Compliance

GDPR-Compliant Online Proctoring

Maintain exam integrity while respecting candidate privacy and European data protection requirements.

GDPR compliant proctoringGDPR online examsGDPR exam monitoringEU AI Act proctoring
Local WASM processing

Face detection, gaze tracking, and audio analysis run in WebAssembly in the candidate's browser — not in the cloud.

No video upload

Raw recordings and audio never leave the device. Only event metadata is transmitted.

Privacy by default

GDPR Article 25 principles built into the architecture — not a settings toggle.

Why GDPR matters for online proctoring

Remote assessment programs often collect more personal data than necessary — continuous video, room scans, keystroke logs, and third-party cloud processing. Under GDPR, this creates legal and reputational risk when less intrusive alternatives exist.

ProctorSafe is built around privacy by design and by default (GDPR Article 25): the most privacy-friendly configuration is the baseline, not an optional toggle.

What "local processing" actually means

Traditional proctoring uploads full video streams to vendor clouds for server-side AI analysis. ProctorSafe takes a fundamentally different approach:

WebAssembly face detection

a Rust-compiled WASM module runs face presence and multi-face detection directly in the candidate's browser. No frames are sent to any server.

WASM gaze engine

look-away detection using the GazeEngine runs client-side, including SIMD-optimized execution on modern browsers.

On-device audio analysis

second-speaker detection uses log-mel spectral analysis and median F0 pitch gating, processed entirely in-browser. No audio data leaves the device.

Signal-based review

reviewers see timestamped integrity events and a 0–100 trust score, not hours of raw footage.

Encrypted transmission

metadata and events are encrypted and cryptographically signed using ECDSA P-256.

EU AI Act: why architecture matters now

The EU AI Act (Regulation 2024/1689) came into force in August 2024. Annex III classifies AI systems that perform biometric identification of natural persons as high-risk. Server-side video proctoring — where raw webcam footage is sent to a vendor's cloud for AI-based facial analysis — falls squarely within this classification for EU-based deployments. High-risk AI systems require:
  • Conformity assessment before deployment
  • Registration in the EU AI Act database
  • Ongoing monitoring and incident reporting obligations
  • Transparency measures toward affected individuals
ProctorSafe's on-device WASM architecture processes biometric signals locally. Because no raw biometric data is transmitted for remote AI analysis, the high-risk classification is avoided. For EU institutions, this is a material architecture difference — not a compliance checkbox.

How ProctorSafe aligns with GDPR principles

PrincipleHow ProctorSafe supports it
Data minimizationOnly integrity signals transmitted; no raw video or audio upload
Purpose limitationData collected solely for exam integrity review
Storage limitationTenant-configurable retention policies; default 90 days
Integrity & confidentialityEnd-to-end encryption and ECDSA-signed event chains
Privacy by defaultLocal WASM processing enabled without opt-in configuration

Analytics: privacy-preserving product telemetry

ProctorSafe uses Amplitude for product analytics, configured for EU data residency. Analytics data covers product usage patterns only — no candidate biometric data, exam content, or session integrity signals are included in analytics. Analytics are used solely for product improvement and are not sold or shared with third parties.

Built for European organizations

ProctorSafe serves universities, certification bodies, language testing platforms, and EdTech providers operating under GDPR and related frameworks including the EU AI Act.

Whether you are launching a new remote assessment program or replacing a legacy proctoring vendor, ProctorSafe offers a candidate-friendly, compliance-first path to secure online exams.

Next steps

Frequently Asked Questions

Common questions about privacy, compliance, and integration.

ProctorSafe applies data minimization by processing video and audio locally in the browser via WebAssembly. Raw video and audio are not uploaded. Only integrity signals and metadata required for review are transmitted, with EU-hosted storage.

Ready to Get Started?

Try the interactive demo in your browser, or contact us for a walkthrough tailored to your program.