We take security and privacy matters seriously and have taken measures to protect our customers' data at all times. Our commitment to data protection and care for privacy is reflected in how we design our products, how we implement operational security practices and the technology choices we make.
For cloud infrastructure controls implementation and verification we leverage a host of AWS security services. AWS SOC Compliance information can be found here . In addition to SOC, AWS ISO and CSA STAR certifications can be reference here:
Rosalyn's security model is based on the NIST Cybersecurity Framework (CSF) and SOC 2 Criteria of Security and Confidentiality, with additional controls for compliance with international privacy laws and regulations (EU GDPR, California CCPA, Illinois BIPA, etc.). For the higher education market, Rosalyn specifically targets the HECVAT standard. Rosalyn intends to implement an SOC2 Type 2 audit in 2023
For cloud infrastructure controls implementation and verification we leverage a host of AWS security services.
The target security standards used to track progress are
For penetration testing of components deployed into production, Rosalyn works with penetration testing specialist vendors.
Risk Assessments are carried out inside Rosalyn and implementation of mitigations are planned as part of sprints.
All data in production systems inside Rosalyn are also encrypted in flight and at rest using industry standard algorithms such as AES-256 or protocols such as HTTPS, TLS and SSH. All access to production data is logged. For all cloud resources Rosalyn leverages identity and access management for defining user access and policies for fine-grained user and systems access control across all of our hosting systems. All hosting systems are separated by account level access barriers for further layers of security. Rosalyn also provides additional controls and governance capabilities, to further protect our customers' users and data.
Special consideration is given to Personally Identifiable Information (PII). All PII data flows are mapped out throughout development of our systems and clearly documented and understood throughout the organization. Lifecycles for all data, including PII is defined and maintained through established processes in order to comply with applicable regulations including GDPR.
Corporate desktops and laptops are managed by enterprise device management and endpoint protection software.
All of Rosalyn's software services are available 24 / 7.
All data stores inside Rosalyn are backed up on a continuous basis. Our main database offers global deployment over multiple regions and disaster recovery from region-wide outages. It uses storage-based replication with typical latency of less than 1 second, using dedicated infrastructure that leaves our database fully available to serve application workloads. In the event of a regional degradation or outage, one of the secondary regions can be promoted to read and write capabilities in less than 1 minute.
We currently target a Recovery Time Objective and Recovery Point Objective of under two hours with the goal of reducing this further in Q3 2022.
In accordance with Rosalyn's Business Continuity Policy, the Business Continuity Plan, testing, and procedures are updated and performed annually.
Through our platform's planning, development, and release processes, security practices are incorporated into the Rosalyn’s Software Development Lifecycle.
Our Security Development Lifecycle follows OWASP guidelines.We contract with industry-leading penetration testing providers to examine our production architecture annually.
In order to provide SSO by any number of Identity Providers (IdPs), Rosalyn supports federated access via SAML 2.0.
Rosalyn's security begins with its employees. Rosalyn implements security controls for its employees and contractors before, during, and after their tenure. Controls include security and privacy training and automated deprovisioning of logical and physical access to Rosalyn resources. Select Rosalyn staff also continuously receive advanced Cybersecurity Awareness Training in collaboration with select training partners.
Our customers' privacy is important to us, and we take it very seriously. We do not sell, share, or export your data to third parties we gather from the use of our platform. As stated in your customer agreement, we only provide data to our sub-processors for use in processing your data. We do not process biometric information, and are compliant with GDPR, and BIPA regulations
We regularly back up your data and target a RTO and RPO of 2 hours.
Users, videos, and other data can be deleted directly from our Compliance Request service. Within X days of terminating a relationship with Rosalyn, all customer data will be removed from our systems.
Rosalyn video and audio recordings are retained according to company policies, with flexible configurations based on how long recordings should be kept before being deleted.
Rosalyn supports customers with organizational requirements around data residency, requiring EU citizen data to reside in the EU.
Third-party audits attest and certify Rosalyn's security, data privacy, and compliance controls to help meet customers' legal, regulatory, and organizational policy requirements. Biometric information is not processed by us.
These End User Terms of Use (the “Terms”) are a binding legal agreement, entered into by you and Rosalyn, Inc., and made effective as of your first use of the Rosalyn, Inc. examination proctoring service (the “Service”). If you do not accept these terms and agree to be bound by them, you shall not use or access the Service. Your use of the Services represents your agreement to these Terms, including your agreement to arbitrate claims. You agree to be bound by these terms, including Exhibit A regarding Arbitration, Rosalyn.ai Application and Service Privacy Policy (LINK), and when applicable Rosalyn’s Consent Form, which are hereby incorporated by reference herein.
These Terms contain an agreement to arbitrate all claims, waive class actions, and waive jury trials; disclaimers; and limitations of liability. Please read these terms carefully.
You may be referred to herein as “you”, “your”, and “End User”.
Rosalyn, Inc. is referred to herein as “Rosalyn”.
The individual or organization that is administering your examination is referred to herein as the “Test Provider”. The Test Provider may be your school, university, an individual professor, or another examiner. The Test Provider is ultimately in control of, and solely responsible for, any actions taken with respect to you and your exam, including but not limited to, the assessment of any penalty, the grading or evaluation of your exam, or any other management or control of your exams and grades.
a. The Rosalyn remote exam proctoring service (the “Service”) provides Test Providers with functionality designed to detect, prevent, and deter cheating on exams given to you, the test-taker. The Service uses a human-in-the-loop methodology, with a “Human Proctor” (as defined below).
The “Human Proctor” is the human designated by the Test Provider that shall oversee your exam and may take actions with respect to you and your behavior during the exam. Such actions may include, but are not limited to, sending messages to you during the exam, pausing and resuming the exam while you rectify an alert situation, ejecting you from the exam, or otherwise proctoring or monitoring your taking of an exam.
You may use the Service solely for your own internal, personal, non-commercial use, and only in a manner that complies with all applicable laws. You shall not allow any third-party to use the Service on your behalf. Rosalyn expressly reserves all rights in the Service and any underlying software, platforms or other technologies not expressly granted to you in these Terms. You agree not to attempt to disassemble, decompile, or otherwise reverse engineer the Service or any portion thereof.
Your personal information will be collected, used, and otherwise handled in accordance with the Rosalyn.ai Application and Service Privacy Policy (LINK).
Rosalyn reserves the right to refuse, suspend, or cancel any exam or any exam results, in its sole discretion. You agree that Test Providers shall be solely responsible for the content of any exam, any results thereof, and any determination or action taken due to information provided by the Service.
b. You are hereby granted a license to use the Services solely for the purpose of taking an exam provided by a Test Provider.
Rosalyn and the Test Provider will communicate with you in order to enable your exam(s) with the Test Provider, for authentication of your identity, and other notifications associated with your exam(s). You hereby consent to accept and receive such communications from us, including e-mail. These communications are transactional in nature and may be generated by automated systems, for the purposes mentioned above.
Depending on your current carrier plan, you may incur charges for e-mail and agree you will not hold, nor participate in any action which seeks to hold, Rosalyn liable for any charges incurred. We shall have no liability for transmission delays or message failures.
You will be unable to opt-out of receiving certain communications that are strictly necessary for your use of the Service, such as e-mails related to your exams. You may opt-out of receiving other communications by following the unsubscribe options provided therein.
You acknowledge that any terms between you and any third-party provider create no obligation or responsibility on the part of Rosalyn, and that Rosalyn is not responsible for any failure of warranty by any such third party.
a. Age of Majority. You warrant that you are 13 years old or older. If you are under the age of13, you shall not use the Service or send any of your personal information to us.
b. Non-Transferable. Accounts are non-transferable absent the prior written consent of Rosalyn. You shall be solely liable for any and all activity associated with your account or occurring using your credentials. You shall not disclose your account credentials to any third-party.
