. This serves our legitimate interest, and that of the exam provider, in maintaining fair and credible assessments.
  • Security and Fraud Prevention: IP addresses, approximate geolocation data, and device information are used to identify suspicious activity, prevent unauthorized access to accounts, and combat fraud.
  • Service Improvement: Analyzing anonymized or aggregated data helps us understand service usage patterns to improve the functionality, performance, and user experience of our proctoring platform and website.
  • Marketing and Engagement (for Non-Testers): If you are a non-tester, we may use your contact information and website usage data to send you marketing communications, newsletters, and updates about MonitorEDU's services and relevant content, based on our legitimate interest in promoting our business. You will always have the option to opt-out of these communications. Please remember, proctoring data is never used for marketing.
• With Your Explicit Consent:
  • For the collection of sensitive data such as biometric data derived from your photo ID (for identity verification) and the recording of your audio, video, and screen during a proctored exam session. Your consent is explicitly obtained before these processes begin. You have the right to withdraw this consent, which may, however, prevent you from taking the proctored exam.
  • For sending certain types of marketing communications where explicit consent is required by law (e.g., email marketing in some jurisdictions).
• Compliance with Legal Obligations:
  • To respond to lawful requests from public authorities, including law enforcement or courts, to meet national security or legal requirements.
  • To comply with applicable laws, regulations, and industry standards related to data privacy and security.

We are committed to minimizing data sharing. Your personal information is disclosed only to the following categories of recipients and for the purposes described:

• Exam Administrators and Institutions:
  • We share exam session data (recordings) and identity verification information (e.g., confirmed identity from ID check) with the educational institution, certification body, or other entity that commissioned the proctored exam. This sharing is necessary to fulfill our contractual obligations with them and to provide them with the evidence required for academic integrity purposes.
• Third-Party Service Providers:
  • We engage trusted third-party service providers who perform functions on our behalf. These include:
    • Payment Processor (Squareup): Handles all payment transactions securely. MonitorEDU does not store your full payment card details.
    • Live Chat Platform Provider: Facilitates real-time communication with our support team and may collect IP and approximate geolocation data.
    • Video Conferencing Provider (Google Meet): Used for live video proctoring and may process video and audio streams.
    • Cloud Hosting and Data Storage Providers: Securely store the data we collect.
    • Marketing Service Providers: For non-tester data, we may share information with marketing automation platforms and analytics providers to manage and optimize our marketing communications.
  • These service providers are contractually bound to protect your personal information with measures at least as stringent as those outlined in this Privacy Policy. They are strictly prohibited from using your personal information for any purpose other than providing services to MonitorEDU.
• Law Enforcement and Legal Requests:
  • We may disclose your personal information if required to do so by law, court order, or governmental regulation, or in the good faith belief that such action is necessary to (a) conform to legal requirements or comply with legal process served on us; (b) protect and defend the rights or property of MonitorEDU; (c) protect the personal safety of users of our services or the public; or (d) prevent fraud or other illegal activities.
• Business Transfers:
  • In the event of a merger, acquisition, reorganization, bankruptcy, or sale of all or a portion of our assets, your personal information may be transferred to the acquiring entity. We will notify you via email and/or a prominent notice on our website of any such change in ownership or control of your personal information.

                                          We do not sell your personal information.

MonitorEDU operates globally. Your personal information may be stored and processed in the United States or any other country where MonitorEDU or its service providers maintain facilities.

For personal data transferred from the European Union (EU) and the United Kingdom (UK), MonitorEDU adheres to the EU-U.S. Data Privacy Framework (EU-U.S. DPF) and the UK Extension to the EU-U.S. DPF. This provides a legal mechanism to ensure that your data receives an adequate level of protection consistent with EU and UK data protection laws when transferred to the U.S.

We ensure that any transfer of personal data outside the European Economic Area (EEA), UK, or Switzerland is done in compliance with applicable data protection laws and with appropriate safeguards, which may include reliance on:

• Standard Contractual Clauses (SCCs) approved by the European Commission.
• Binding Corporate Rules (BCRs).
• Your explicit consent.

