Maintain exam integrity while respecting candidate privacy and European data protection requirements.
Face detection, gaze tracking, and audio analysis run in WebAssembly in the candidate's browser — not in the cloud.
Raw recordings and audio never leave the device. Only event metadata is transmitted.
GDPR Article 25 principles built into the architecture — not a settings toggle.
Remote assessment programs often collect more personal data than necessary — continuous video, room scans, keystroke logs, and third-party cloud processing. Under GDPR, this creates legal and reputational risk when less intrusive alternatives exist.
ProctorSafe is built around privacy by design and by default (GDPR Article 25): the most privacy-friendly configuration is the baseline, not an optional toggle.
a Rust-compiled WASM module runs face presence and multi-face detection directly in the candidate's browser. No frames are sent to any server.
look-away detection using the GazeEngine runs client-side, including SIMD-optimized execution on modern browsers.
second-speaker detection uses log-mel spectral analysis and median F0 pitch gating, processed entirely in-browser. No audio data leaves the device.
reviewers see timestamped integrity events and a 0–100 trust score, not hours of raw footage.
metadata and events are encrypted and cryptographically signed using ECDSA P-256.
| Principle | How ProctorSafe supports it |
|---|---|
| Data minimization | Only integrity signals transmitted; no raw video or audio upload |
| Purpose limitation | Data collected solely for exam integrity review |
| Storage limitation | Tenant-configurable retention policies; default 90 days |
| Integrity & confidentiality | End-to-end encryption and ECDSA-signed event chains |
| Privacy by default | Local WASM processing enabled without opt-in configuration |
ProctorSafe uses Amplitude for product analytics, configured for EU data residency. Analytics data covers product usage patterns only — no candidate biometric data, exam content, or session integrity signals are included in analytics. Analytics are used solely for product improvement and are not sold or shared with third parties.
ProctorSafe serves universities, certification bodies, language testing platforms, and EdTech providers operating under GDPR and related frameworks including the EU AI Act.
Whether you are launching a new remote assessment program or replacing a legacy proctoring vendor, ProctorSafe offers a candidate-friendly, compliance-first path to secure online exams.
Dive deeper with guides from our articles library.
How GDPR Article 25 changes remote assessment design: data minimization, default settings, and what “state of the art” means for proctoring.
Read articleRegulatory & complianceA DPIA blueprint for remote proctoring: necessity, proportionality, student risk assessment, and privacy-first mitigations.
Read articleRegulatory & complianceA practical guide to the EU AI Act (Regulation 2024/1689) for education and certification teams using (or evaluating) online proctoring.
Read articleCommon questions about privacy, compliance, and integration.
Try the interactive demo in your browser, or contact us for a walkthrough tailored to your program.