Rosalyn may collect, use, and/or store your information to confirm your identity and proctor your behavior to maintain exam integrity. Such information may include, but is not limited to, data and metrics collected from your computer or other device during your taking of any tests proctored via the Service (the “Data”), including but not limited to video and audio feeds captured by your computer or other device, keyboard inputs, and mouse inputs.
At the start of each exam, you may be given the option to consent to Rosalyn’s use of the Data to train Rosalyn’s artificial intelligence algorithms. If you provide such consent, Rosalyn shall retain it for such training purposes indefinitely, or until you withdraw your consent.
You hereby grant to Rosalyn an irrevocable, worldwide, perpetual, transferable, sublicensable right to process, copy, make derivatives from, and otherwise use the Data for the purposes of making the Services operable, and to improve upon and develop the Services and related features. You agree that Rosalyn may share Data with third parties for the purposes of making the Service operable and to improve the Service. You further agree that Rosalyn may use the Data to train Rosalyn’s artificial intelligence algorithms, subject to your aforementioned consent.
Upon the detection of suspicious activity, Rosalyn will alert the Test Provider’s Human Proctor for further action.
Rosalyn owns the Services, its underlying platforms, software, and other technologies, all content thereon, all modifications, enhancements, and updates thereof, and all intellectual property rights therein.
You acknowledge that you are taking an examination administered by the Test Provider and not by Rosalyn.
Issues with Exams. The Test Provider shall be solely responsible for any issues or questions related to or arising from examinations, including but not limited to issues relating to exam content, grading, and detections of suspicious activity.
These Terms shall remain in effect from your first use or access of the Service until terminated per the terms herein. The following sections of these Terms shall survive its termination for any reason and remain in effect in perpetuity: 1.a., 2, and 4 – 15. Your access to the Service and/or these Terms: a.) may be terminated at any time at Rosalyn’s sole discretion; and b.) shall be terminated upon the Test Provider’s cancellation of its use of the Service. You may terminate these Terms by ceasing use of the Service and contacting contact@rosalyn.ai. These Terms shall be superseded upon your agreement to updated End User Terms of Use for the Rosalyn remote exam proctoring service.
You agree to comply fully with all applicable laws and regulations with respect to your use of the Services. You represent and warrant that your use of the Services shall not infringe upon or otherwise misappropriate the intellectual property rights of any third party.
THE SERVICES ARE PROVIDED “AS IS”, WITHOUT WARRANTY OF ANY KIND. ROSALYN EXPRESSLY DISCLAIMS ALL WARRANTIES AND CONDITIONS, EXPRESS OR IMPLIED, INCLUDING ANY IMPLIED WARRANTIES AND CONDITIONS OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, AND NONINFRINGEMENT, AND ANY WARRANTIES AND CONDITIONS ARISING OUT OF COURSE OF DEALING OR USAGE OF TRADE. NO ADVICE OR INFORMATION, WHETHER ORAL OR WRITTEN, OBTAINED FROM ROSALYN OR ELSEWHERE WILL CREATE ANY WARRANTY OR CONDITION NOT EXPRESSLY STATED IN THESE TERMS.
ROSALYN’S TOTAL LIABILITY TO YOU FROM ALL CAUSES OF ACTION AND UNDER ALL THEORIES OF LIABILITY WILL BE LIMITED TO AND WILL NOT EXCEED $100. IN NO EVENT WILL ROSALYN BE LIABLE TO YOU FOR ANY SPECIAL, INCIDENTAL, EXEMPLARY, PUNITIVE OR CONSEQUENTIAL DAMAGES (INCLUDING LOSS OF USE, DATA, BUSINESS OR PROFITS) OR FOR THE COST OF PROCURING SUBSTITUTE PRODUCTS ARISING OUT OF OR IN CONNECTION WITH THESE TERMS OR THE USE OR PERFORMANCE OF THE SOFTWARE, WHETHER SUCH LIABILITY ARISES FROM ANY CLAIM BASED UPON CONTRACT, WARRANTY, TORT (INCLUDING NEGLIGENCE), STRICT LIABILITY OR OTHERWISE, AND WHETHER OR NOT ROSALYN HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH LOSS OR DAMAGE. THE FOREGOING LIMITATIONS WILL SURVIVE AND APPLY EVEN IF ANY LIMITED REMEDY SPECIFIED IN THESE TERMS IS FOUND TO HAVE FAILED OF ITS ESSENTIAL PURPOSE.
You shall indemnify and hold harmless Rosalyn from and against any claim, damages, loss, and expenses, including attorney’s fees (“Claim”) arising from or related to your use of the Services, including but not limited to any Claim arising from or related to: a.) your violation of these Terms; b.) your violation of any applicable law or regulation; and c.) your violation of any terms between yourself and any Test Provider.
These Terms constitute the complete understanding and agreement between the parties with respect to the subject matter contained herein, and supersedes all previous agreements, representations, warranties, statements, negotiations, understandings and undertakings, whether written or oral, pertaining to such subject matter. These Terms are governed by and construed in accordance with the laws of the State of California excluding the U.N. Convention on Contracts for the International Sale of Goods and that body of laws known as conflicts of law. If for any reason a court of competent jurisdiction finds any provision of these Terms invalid or unenforceable, that provision of the Terms will be enforced to the maximum extent permissible and the other provisions of these Terms will remain in full force and effect. Rosalyn may assign these Terms at its sole discretion.
Agreement to Arbitrate; Waiver of Class Action. If you are located in the United States, you agree to resolve disputes only on an individual basis, through arbitration pursuant to the provision of Exhibit A. The parties expressly waive any right to bring any action, lawsuit, or proceeding as a class or collective action, private attorney general action, or any other proceeding in which any party acts or opposes to act in a representative capacity.
Use of the Service is also subject to the Rosalyn.ai Application and Service Privacy Policy, located at this (LINK). The Privacy Policy, and when applicable, Rosalyn’s Consent Form, noted at (LINK), are incorporated into these Terms by this reference. Additionally, you understand and agree that Rosalyn may contact you via email or otherwise with information relevant to your use of the Services, regardless of whether you have opted out of receiving marketing communications or notices.
These Terms shall be governed by and construed under the laws of the State of California, U.S.A., as applied to agreements entered into and to be performed in California by California residents. Except as provided in Exhibit A, the Parties consent to the exclusive jurisdiction and venue of the state courts located in and serving Santa Clara County, California and the federal courts in the Northern District of California.
The Service and these Terms may be modified by Rosalyn at any time with conspicuous notice to you. The following types of notice shall be deemed conspicuous and anyone of the following shall be sufficient with respect to providing such notice of modification: e-mail notice, or an announcement presented upon signing onto the Services. Please check these Terms regularly. Your continued use of the Services after such notice shall constitute your acceptance of such modifications.
Failure by either Party to exercise any of its rights under, or to enforce any provision of, these Terms will not be deemed a waiver or forfeiture of such rights or ability to enforce such provision. If any provision of these Terms is held by a court of competent jurisdiction to be illegal, invalid or unenforceable, that provision will be amended to achieve as nearly as possible the same economic effect of the original provision and the remainder of these Terms will remain in full force and effect.
You may contact us with any comments, questions, or suggestions you might haveregarding these Terms or the services at:
Rosalyn, Inc.
6605 Longshore Street #240
Dublin, OH 43017
contact@rosalyn.ai
This Exhibit A to the Terms describes further provisions which apply to the Binding Arbitration and Class Action Waiver.
Rosalyn, Inc. (referred to herein as “Rosalyn”, “we”, “our”, or “us”) values and respects the privacy rights of individuals and recognizes the importance of protecting personal information. This privacy policy (“Privacy Policy”) explains what personal data we collect from individuals and how we use it.
