Student Privacy Statement

Protecting Your Privacy: Honorlock Online Proctoring

Student privacy is incredibly important – to students, to professors and to Honorlock – especially in these uncertain times. While we are all struggling under this “new normal,” we wanted to take a moment to address some unfounded fears that are making the rounds about privacy. Watch the video: Honorlock Protects Student Privacy.

Being students once ourselves, when we decided to build the Honorlock infrastructure for testing, we wanted something seamless for users while also protecting the privacy of those who use our solution. For these reasons, the Honorlock system only requires that you install the Honorlock Chrome extension into Google Chrome.

We made this choice to keep our users from having to install invasive technology that interacts with your computer at the operating system level – no bueno.

So how does using Google Chrome and Chrome extension help to protect privacy? Well, it’s pretty simple, really.

  1. Since the extension is contained within the Chrome browser itself, it only has access to the limited operations that are provided by the browser – nothing else.
  2. The extension is only active while you are within the learning management system, and never accesses any personal or private data.
  3. When the extension is active, there is a flashing red indicator on the extension. If this indicator is not being shown, you can trust that nothing is actively being monitored or recorded during that time.
Flashing red indicator on the extension.
Image: Flashing red indicator on the extension.

Does Honorlock access other computers, mobile devices and equipment on the network and scan them for information?

Honorlock does not scan your network, your computer, your phone or any other devices on your network. Honorlock has no access to anyone’s network or network devices. Students are granting us permission to record/monitor their device on which they are taking their assessment. Furthermore, Honorlock does not route traffic from your device through our servers in any way. We have a patent that is available for public consumption that explains the exact process in which we know when a student is searching the internet for exam content. It is a complex method for both scrubbing content from the web and also knowing the exam questions being presented to the exam taker through the LMS. With question sequencing and randomization, we are able to triangulate when a search takes place for the exam questions and content within the exam. This is done through partnerships and other means of self-hosting content. If students are not searching for their exam questions during the time of the exam there is nothing Honorlock can track in regards to any computer, mobile device, tablet, etc. within the household or place the exam is being taken.

Does Honorlock route traffic through your servers in order to analyze or monitor information from devices on the server?

No. Honorlock is a lightweight Chrome extension. Google takes serious steps to ensure user privacy and will not allow unchecked access. They will in fact reject an extension submission if it’s an invasion of privacy or if the request for certain information isn’t warranted.

What can Honorlock do?

Honorlock can log the websites you go to (or attempt to go to) from Chrome (which processes the request) and only when you are active in an exam. We collect your IP address, your email address, and your name from the LMS. We also store your Photo and ID for a limited period of time after the exam, in case your school requires those for authentication.

When you click “end proctoring,” Honorlock stops proctoring your exam. This means Honorlock stops recording the webcam, the desktop screen, and the audio.

Here are a few actions you can take after your exam has ended to make you feel more comfortable about using Honorlock:

  1. Remove the Honorlock extension when the exam is over. Simply navigate to the extension in the toolbar of Chrome, right-click, and remove. You can reinstall the extension for your next exam. It takes less than 30 seconds to install the Honorlock extension.
  2. You can create a new Chrome person to complete your testing with Honorlock. Open Chrome, navigate to the People tab across the top of your screen, then click create a new user. This means any bookmarks, passwords, etc., that you have saved will not show up in the Chrome window when you are testing.

Does Honorlock sell or share your data?

No. If Honorlock sells its proctoring business to another party, the information we’ve described elsewhere would then be transferred to the new owner to ensure continuity of proctoring for your exams under the conditions of your school’s agreement with us.

The bottom line is Honorlock is dedicated to protecting your privacy – it’s a cornerstone of our business. We also take responsibility for ensuring your records are persistent and safeguarded. If you are still concerned, we invite you to contact us. Honorlock support is available 24/7/365. If you encounter any issues or have any questions, you may contact us by live chat, and/or email support@honorlock.com

Honorlock wants to ensure you have a clear picture of what we are OR are not doing. In order to give you the necessary peace of mind, here are the measures we take to ensure your privacy:

  • Honorlock is hosted in the cloud through Amazon Web Services
  • Honorlock stores information for 12 months (time frame may differ based on the Master Service Agreement with your academic institution) and then purges that data. Honorlock is an AWS partner. AWS follows federal NIST 800-88 guidelines for proof of data/drive destruction. AWS procedures include a decommissioning process that is designed to prevent customer data from being exposed to unauthorized individuals. AWS uses the techniques detailed in DoD 5220.22-M (“National Industrial Security Program Operating Manual “) or NIST 800-88 (“Guidelines for Media Sanitization”) to destroy data as part of the decommissioning process.
  • Data in transit is encrypted using TLS 1.2, with SHA-256 and RSA 2048-bit public key for ALL data transfers in and out of our system. All transmission of data to and from our network is handled using SSL. All data transmitted into our platform is received over SSL to our web servers and our APIs. Data is transmitted back to our customers through our web servers using SSL. Data in transmission is encrypted following up-to-date SSL protocols, as certified by our latest vulnerability scan.
  • Data being stored is encrypted. All data is secure using industry standards with AES-256 block encryption.
  • Honorlock is not the owner of the data but holds the data for the university. Honorlock employees do not have access to the data unless their job requires it (ie support or proctors).
  • Honorlock requires no account or password. We collect as little as possible because we are integrated with the LMS. We use your access to the LMS to give you access to your exam when proctoring is enabled.
  • Honorlock employees receive training on how to use our product, FERPA, Incident Response, and Data Protection. All support and proctoring employees also conduct job-specific training for supporting the product, supporting students, and how to proctor effectively.
  • Honorlock received a SOC 2 Type 1 examination report in the fall of 2020. This means its data, security, and business practices are audited annually by an outside independent third party.
  • Honorlock has an information security policy and logical security policies which are related strictly to protecting data and student privacy.
  • Honorlock conducts routine vulnerability assessments, scans, and penetration testing to ensure we continue to protect all data at all costs. These tests are performed by independent third parties.
  • Honorlock is GDPR and CCPA compliant. These policies are publicly available on our website.  Read our GDPR & Privacy Shield Notice here.  If a student requests to have their information removed they will be provided a Right to Erasure Request Form. After receiving that request, Honorlock will contact the institution to ensure they are aware of the request, they have adequate time to download (or with our assistance provide them) the media prior to deletion for the perseverance of the student academic records. The student will be provided the confirmation of the deletion once it’s been completed.