Data Retention

We retain personal data only as long as needed for the purpose for which it was collected, plus any period required by law. Specific retention windows are below.

Operator account data

Email, name, organization, and role are retained for the lifetime of the account. On account deletion they are removed within 30 days, except where law requires longer retention (e.g., billing records).

Candidate session data

Session recordings, monitoring events, and risk scores are retained for the duration configured by your organization. The default is 90 days. After expiry, the underlying media is deleted from object storage and the database rows are pseudonymized to preserve aggregate analytics.

Audit logs

Audit log entries are retained for 24 months. They contain the action, target, actor identity, and request metadata (IP, user-agent), and exist to support tamper-evident review of administrative changes.

Demo requests

Submissions to the “Book a demo” form are retained for up to 24 months unless you ask us to delete them earlier.

Backups

Daily encrypted backups of the database are retained for 30 days. Deleted records may persist in backups until the backup itself rolls off.

Requests

To request earlier deletion of any of the above data, email privacy@proctored.one.