By using or otherwise accessing Rosalyn’s test proctoring services or its proctoring application (collectively, the “Services”), you accept and agree to the following privacy policy (the “Privacy Policy”), and you are consenting to our collection, use, disclosure, retention, and protection of personal information as described in this Privacy Policy as it arises from or relates to your access or use of the Services. If you do not provide the information we require, you will not be able to take your test using the Services. In this case, please review Section 4, “Your Choices”, below. If you do not agree to the terms of this Privacy Policy, you shall not access or use the Services.
This Privacy Policy is incorporated by reference into the Rosalyn Terms of Use (LINK) and is subject to the terms therein.
1.1 This Application and Services Privacy Policy applies to the collection, use, and disclosure of personal information by us through the Rosalyn test proctoring services and its application. This Privacy Policy does not apply to any information not collected through the Services, including but not limited to information collected through the Rosalyn website, which is covered under a separate privacy policy.
1.2 "Personal information" is information that can be associated with a specific person and could be used to identify that specific person whether from that data or from that data and other information that Rosalyn has or is likely to have access to. We do not consider personal information to include information that has been made anonymous or aggregated so that it can no longer be used to identify a specific person, whether in combination with other information or otherwise.
2.1 How We Collect. We collect your personal information during your use of the Services, including but not limited to when you take an exam using the Services.
2.2 What We Collect. The personal information we collect includes, but is not limited to, the following:
2.3 Children. Rosalyn is aware of the importance of protecting the privacy and safety of children who may use our Services. In that regard, we do not knowingly solicit data from or market to children under the age of 13. In the event a child’s parent and/or legal guardian becomes aware that their child has provided us with information without their consent, please contact us immediately at privacy@rosalyn.ai. Once notified, we will delete the information as soon as reasonably possible.
3.1 How We Use Personal Information. We will never sell personal information to third-parties for advertising or marketing purposes. Personal information provided and otherwise collected will be used to provide and improve the Services and to personalize the Services for you. This includes, but is not limited to, making the Services operable, providing customer service, corresponding with you, and to protect the integrity and operation of the Services.
The information we collect allows us to accurately identify you and make the Services operable, allowing Test Providers and Human Proctors to remotely proctor exams taken by you.
The “Test Provider” is the individual or organization that is administering your examination, and may be your school, university, professor, or another examiner. The Test Provider is ultimately in control of, and solely responsible for, any actions taken with respect to you and your exam, including but not limited to, the assessment of any penalty, the grading or evaluation of your exam, or any other management or control of your exams and grades.
The “Human Proctor” is the human designated by the Test Provider that shall oversee your exam and may take actions with respect to you and your behavior during the exam. Such actions may include, but are not limited to, sending messages to you during the exam, pausing and resuming the exam while you rectify an alert situation, ejecting you from the exam, or otherwise proctoring or monitoring your taking of an exam.
Other uses of personal information may be for validating a user account, fraud prevention, or other data safety precautions Rosalyn may elect to implement. Additionally, we may use personal information for our internal purposes such as data analysis, auditing, and research to improve the Services.
3.2 Duration of Retention. We will retain the personal information we collect about you(as listed above in Section 2.2, “What We Collect”; referred to herein as the “Exam Session Data”) for the Test Provider’s Exam Retention period, up to three (3) years. After the Test Provider’s Exam Retention period, said Exam Session Data will be deleted, or otherwise made anonymous or aggregated so that it no longer identifies a specific individual.At the start of each exam, you may be given the option to consent to Rosalyn’s use of that exam session’s Exam Session Data to train Rosalyn’s artificial intelligence algorithms by executing the following Rosalyn Consent Form (LINK). If you provide such consent, Rosalyn shall retain it for such training purposes indefinitely, or until you withdraw your consent.We will only keep personal information for as long as there is a reasonable basis to do so, whether to provide the Services, to improve them, to enforce any relevant law, the provisions of any agreement, to resolve any past, current, or future dispute, or any other business, tax, or legal purpose.When we dispose of personal information, we will do so in a secure manner.Notwithstanding anything to the contrary within this Section 3.2, Exam Session Data of Illinois residents shall not be retained for longer than three (3) years.
3.3 Corrections. You may request correction of any personal information that is incorrect by contacting us at privacy@rosalyn.ai. Such requests regarding such personal information may only be made by the subject thereof. We may require verification of your identity before proceeding with the request.
3.4 Non-Personal Information. Rosalyn collects information that in and of itself does not permit direct association with any specific person. In the case of non-personal information Rosalyn has the right to collect, transfer, use, and disclose this information for any purpose.
4.1 Decline to Provide Information. You may decline to submit personal information and/or disable your webcam and/or microphone, however, doing so will prevent you from taking your exam using the Services. You acknowledge and agree that your inability to take a exam due to your refusal to submit any required personal information and/or by disabling webcam and/or microphone access shall not be grounds for any claim of breach, damages, or other liability; nor shall it in any way relieve you of your obligations to Rosalyn.
4.2 Request Deletion of Personal Information. You may request that Rosalyn delete your personal information. You acknowledge and agree that any such deletion in accordance with the foregoing shall relieve and release Rosalyn from any liability, obligation, claim, or other damages related to or arising from said personal information. All deletion requests are subject to verification.
4.3 No Sensitive Information. You acknowledge and agree that the information you are providing to Rosalyn is not sensitive in nature (i.e., is not personal information specifying medical or health conditions, racial or ethnic origin, political opinions, religious or philosophical beliefs, etc.).
5.1 How Secure It Is. Rosalyn shall use commercially reasonable measures inline with industry standards to protect personal information, including but not limited to electronic and administrative safeguards designed to help make personal information secure. We will make reasonable attempts to provide you with notice in the event of a security breach.
When you take an exam proctored using the Services, your responses, video from your webcam, and audio from your microphone is available to the Test Provider and Human Proctor, and can be read, collected, or used by them. You are responsible for the personal information you choose to share or submit in these instances.
5.2 Where and How It Is Stored. The information you provide Rosalyn may be processed in the United States or any other country in which Rosalyn, its subsidiaries, affiliates, and/or service providers maintain facilities.
As a result, Rosalyn, its subsidiaries, affiliates, and/or service providers may transfer information we collect about you, including personal information, across borders and from your country or jurisdiction to other countries or jurisdictions around the world. For example, you may reside in another country or region with differing data protection and privacy laws than the United States. Consequently, when you register to use the Service you acknowledge and consent to Rosalyn transmitting your information to the United States or to any country in which Rosalyn and/or its subsidiaries, affiliates, and/or service providers maintain facilities and the use and disclosure of information about you as described in this Privacy Policy.
In turn, Rosalyn uses commercially reasonable standards, measures and/or protocol to keep the information collected secure. Rosalyn cannot ensure the security of any information submitted or transmitted by you to Rosalyn nor can we guarantee that said information may not be disclosed, destroyed, and/or altered.
6.1 When Will We Disclose Personal Information. We may share personal information with third-parties when necessary to provide the Services (such as to the Test Provider),when we have a good faith belief it is necessary by law or to respond to legal process, to protect the safety and lives of people, to protect the rights or property of Rosalyn, in response to lawful requests by public authorities, including to meet national security or law enforcement requirements, and with the subject’s consent. We shall not disclose personal information to third-parties for their advertising and marketing purposes.
6.2 Disclosure to Test Providers and Human Proctors. You consent to our disclosure of your exam responses and personal information to the Test Provider and Human Proctor, including but not limited to, your webcam video; audio from your microphone; your keystroke information; and any analyses of your behavior during the exam.