We retain personal information only for as long as necessary to fulfill the purposes for which it was collected, to comply with our legal obligations, resolve disputes, and enforce our agreements.

• Proctoring Media Files (Photo IDs, Video/Audio/Screen Recordings): These are considered sensitive for proctoring purposes. They are retained for a period of up to 90 days from the date of the exam session. After this period, these files are permanently and securely deleted from our systems. This data is never used for marketing.
• Other Records & Marketing Data (Identifiers, Chat Transcripts, Marketing Data from Non-Testers): Your name, email address, phone number, state of residence (if collected), live chat transcripts, and any marketing-related data (from non-testers) are generally retained for 7 years. This retention period allows us to maintain accurate records, support potential investigations (e.g., academic misconduct appeals), comply with financial and tax regulations, engage with you (for marketing data), and resolve any future disputes. Marketing data specifically will be retained until you unsubscribe from communications or until it is no longer necessary for the purpose for which it was collected. Information is deleted when it is no longer necessary for these purposes.

The security of your personal information is paramount to MonitorEDU. We implement and maintain a robust set of technical, administrative, and physical security measures designed to protect your data from unauthorized access, disclosure, alteration, and destruction. These measures include:

• Encryption: Data is encrypted both in transit (e.g., using TLS/SSL) and at rest (e.g., on storage servers).
• Access Controls: Strict access controls and authentication mechanisms are in place to limit access to personal information only to authorized personnel who require it for legitimate business purposes.
• Regular Security Audits and Vulnerability Assessments: We regularly review and update our security practices to address new threats and vulnerabilities.
• Employee Training: Our employees receive regular training on data privacy, security best practices, and our internal policies.
• Data Minimization: We only collect the personal information that is strictly necessary for our services, thereby reducing the volume of data that needs protection.
• Secure Infrastructure: We utilize secure cloud infrastructure and partners that adhere to high security standards.

While we strive to protect your personal information, no method of transmission over the Internet or method of electronic storage is 100% secure. Therefore, we cannot guarantee absolute security.

We respect your privacy rights and are committed to providing you with control over your personal information. Depending on your jurisdiction (e.g., EU, UK, California, Virginia, etc.), you may have the following rights:

• Right to Access: You have the right to request confirmation as to whether we are processing your personal information and, if so, to request a copy of the personal information we hold about you.
• Right to Rectification (Correction): You have the right to request that we correct any inaccurate or incomplete personal information we hold about you.
• Right to Erasure (Right to be Forgotten): You have the right to request that we delete your personal information, subject to certain exceptions (e.g., ongoing legal obligations, legitimate business interests). Please note our data retention periods outlined above.
• Right to Opt-Out of Sale/Sharing (California Residents): Under CCPA/CPRA, you have the right to opt-out of the "sale" or "sharing" of your personal information. MonitorEDU does not sell or share personal information for cross-contextual behavioral advertising.
• Right to Limit Use and Disclosure of Sensitive Personal Information (California Residents): You have the right to limit the use and disclosure of sensitive personal information. We only use sensitive personal information (like ID images, video recordings) for proctoring and identity verification with your explicit consent.
• Right to Data Portability: You have the right to request a copy of your personal information in a structured, commonly used, and machine-readable format, and to transmit that data to another controller where technically feasible.
• Right to Object to Processing: You have the right to object to the processing of your personal information where we are relying on a legitimate interest as our legal basis (see Section 4).
• Right to Opt-Out of Marketing: You have the right to opt-out of receiving marketing communications from us. You can usually do this by clicking the "unsubscribe" link in our emails or by contacting us directly.
• Right to Lodge a Complaint: If you are an EU or UK resident, you have the right to lodge a complaint with a supervisory authority if you believe our processing of your personal information violates applicable law.

To exercise any of these rights, please submit a request to us using the contact information provided in the "Contact Us" section below. We may need to verify your identity before processing your request to protect your privacy and security. We will respond to your request in accordance with applicable data protection laws.