6.3 Disclosure to Sub-Contractors and Agents. Rosalyn may use the services of other companies in order to provide the Services. Such companies shall be given only the personal information needed to perform those services, and we do not authorize them to use or disclose personal information for their own marketing or other purposes. We have contracts in place holding such companies to the same standards of confidentiality by which Rosalyn is governed. Rosalyn shall make commercially reasonable efforts to enforce such terms on such companies. However, Rosalyn shall not be liable to you for such companies’ failure to adhere to such confidentiality terms.
Such third-party service providers may include, but are not limited to:
6.4 Business Affiliates and Transfers. Rosalyn may share information from or about you with its subsidiaries, joint ventures, or companies under common control, in which case we will require them to adhere to this Privacy Policy. In the event Rosalyn is acquired in total or by a substantial amount of its assets, we will make best efforts to ensure that the purchaser will assume the rights and obligations of this Privacy Policy. However, Rosalyn does not make any guarantees or promises with respect to a purchaser adopting the current rights and obligations of this Privacy Policy.
6.5 Investigations. Rosalyn reserves the right to provide and/or disclose necessary information for investigatory matters. Examples include but are not limited to: 1) Test Provider’s academic integrity investigation process; 2) compliance with law enforcement or the necessary legal process; 3) behavior and/or use violative of the Terms of Service, and 4) instances whereby it is necessary to protect our rights and obligations.
6.6 Per User Request. Rosalyn may share your information if requested or consented to by you.
7.1 Additional Rights. Under the California Consumer Privacy Act (“CCPA”), and the EU General Data Protection Regulation ("GDPR"), California, EEA, Switzerland, and UK residents may have certain rights regarding their data, including:
With respect to the processing of personal data of residents of the EEA, Switzerland, and UK:
Automated decision making is not used with respect to your personal information.
7.2 Right to Know and Delete. If you are a California, EEA, Switzerland, or UK resident, you may have the right to know the specific pieces of personal information that Rosalyn has about you and to request that they be deleted, subject to restrictions and exceptions. Please send requests to know and to delete in accordance with the above to us via email: privacy@rosalyn.ai; or via the following toll-free telephone number: (888) 672-5964. The foregoing means may also be used to revoke consent to use your personal information. All requests are subject to verification.
7.3 Basis for Processing. If you are a resident of the EEA, Switzerland, or the United Kingdom:
8.1 Correcting Personal Information. You agree to notify Rosalyn of personal information that you are aware has errors.
8.2 Changes. We reserve the right to make changes to this Privacy Policy at any time. Your continued use of our Services will signify your acceptance of any changes to our Privacy Policy.
8.3 Third-Parties. This Privacy Policy applies to Rosalyn’s use of personal information but does not apply to the activities of any third-party. If you disclose personal information to others, such third-party’s privacy policies and practices will apply. Rosalyn shall not be liable or in any way otherwise responsible for any use of personal information by such third-parties.
8.4 Contact Us. If you have any questions, concerns, or complaints related to or regarding the above please contact us at:
ATTN: Privacy Officer
Rosalyn, Inc.
6605 Longshore Street #240
Dublin, OH 43017
privacy@rosalyn.ai
By executing this consent in the manner provided below, you hereby provide Rosalyn, Inc. (“Rosalyn”) with express informed written consent to use your Exam Session Data (defined below) for the purposes described herein. Exam Session Data shall be collected and maintained in accordance with the terms herein and in the Rosalyn.ai Application and Service Privacy Policy (LINK).
1. “Exam Session Data” means the information we collect about you while you make use of the Rosalyn remote exam proctoring service (the “Service”, as further described in the Rosalyn.ai End User Terms of Use), including but not limited to:
2. When It Is Collected. Exam Session Data in the moments leading up to, and during, your taking of your exam.
3. How It Is Stored. Rosalyn shall use commercially reasonable measures, in line with industry standards, to protect Exam Session Data from loss, misuse, unauthorized access, disclosure, alteration, and destruction. Access to the Exam Session Data shall be restricted to those with a bona fide need to know the information. We will notify you in the event of a known breach of your Exam Session Data.
4. How Long It Is Stored. Rosalyn shall retain the Exam Session Data indefinitely, until the earlier of: a.)your withdrawal of your consent; b.) Rosalyn no longer having a reasonable basis to keep the Exam Session Data; and c.) any time limits set by applicable law.
Exam Session Data of Illinois residents shall not, in any case, be maintained for longer than three (3)years.
When we dispose of the Exam Session Data, we will do so in a secure manner.
5. How It Is Used. Exam Session Data may be used for the training, development, troubleshooting, and quality assurance of artificial intelligence algorithms for, relating to, or otherwise arising from Rosalyn’s exam proctoring services (the “Algorithms”).
The Algorithms, their underlying technologies, any embodiments and derivatives thereof, and all intellectual property rights therein, are wholly owned by Rosalyn; and Rosalyn shall have full discretion to disclose, use, distribute, or otherwise exploit the Algorithms as it sees fit.
6. When It Is Disclosed. Exam Session Data shall be disclosed to third-parties only in connection with, or otherwise as necessary for, the training of the Algorithms, the provision and improvement of the Services, and as otherwise described in the Rosalyn.ai Application and Services Privacy Policy (LINK). Rosalyn does not otherwise share your Exam Session Data with any third-parties. Rosalyn will notify you if your Exam Session Data is inadvertently disclosed or is the subject of a data breach.
7. Other Terms. These terms are in addition to, and not in lieu of, other terms you have agreed to in connection with your use of the Rosalyn remote exam proctoring service, including but not limited to the terms of the Rosalyn.ai End User Terms of Use (LINK) and the Rosalyn.ai Application and Services Privacy Policy (LINK). Rosalyn shall have sole discretion with respect to whether to accept or otherwise use your Exam Session Data for the purposes described herein.
8. Illinois Residents, Taxpayers, Students, and Others. You may not consent to submit biometric data that is subject to the Illinois Biometric Information Privacy Act (“BIPA”). You SHALL NOT check the box below or click “I Agree” if one or more of the following are true:
By checking the box below and clicking “I Agree”, I hereby consent to the use, storage, and disclosure of my Exam Session Data as described herein.
Name of Product/Version:
Report Date: March 22, 2022
PRODUCT DESCRIPTION: Rosalyn is an online proctoring application that integrates with learning management systems. Rosalyn delivers the following to our customers:
CONTACT INFORMATION:
email: accessibility@rosalyn.ai
phone: 1-888-672-5964
NOTES: This VPAT covers ahybrid student experience that starts on a web application and migrates to adesktop application. There is X total web application pages and X total desktopapplication ‘pages’
DETAILED SCOPE:
Thescope of this VPAT is restricted to Specific pages listed in the table belowfor the following website: https://has58976.live.Rosalyn.com/
EVALUATION METHODS USED:
A combination ofautomated and manual testing techniques was employed for the accessibilityassessment.
APPLICABLE STANDARDS/GUIDELINES
This report covers the degree of conformance forthe following accessibility standard/guidelines:
TERMS
The terms used in the Conformance Levelinformation are defined as follows:
WCAG 2.X REPORT
Note: When reporting on conformance with the WCAG2.x Success Criteria, the criteria are scoped for full pages, completeprocesses, and accessibility-supported ways of using technology as documentedin the WCAG2.0 Conformance Requirements.
Table 1: Success Criteria, Level A
Notes:
Table 2: Success Criteria, Level AA
Notes:
Protecting your institution's sensitive information is our top priority. Our robust data security measures maintain the highest levels of confidentiality to give you peace of mind
Rosalyn.ai goes above and beyond to meet and exceed industry regulations and compliance requirements, including GDPR and FERPA, ensuring a safe and compliant proctoring experience
We're committed to constantly evolving our security and compliance measures, staying ahead of the curve to provide unparalleled protection for you and your students
Our privacy-first approach ensures the protection of personal information from the initial design stages of our online proctoring solution, prioritizing your students' privacy at every step
We offer clear and comprehensive privacy policies, outlining our steadfast commitment to safeguarding your students' data and fostering trust with your institution
By collecting only the necessary data for effective proctoring, we minimize any risks to student privacy while delivering a seamless and secure testing experience.
We prioritize accessibility and support students with disabilities, creating an inclusive testing environment where everyone can thrive
Our flexible platform accommodates a variety of individual needs and requirements, ensuring every student receives the support they deserve.
We work closely with higher education and professional certification providers to address specific accessibility concerns, fostering a truly inclusive testing experience.
We take security and privacy matters seriously and have taken measures to protect our customers' data at all times. Our commitment to data protection and care for privacy is reflected in how we design our products, how we implement operational security practices and the technology choices we make.
For cloud infrastructure controls implementation and verification we leverage a host of AWS security services. AWS SOC Compliance information can be found here . In addition to SOC, AWS ISO and CSA STAR certifications can be reference here:
Rosalyn's security model is based on the NIST Cybersecurity Framework (CSF) and SOC 2 Criteria of Security and Confidentiality, with additional controls for compliance with international privacy laws and regulations (EU GDPR, California CCPA, Illinois BIPA, etc.). For the higher education market, Rosalyn specifically targets the HECVAT standard. Rosalyn intends to implement an SOC2 Type 2 audit in 2023
For cloud infrastructure controls implementation and verification we leverage a host of AWS security services.
The target security standards used to track progress are
For penetration testing of components deployed into production, Rosalyn works with penetration testing specialist vendors.
Risk Assessments are carried out inside Rosalyn and implementation of mitigations are planned as part of sprints.
All data in production systems inside Rosalyn are also encrypted in flight and at rest using industry standard algorithms such as AES-256 or protocols such as HTTPS, TLS and SSH. All access to production data is logged. For all cloud resources Rosalyn leverages identity and access management for defining user access and policies for fine-grained user and systems access control across all of our hosting systems. All hosting systems are separated by account level access barriers for further layers of security. Rosalyn also provides additional controls and governance capabilities, to further protect our customers' users and data.
Special consideration is given to Personally Identifiable Information (PII). All PII data flows are mapped out throughout development of our systems and clearly documented and understood throughout the organization. Lifecycles for all data, including PII is defined and maintained through established processes in order to comply with applicable regulations including GDPR.
Corporate desktops and laptops are managed by enterprise device management and endpoint protection software.
All of Rosalyn's software services are available 24 / 7.
All data stores inside Rosalyn are backed up on a continuous basis. Our main database offers global deployment over multiple regions and disaster recovery from region-wide outages. It uses storage-based replication with typical latency of less than 1 second, using dedicated infrastructure that leaves our database fully available to serve application workloads. In the event of a regional degradation or outage, one of the secondary regions can be promoted to read and write capabilities in less than 1 minute.
We currently target a Recovery Time Objective and Recovery Point Objective of under two hours with the goal of reducing this further in Q3 2022.
In accordance with Rosalyn's Business Continuity Policy, the Business Continuity Plan, testing, and procedures are updated and performed annually.
Through our platform's planning, development, and release processes, security practices are incorporated into the Rosalyn’s Software Development Lifecycle.
Our Security Development Lifecycle follows OWASP guidelines.We contract with industry-leading penetration testing providers to examine our production architecture annually.
In order to provide SSO by any number of Identity Providers (IdPs), Rosalyn supports federated access via SAML 2.0.
Rosalyn's security begins with its employees. Rosalyn implements security controls for its employees and contractors before, during, and after their tenure. Controls include security and privacy training and automated deprovisioning of logical and physical access to Rosalyn resources. Select Rosalyn staff also continuously receive advanced Cybersecurity Awareness Training in collaboration with select training partners.
Our customers' privacy is important to us, and we take it very seriously. We do not sell, share, or export your data to third parties we gather from the use of our platform. As stated in your customer agreement, we only provide data to our sub-processors for use in processing your data. We do not process biometric information, and are compliant with GDPR, and BIPA regulations
We regularly back up your data and target a RTO and RPO of 2 hours.
Users, videos, and other data can be deleted directly from our Compliance Request service. Within X days of terminating a relationship with Rosalyn, all customer data will be removed from our systems.
Rosalyn video and audio recordings are retained according to company policies, with flexible configurations based on how long recordings should be kept before being deleted.
Rosalyn supports customers with organizational requirements around data residency, requiring EU citizen data to reside in the EU.
Third-party audits attest and certify Rosalyn's security, data privacy, and compliance controls to help meet customers' legal, regulatory, and organizational policy requirements. Biometric information is not processed by us.
These End User Terms of Use (the “Terms”) are a binding legal agreement, entered into by you and Rosalyn, Inc., and made effective as of your first use of the Rosalyn, Inc. examination proctoring service (the “Service”). If you do not accept these terms and agree to be bound by them, you shall not use or access the Service. Your use of the Services represents your agreement to these Terms, including your agreement to arbitrate claims. You agree to be bound by these terms, including Exhibit A regarding Arbitration, Rosalyn.ai Application and Service Privacy Policy (LINK), and when applicable Rosalyn’s Consent Form, which are hereby incorporated by reference herein.
These Terms contain an agreement to arbitrate all claims, waive class actions, and waive jury trials; disclaimers; and limitations of liability. Please read these terms carefully.
You may be referred to herein as “you”, “your”, and “End User”.
Rosalyn, Inc. is referred to herein as “Rosalyn”.
The individual or organization that is administering your examination is referred to herein as the “Test Provider”. The Test Provider may be your school, university, an individual professor, or another examiner. The Test Provider is ultimately in control of, and solely responsible for, any actions taken with respect to you and your exam, including but not limited to, the assessment of any penalty, the grading or evaluation of your exam, or any other management or control of your exams and grades.
a. The Rosalyn remote exam proctoring service (the “Service”) provides Test Providers with functionality designed to detect, prevent, and deter cheating on exams given to you, the test-taker. The Service uses a human-in-the-loop methodology, with a “Human Proctor” (as defined below).
The “Human Proctor” is the human designated by the Test Provider that shall oversee your exam and may take actions with respect to you and your behavior during the exam. Such actions may include, but are not limited to, sending messages to you during the exam, pausing and resuming the exam while you rectify an alert situation, ejecting you from the exam, or otherwise proctoring or monitoring your taking of an exam.
You may use the Service solely for your own internal, personal, non-commercial use, and only in a manner that complies with all applicable laws. You shall not allow any third-party to use the Service on your behalf. Rosalyn expressly reserves all rights in the Service and any underlying software, platforms or other technologies not expressly granted to you in these Terms. You agree not to attempt to disassemble, decompile, or otherwise reverse engineer the Service or any portion thereof.
Your personal information will be collected, used, and otherwise handled in accordance with the Rosalyn.ai Application and Service Privacy Policy (LINK).
Rosalyn reserves the right to refuse, suspend, or cancel any exam or any exam results, in its sole discretion. You agree that Test Providers shall be solely responsible for the content of any exam, any results thereof, and any determination or action taken due to information provided by the Service.
b. You are hereby granted a license to use the Services solely for the purpose of taking an exam provided by a Test Provider.
Rosalyn and the Test Provider will communicate with you in order to enable your exam(s) with the Test Provider, for authentication of your identity, and other notifications associated with your exam(s). You hereby consent to accept and receive such communications from us, including e-mail. These communications are transactional in nature and may be generated by automated systems, for the purposes mentioned above.
Depending on your current carrier plan, you may incur charges for e-mail and agree you will not hold, nor participate in any action which seeks to hold, Rosalyn liable for any charges incurred. We shall have no liability for transmission delays or message failures.
You will be unable to opt-out of receiving certain communications that are strictly necessary for your use of the Service, such as e-mails related to your exams. You may opt-out of receiving other communications by following the unsubscribe options provided therein.