MonitorEDU is dedicated to resolving concerns about our collection or use of your personal information.

• Initial Contact: Individuals from the EU and UK with inquiries or complaints regarding our DPF compliance should first contact us directly using the contact information provided in this policy.
• Independent Recourse Mechanism: If you do not receive timely acknowledgment of your complaint from us, or if we have not addressed your complaint to your satisfaction, we have committed to refer unresolved DPF complaints to BBB National Programs, a U.S.-based independent dispute resolution provider. For more information or to file a complaint, please visit the BBB National Programs website at https://bbbprograms.org/programs/privacy/dpf The services of this independent dispute resolution provider are provided at no cost to you.
• Binding Arbitration: Under certain conditions, if your DPF complaint has not been resolved by the above-mentioned recourse mechanisms, you may be able to invoke binding arbitration. Further details can be found on the DPF website.
• Enforcement Authority: MonitorEDU is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission (FTC).
• Disclosure Requirements: We are required to disclose personal information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
• Our Commitment: We remain responsible for the processing of your personal information that we receive and subsequently transfer to a third party acting as an agent (service provider) on our behalf.
• Third-Party Agents: When we transfer your personal information to a third-party agent, we take reasonable and appropriate steps to ensure the agent processes your data in a manner consistent with our privacy obligations, including, where applicable, requiring them by contract to provide a level of protection at least equivalent to that required by applicable data protection laws.
• Our Liability: We shall remain liable under applicable data protection principles if our agent processes your personal information in a manner inconsistent with those principles, unless we can prove that we are not responsible for the event giving rise to the damage.
• Third-Party Controllers: Where we transfer your personal information to a third party acting as a controller (for their own independent purposes), we will comply with all notice and choice requirements under applicable data protection laws. We will also enter into a contract that ensures the data is processed only for limited and specified purposes and provides the same level of protection.

We comply with the EU-U.S. Data Privacy Framework (EU-U.S. DPF) and the UK Extension to the EU-U.S. DPF as set forth by the U.S. Department of Commerce. We have certified to the U.S. Department of Commerce that we adhere to the EU-U.S. DPF Principles (the "DPF Principles") with regard to the processing of personal data received from the European Union and the United Kingdom in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF.

If there is any conflict between the terms in this privacy policy and the DPF Principles, the DPF Principles shall govern.

MonitorEDU may collect data on children under the age of 13 in accordance with state-mandated educational testing programs, as contracted by your school district or state department of education. These contracts are U.S.-only.

For all other countries, MonitorEDU does not knowingly collect personal information from children under the age of thirteen. If you are under the age of thirteen, you must ask your parent or guardian for permission to use this website.

If we learn that we have collected personal information from a child under 13 without verifiable parental consent, we will take immediate steps to delete that information from our records. If you believe we may have inadvertently collected information from a child under 13, please contact us without delay using the information in the "Contact Us" section.

We utilize cookies and similar tracking technologies for various purposes, including:

• Essential Functionality: To enable core website features, session management, and secure logins.
• Analytics: To understand how users interact with our website (e.g., which pages are visited most, duration of visit) to improve our site's performance and user experience.
• Marketing (for non-testers): For non-testers, we may use cookies to understand your interests based on your website interactions, helping us tailor relevant marketing communications.

You can typically adjust your browser settings to refuse cookies or to indicate when a cookie is being sent. However, some features of our services or website may not function properly if cookies are disabled.

We may update this Privacy Policy periodically to reflect changes in our practices, technology, or legal requirements. When we make material changes to this policy, we will notify you by:

• Posting the updated policy on our website with a new "Last Updated" date.

We encourage you to review this Privacy Policy regularly to stay informed about how we are protecting your information.

If you have any questions, concerns, requests regarding your privacy rights, or wish to make a complaint concerning this Privacy Policy or our data practices, please contact our Privacy Officer at:

MonitorEDU 2972 Stewart Campbell Pt, Spring Hill, Tennessee 37174

Email: privacy@monitoredu.com

Phone: (925) 337-9647

Thank you for trusting MonitorEDU with your privacy.