You acknowledge that any terms between you and any third-party provider create no obligation or responsibility on the part of Rosalyn, and that Rosalyn is not responsible for any failure of warranty by any such third party.
a. Age of Majority. You warrant that you are 13 years old or older. If you are under the age of13, you shall not use the Service or send any of your personal information to us.
b. Non-Transferable. Accounts are non-transferable absent the prior written consent of Rosalyn. You shall be solely liable for any and all activity associated with your account or occurring using your credentials. You shall not disclose your account credentials to any third-party.
Rosalyn may collect, use, and/or store your information to confirm your identity and proctor your behavior to maintain exam integrity. Such information may include, but is not limited to, data and metrics collected from your computer or other device during your taking of any tests proctored via the Service (the “Data”), including but not limited to video and audio feeds captured by your computer or other device, keyboard inputs, and mouse inputs.
At the start of each exam, you may be given the option to consent to Rosalyn’s use of the Data to train Rosalyn’s artificial intelligence algorithms. If you provide such consent, Rosalyn shall retain it for such training purposes indefinitely, or until you withdraw your consent.
You hereby grant to Rosalyn an irrevocable, worldwide, perpetual, transferable, sublicensable right to process, copy, make derivatives from, and otherwise use the Data for the purposes of making the Services operable, and to improve upon and develop the Services and related features. You agree that Rosalyn may share Data with third parties for the purposes of making the Service operable and to improve the Service. You further agree that Rosalyn may use the Data to train Rosalyn’s artificial intelligence algorithms, subject to your aforementioned consent.
Upon the detection of suspicious activity, Rosalyn will alert the Test Provider’s Human Proctor for further action.
Rosalyn owns the Services, its underlying platforms, software, and other technologies, all content thereon, all modifications, enhancements, and updates thereof, and all intellectual property rights therein.
You acknowledge that you are taking an examination administered by the Test Provider and not by Rosalyn.
Issues with Exams. The Test Provider shall be solely responsible for any issues or questions related to or arising from examinations, including but not limited to issues relating to exam content, grading, and detections of suspicious activity.
These Terms shall remain in effect from your first use or access of the Service until terminated per the terms herein. The following sections of these Terms shall survive its termination for any reason and remain in effect in perpetuity: 1.a., 2, and 4 – 15. Your access to the Service and/or these Terms: a.) may be terminated at any time at Rosalyn’s sole discretion; and b.) shall be terminated upon the Test Provider’s cancellation of its use of the Service. You may terminate these Terms by ceasing use of the Service and contacting contact@rosalyn.ai. These Terms shall be superseded upon your agreement to updated End User Terms of Use for the Rosalyn remote exam proctoring service.
You agree to comply fully with all applicable laws and regulations with respect to your use of the Services. You represent and warrant that your use of the Services shall not infringe upon or otherwise misappropriate the intellectual property rights of any third party.
THE SERVICES ARE PROVIDED “AS IS”, WITHOUT WARRANTY OF ANY KIND. ROSALYN EXPRESSLY DISCLAIMS ALL WARRANTIES AND CONDITIONS, EXPRESS OR IMPLIED, INCLUDING ANY IMPLIED WARRANTIES AND CONDITIONS OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, AND NONINFRINGEMENT, AND ANY WARRANTIES AND CONDITIONS ARISING OUT OF COURSE OF DEALING OR USAGE OF TRADE. NO ADVICE OR INFORMATION, WHETHER ORAL OR WRITTEN, OBTAINED FROM ROSALYN OR ELSEWHERE WILL CREATE ANY WARRANTY OR CONDITION NOT EXPRESSLY STATED IN THESE TERMS.
ROSALYN’S TOTAL LIABILITY TO YOU FROM ALL CAUSES OF ACTION AND UNDER ALL THEORIES OF LIABILITY WILL BE LIMITED TO AND WILL NOT EXCEED $100. IN NO EVENT WILL ROSALYN BE LIABLE TO YOU FOR ANY SPECIAL, INCIDENTAL, EXEMPLARY, PUNITIVE OR CONSEQUENTIAL DAMAGES (INCLUDING LOSS OF USE, DATA, BUSINESS OR PROFITS) OR FOR THE COST OF PROCURING SUBSTITUTE PRODUCTS ARISING OUT OF OR IN CONNECTION WITH THESE TERMS OR THE USE OR PERFORMANCE OF THE SOFTWARE, WHETHER SUCH LIABILITY ARISES FROM ANY CLAIM BASED UPON CONTRACT, WARRANTY, TORT (INCLUDING NEGLIGENCE), STRICT LIABILITY OR OTHERWISE, AND WHETHER OR NOT ROSALYN HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH LOSS OR DAMAGE. THE FOREGOING LIMITATIONS WILL SURVIVE AND APPLY EVEN IF ANY LIMITED REMEDY SPECIFIED IN THESE TERMS IS FOUND TO HAVE FAILED OF ITS ESSENTIAL PURPOSE.
You shall indemnify and hold harmless Rosalyn from and against any claim, damages, loss, and expenses, including attorney’s fees (“Claim”) arising from or related to your use of the Services, including but not limited to any Claim arising from or related to: a.) your violation of these Terms; b.) your violation of any applicable law or regulation; and c.) your violation of any terms between yourself and any Test Provider.
These Terms constitute the complete understanding and agreement between the parties with respect to the subject matter contained herein, and supersedes all previous agreements, representations, warranties, statements, negotiations, understandings and undertakings, whether written or oral, pertaining to such subject matter. These Terms are governed by and construed in accordance with the laws of the State of California excluding the U.N. Convention on Contracts for the International Sale of Goods and that body of laws known as conflicts of law. If for any reason a court of competent jurisdiction finds any provision of these Terms invalid or unenforceable, that provision of the Terms will be enforced to the maximum extent permissible and the other provisions of these Terms will remain in full force and effect. Rosalyn may assign these Terms at its sole discretion.
Agreement to Arbitrate; Waiver of Class Action. If you are located in the United States, you agree to resolve disputes only on an individual basis, through arbitration pursuant to the provision of Exhibit A. The parties expressly waive any right to bring any action, lawsuit, or proceeding as a class or collective action, private attorney general action, or any other proceeding in which any party acts or opposes to act in a representative capacity.
Use of the Service is also subject to the Rosalyn.ai Application and Service Privacy Policy, located at this (LINK). The Privacy Policy, and when applicable, Rosalyn’s Consent Form, noted at (LINK), are incorporated into these Terms by this reference. Additionally, you understand and agree that Rosalyn may contact you via email or otherwise with information relevant to your use of the Services, regardless of whether you have opted out of receiving marketing communications or notices.
These Terms shall be governed by and construed under the laws of the State of California, U.S.A., as applied to agreements entered into and to be performed in California by California residents. Except as provided in Exhibit A, the Parties consent to the exclusive jurisdiction and venue of the state courts located in and serving Santa Clara County, California and the federal courts in the Northern District of California.
The Service and these Terms may be modified by Rosalyn at any time with conspicuous notice to you. The following types of notice shall be deemed conspicuous and anyone of the following shall be sufficient with respect to providing such notice of modification: e-mail notice, or an announcement presented upon signing onto the Services. Please check these Terms regularly. Your continued use of the Services after such notice shall constitute your acceptance of such modifications.
Failure by either Party to exercise any of its rights under, or to enforce any provision of, these Terms will not be deemed a waiver or forfeiture of such rights or ability to enforce such provision. If any provision of these Terms is held by a court of competent jurisdiction to be illegal, invalid or unenforceable, that provision will be amended to achieve as nearly as possible the same economic effect of the original provision and the remainder of these Terms will remain in full force and effect.
You may contact us with any comments, questions, or suggestions you might haveregarding these Terms or the services at:
Rosalyn, Inc.
6605 Longshore Street #240
Dublin, OH 43017
contact@rosalyn.ai
This Exhibit A to the Terms describes further provisions which apply to the Binding Arbitration and Class Action Waiver.
Rosalyn, Inc. (referred to herein as “Rosalyn”, “we”, “our”, or “us”) values and respects the privacy rights of individuals and recognizes the importance of protecting personal information. This privacy policy (“Privacy Policy”) explains what personal data we collect from individuals and how we use it.
By using or otherwise accessing Rosalyn’s test proctoring services or its proctoring application (collectively, the “Services”), you accept and agree to the following privacy policy (the “Privacy Policy”), and you are consenting to our collection, use, disclosure, retention, and protection of personal information as described in this Privacy Policy as it arises from or relates to your access or use of the Services. If you do not provide the information we require, you will not be able to take your test using the Services. In this case, please review Section 4, “Your Choices”, below. If you do not agree to the terms of this Privacy Policy, you shall not access or use the Services.
This Privacy Policy is incorporated by reference into the Rosalyn Terms of Use (LINK) and is subject to the terms therein.
1.1 This Application and Services Privacy Policy applies to the collection, use, and disclosure of personal information by us through the Rosalyn test proctoring services and its application. This Privacy Policy does not apply to any information not collected through the Services, including but not limited to information collected through the Rosalyn website, which is covered under a separate privacy policy.
1.2 "Personal information" is information that can be associated with a specific person and could be used to identify that specific person whether from that data or from that data and other information that Rosalyn has or is likely to have access to. We do not consider personal information to include information that has been made anonymous or aggregated so that it can no longer be used to identify a specific person, whether in combination with other information or otherwise.
2.1 How We Collect. We collect your personal information during your use of the Services, including but not limited to when you take an exam using the Services.
2.2 What We Collect. The personal information we collect includes, but is not limited to, the following:
2.3 Children. Rosalyn is aware of the importance of protecting the privacy and safety of children who may use our Services. In that regard, we do not knowingly solicit data from or market to children under the age of 13. In the event a child’s parent and/or legal guardian becomes aware that their child has provided us with information without their consent, please contact us immediately at privacy@rosalyn.ai. Once notified, we will delete the information as soon as reasonably possible.
3.1 How We Use Personal Information. We will never sell personal information to third-parties for advertising or marketing purposes. Personal information provided and otherwise collected will be used to provide and improve the Services and to personalize the Services for you. This includes, but is not limited to, making the Services operable, providing customer service, corresponding with you, and to protect the integrity and operation of the Services.
The information we collect allows us to accurately identify you and make the Services operable, allowing Test Providers and Human Proctors to remotely proctor exams taken by you.
The “Test Provider” is the individual or organization that is administering your examination, and may be your school, university, professor, or another examiner. The Test Provider is ultimately in control of, and solely responsible for, any actions taken with respect to you and your exam, including but not limited to, the assessment of any penalty, the grading or evaluation of your exam, or any other management or control of your exams and grades.
The “Human Proctor” is the human designated by the Test Provider that shall oversee your exam and may take actions with respect to you and your behavior during the exam. Such actions may include, but are not limited to, sending messages to you during the exam, pausing and resuming the exam while you rectify an alert situation, ejecting you from the exam, or otherwise proctoring or monitoring your taking of an exam.
Other uses of personal information may be for validating a user account, fraud prevention, or other data safety precautions Rosalyn may elect to implement. Additionally, we may use personal information for our internal purposes such as data analysis, auditing, and research to improve the Services.
3.2 Duration of Retention. We will retain the personal information we collect about you(as listed above in Section 2.2, “What We Collect”; referred to herein as the “Exam Session Data”) for the Test Provider’s Exam Retention period, up to three (3) years. After the Test Provider’s Exam Retention period, said Exam Session Data will be deleted, or otherwise made anonymous or aggregated so that it no longer identifies a specific individual.At the start of each exam, you may be given the option to consent to Rosalyn’s use of that exam session’s Exam Session Data to train Rosalyn’s artificial intelligence algorithms by executing the following Rosalyn Consent Form (LINK). If you provide such consent, Rosalyn shall retain it for such training purposes indefinitely, or until you withdraw your consent.We will only keep personal information for as long as there is a reasonable basis to do so, whether to provide the Services, to improve them, to enforce any relevant law, the provisions of any agreement, to resolve any past, current, or future dispute, or any other business, tax, or legal purpose.When we dispose of personal information, we will do so in a secure manner.Notwithstanding anything to the contrary within this Section 3.2, Exam Session Data of Illinois residents shall not be retained for longer than three (3) years.
3.3 Corrections. You may request correction of any personal information that is incorrect by contacting us at privacy@rosalyn.ai. Such requests regarding such personal information may only be made by the subject thereof. We may require verification of your identity before proceeding with the request.
3.4 Non-Personal Information. Rosalyn collects information that in and of itself does not permit direct association with any specific person. In the case of non-personal information Rosalyn has the right to collect, transfer, use, and disclose this information for any purpose.
4.1 Decline to Provide Information. You may decline to submit personal information and/or disable your webcam and/or microphone, however, doing so will prevent you from taking your exam using the Services. You acknowledge and agree that your inability to take a exam due to your refusal to submit any required personal information and/or by disabling webcam and/or microphone access shall not be grounds for any claim of breach, damages, or other liability; nor shall it in any way relieve you of your obligations to Rosalyn.
4.2 Request Deletion of Personal Information. You may request that Rosalyn delete your personal information. You acknowledge and agree that any such deletion in accordance with the foregoing shall relieve and release Rosalyn from any liability, obligation, claim, or other damages related to or arising from said personal information. All deletion requests are subject to verification.
4.3 No Sensitive Information. You acknowledge and agree that the information you are providing to Rosalyn is not sensitive in nature (i.e., is not personal information specifying medical or health conditions, racial or ethnic origin, political opinions, religious or philosophical beliefs, etc.).
5.1 How Secure It Is. Rosalyn shall use commercially reasonable measures inline with industry standards to protect personal information, including but not limited to electronic and administrative safeguards designed to help make personal information secure. We will make reasonable attempts to provide you with notice in the event of a security breach.
When you take an exam proctored using the Services, your responses, video from your webcam, and audio from your microphone is available to the Test Provider and Human Proctor, and can be read, collected, or used by them. You are responsible for the personal information you choose to share or submit in these instances.
5.2 Where and How It Is Stored. The information you provide Rosalyn may be processed in the United States or any other country in which Rosalyn, its subsidiaries, affiliates, and/or service providers maintain facilities.
As a result, Rosalyn, its subsidiaries, affiliates, and/or service providers may transfer information we collect about you, including personal information, across borders and from your country or jurisdiction to other countries or jurisdictions around the world. For example, you may reside in another country or region with differing data protection and privacy laws than the United States. Consequently, when you register to use the Service you acknowledge and consent to Rosalyn transmitting your information to the United States or to any country in which Rosalyn and/or its subsidiaries, affiliates, and/or service providers maintain facilities and the use and disclosure of information about you as described in this Privacy Policy.
In turn, Rosalyn uses commercially reasonable standards, measures and/or protocol to keep the information collected secure. Rosalyn cannot ensure the security of any information submitted or transmitted by you to Rosalyn nor can we guarantee that said information may not be disclosed, destroyed, and/or altered.
6.1 When Will We Disclose Personal Information. We may share personal information with third-parties when necessary to provide the Services (such as to the Test Provider),when we have a good faith belief it is necessary by law or to respond to legal process, to protect the safety and lives of people, to protect the rights or property of Rosalyn, in response to lawful requests by public authorities, including to meet national security or law enforcement requirements, and with the subject’s consent. We shall not disclose personal information to third-parties for their advertising and marketing purposes.
6.2 Disclosure to Test Providers and Human Proctors. You consent to our disclosure of your exam responses and personal information to the Test Provider and Human Proctor, including but not limited to, your webcam video; audio from your microphone; your keystroke information; and any analyses of your behavior during the exam.
6.3 Disclosure to Sub-Contractors and Agents. Rosalyn may use the services of other companies in order to provide the Services. Such companies shall be given only the personal information needed to perform those services, and we do not authorize them to use or disclose personal information for their own marketing or other purposes. We have contracts in place holding such companies to the same standards of confidentiality by which Rosalyn is governed. Rosalyn shall make commercially reasonable efforts to enforce such terms on such companies. However, Rosalyn shall not be liable to you for such companies’ failure to adhere to such confidentiality terms.
Such third-party service providers may include, but are not limited to:
6.4 Business Affiliates and Transfers. Rosalyn may share information from or about you with its subsidiaries, joint ventures, or companies under common control, in which case we will require them to adhere to this Privacy Policy. In the event Rosalyn is acquired in total or by a substantial amount of its assets, we will make best efforts to ensure that the purchaser will assume the rights and obligations of this Privacy Policy. However, Rosalyn does not make any guarantees or promises with respect to a purchaser adopting the current rights and obligations of this Privacy Policy.
6.5 Investigations. Rosalyn reserves the right to provide and/or disclose necessary information for investigatory matters. Examples include but are not limited to: 1) Test Provider’s academic integrity investigation process; 2) compliance with law enforcement or the necessary legal process; 3) behavior and/or use violative of the Terms of Service, and 4) instances whereby it is necessary to protect our rights and obligations.
6.6 Per User Request. Rosalyn may share your information if requested or consented to by you.
7.1 Additional Rights. Under the California Consumer Privacy Act (“CCPA”), and the EU General Data Protection Regulation ("GDPR"), California, EEA, Switzerland, and UK residents may have certain rights regarding their data, including:
With respect to the processing of personal data of residents of the EEA, Switzerland, and UK:
Automated decision making is not used with respect to your personal information.
7.2 Right to Know and Delete. If you are a California, EEA, Switzerland, or UK resident, you may have the right to know the specific pieces of personal information that Rosalyn has about you and to request that they be deleted, subject to restrictions and exceptions. Please send requests to know and to delete in accordance with the above to us via email: privacy@rosalyn.ai; or via the following toll-free telephone number: (888) 672-5964. The foregoing means may also be used to revoke consent to use your personal information. All requests are subject to verification.
7.3 Basis for Processing. If you are a resident of the EEA, Switzerland, or the United Kingdom:
8.1 Correcting Personal Information. You agree to notify Rosalyn of personal information that you are aware has errors.
8.2 Changes. We reserve the right to make changes to this Privacy Policy at any time. Your continued use of our Services will signify your acceptance of any changes to our Privacy Policy.
8.3 Third-Parties. This Privacy Policy applies to Rosalyn’s use of personal information but does not apply to the activities of any third-party. If you disclose personal information to others, such third-party’s privacy policies and practices will apply. Rosalyn shall not be liable or in any way otherwise responsible for any use of personal information by such third-parties.
8.4 Contact Us. If you have any questions, concerns, or complaints related to or regarding the above please contact us at:
ATTN: Privacy Officer
Rosalyn, Inc.
6605 Longshore Street #240
Dublin, OH 43017
privacy@rosalyn.ai
By executing this consent in the manner provided below, you hereby provide Rosalyn, Inc. (“Rosalyn”) with express informed written consent to use your Exam Session Data (defined below) for the purposes described herein. Exam Session Data shall be collected and maintained in accordance with the terms herein and in the Rosalyn.ai Application and Service Privacy Policy (LINK).
1. “Exam Session Data” means the information we collect about you while you make use of the Rosalyn remote exam proctoring service (the “Service”, as further described in the Rosalyn.ai End User Terms of Use), including but not limited to:
2. When It Is Collected. Exam Session Data in the moments leading up to, and during, your taking of your exam.
3. How It Is Stored. Rosalyn shall use commercially reasonable measures, in line with industry standards, to protect Exam Session Data from loss, misuse, unauthorized access, disclosure, alteration, and destruction. Access to the Exam Session Data shall be restricted to those with a bona fide need to know the information. We will notify you in the event of a known breach of your Exam Session Data.
4. How Long It Is Stored. Rosalyn shall retain the Exam Session Data indefinitely, until the earlier of: a.)your withdrawal of your consent; b.) Rosalyn no longer having a reasonable basis to keep the Exam Session Data; and c.) any time limits set by applicable law.
Exam Session Data of Illinois residents shall not, in any case, be maintained for longer than three (3)years.
When we dispose of the Exam Session Data, we will do so in a secure manner.
5. How It Is Used. Exam Session Data may be used for the training, development, troubleshooting, and quality assurance of artificial intelligence algorithms for, relating to, or otherwise arising from Rosalyn’s exam proctoring services (the “Algorithms”).
The Algorithms, their underlying technologies, any embodiments and derivatives thereof, and all intellectual property rights therein, are wholly owned by Rosalyn; and Rosalyn shall have full discretion to disclose, use, distribute, or otherwise exploit the Algorithms as it sees fit.
6. When It Is Disclosed. Exam Session Data shall be disclosed to third-parties only in connection with, or otherwise as necessary for, the training of the Algorithms, the provision and improvement of the Services, and as otherwise described in the Rosalyn.ai Application and Services Privacy Policy (LINK). Rosalyn does not otherwise share your Exam Session Data with any third-parties. Rosalyn will notify you if your Exam Session Data is inadvertently disclosed or is the subject of a data breach.
7. Other Terms. These terms are in addition to, and not in lieu of, other terms you have agreed to in connection with your use of the Rosalyn remote exam proctoring service, including but not limited to the terms of the Rosalyn.ai End User Terms of Use (LINK) and the Rosalyn.ai Application and Services Privacy Policy (LINK). Rosalyn shall have sole discretion with respect to whether to accept or otherwise use your Exam Session Data for the purposes described herein.
8. Illinois Residents, Taxpayers, Students, and Others. You may not consent to submit biometric data that is subject to the Illinois Biometric Information Privacy Act (“BIPA”). You SHALL NOT check the box below or click “I Agree” if one or more of the following are true:
By checking the box below and clicking “I Agree”, I hereby consent to the use, storage, and disclosure of my Exam Session Data as described herein.
Name of Product/Version:
Report Date: March 22, 2022
PRODUCT DESCRIPTION: Rosalyn is an online proctoring application that integrates with learning management systems. Rosalyn delivers the following to our customers:
CONTACT INFORMATION:
email: accessibility@rosalyn.ai
phone: 1-888-672-5964
NOTES: This VPAT covers ahybrid student experience that starts on a web application and migrates to adesktop application. There is X total web application pages and X total desktopapplication ‘pages’
DETAILED SCOPE:
Thescope of this VPAT is restricted to Specific pages listed in the table belowfor the following website: https://has58976.live.Rosalyn.com/
EVALUATION METHODS USED:
A combination ofautomated and manual testing techniques was employed for the accessibilityassessment.
APPLICABLE STANDARDS/GUIDELINES
This report covers the degree of conformance forthe following accessibility standard/guidelines:
TERMS
The terms used in the Conformance Levelinformation are defined as follows:
WCAG 2.X REPORT
Note: When reporting on conformance with the WCAG2.x Success Criteria, the criteria are scoped for full pages, completeprocesses, and accessibility-supported ways of using technology as documentedin the WCAG2.0 Conformance Requirements.
Table 1: Success Criteria, Level A
Notes:
Table 2: Success Criteria, Level AA
Notes: