Third-party audits attest and certify Rosalyn's security, data privacy, and compliance controls to help meet customers' legal, regulatory, and organizational policy requirements. Biometric information is not processed by us.

ROSALYN.AI END USER TERMS OF USE

These End User Terms of Use (the “Terms”) are a binding legal agreement, entered into by you and Rosalyn, Inc., and made effective as of your first use of the Rosalyn, Inc. examination proctoring service (the “Service”). If you do not accept these terms and agree to be bound by them, you shall not use or access the Service. Your use of the Services represents your agreement to these Terms, including your agreement to arbitrate claims. You agree to be bound by these terms, including Exhibit A regarding Arbitration, Rosalyn.ai Application and Service Privacy Policy (LINK), and when applicable Rosalyn’s Consent Form, which are hereby incorporated by reference herein.

These Terms contain an agreement to arbitrate all claims, waive class actions, and waive jury trials; disclaimers; and limitations of liability. Please read these terms carefully.

You may be referred to herein as “you”, “your”, and “End User”.

Rosalyn, Inc. is referred to herein as “Rosalyn”.

The individual or organization that is administering your examination is referred to herein as the “Test Provider”. The Test Provider may be your school, university, an individual professor, or another examiner. The Test Provider is ultimately in control of, and solely responsible for, any actions taken with respect to you and your exam, including but not limited to, the assessment of any penalty, the grading or evaluation of your exam, or any other management or control of your exams and grades.

1. THE REMOTE PROCTORING SERVICE

a. The Rosalyn remote exam proctoring service (the “Service”) provides Test Providers with functionality designed to detect, prevent, and deter cheating on exams given to you, the test-taker. The Service uses a human-in-the-loop methodology, with a “Human Proctor” (as defined below).

The “Human Proctor” is the human designated by the Test Provider that shall oversee your exam and may take actions with respect to you and your behavior during the exam. Such actions may include, but are not limited to, sending messages to you during the exam, pausing and resuming the exam while you rectify an alert situation, ejecting you from the exam, or otherwise proctoring or monitoring your taking of an exam.

You may use the Service solely for your own internal, personal, non-commercial use, and only in a manner that complies with all applicable laws. You shall not allow any third-party to use the Service on your behalf. Rosalyn expressly reserves all rights in the Service and any underlying software, platforms or other technologies not expressly granted to you in these Terms. You agree not to attempt to disassemble, decompile, or otherwise reverse engineer the Service or any portion thereof.

Your personal information will be collected, used, and otherwise handled in accordance with the Rosalyn.ai Application and Service Privacy Policy (LINK).

Rosalyn reserves the right to refuse, suspend, or cancel any exam or any exam results, in its sole discretion. You agree that Test Providers shall be solely responsible for the content of any exam, any results thereof, and any determination or action taken due to information provided by the Service.

b. You are hereby granted a license to use the Services solely for the purpose of taking an exam provided by a Test Provider.

2. COMMUNICATIONS

Rosalyn and the Test Provider will communicate with you in order to enable your exam(s) with the Test Provider, for authentication of your identity, and other notifications associated with your exam(s). You hereby consent to accept and receive such communications from us, including e-mail. These communications are transactional in nature and may be generated by automated systems, for the purposes mentioned above.

Depending on your current carrier plan, you may incur charges for e-mail and agree you will not hold, nor participate in any action which seeks to hold, Rosalyn liable for any charges incurred. We shall have no liability for transmission delays or message failures.

You will be unable to opt-out of receiving certain communications that are strictly necessary for your use of the Service, such as e-mails related to your exams. You may opt-out of receiving other communications by following the unsubscribe options provided therein.

You acknowledge that any terms between you and any third-party provider create no obligation or responsibility on the part of Rosalyn, and that Rosalyn is not responsible for any failure of warranty by any such third party.

3. ACCOUNT SECURITY

a. Age of Majority. You warrant that you are 13 years old or older. If you are under the age of13, you shall not use the Service or send any of your personal information to us.

b. Non-Transferable.   Accounts are non-transferable absent the prior written consent of Rosalyn. You shall be solely liable for any and all activity associated with your account or occurring using your credentials. You shall not disclose your account credentials to any third-party.

4. USE OF YOUR INFORMATION

Rosalyn may collect, use, and/or store your information to confirm your identity and proctor your behavior to maintain exam integrity. Such information may include, but is not limited to, data and metrics collected from your computer or other device during your taking of any tests proctored via the Service (the “Data”), including but not limited to video and audio feeds captured by your computer or other device, keyboard inputs, and mouse inputs.

5.

At the start of each exam, you may be given the option to consent to Rosalyn’s use of the Data to train Rosalyn’s artificial intelligence algorithms. If you provide such consent, Rosalyn shall retain it for such training purposes indefinitely, or until you withdraw your consent.

You hereby grant to Rosalyn an irrevocable, worldwide, perpetual, transferable, sublicensable right to process, copy, make derivatives from, and otherwise use the Data for the purposes of making the Services operable, and to improve upon and develop the Services and related features. You agree that Rosalyn may share Data with third parties for the purposes of making the Service operable and to improve the Service. You further agree that Rosalyn may use the Data to train Rosalyn’s artificial intelligence algorithms, subject to your aforementioned consent.

Upon the detection of suspicious activity, Rosalyn will alert the Test Provider’s Human Proctor for further action.

6. OWNERSHIP OF THE SERVICES

Rosalyn owns the Services, its underlying platforms, software, and other technologies, all content thereon, all modifications, enhancements, and updates thereof, and all intellectual property rights therein.

7. RELATIONSHIP WITH THE TEST PROVIDER

You acknowledge that you are taking an examination administered by the Test Provider and not by Rosalyn.

Issues with Exams. The Test Provider shall be solely responsible for any issues or questions related to or arising from examinations, including but not limited to issues relating to exam content, grading, and detections of suspicious activity.

8. TERM

These Terms shall remain in effect from your first use or access of the Service until terminated per the terms herein. The following sections of these Terms shall survive its termination for any reason and remain in effect in perpetuity: 1.a., 2, and 4 – 15. Your access to the Service and/or these Terms: a.) may be terminated at any time at Rosalyn’s sole discretion; and b.) shall be terminated upon the Test Provider’s cancellation of its use of the Service. You may terminate these Terms by ceasing use of the Service and contacting contact@rosalyn.ai. These Terms shall be superseded upon your agreement to updated End User Terms of Use for the Rosalyn remote exam proctoring service.

9. ADHERENCE WITH LAWS

You agree to comply fully with all applicable laws and regulations with respect to your use of the Services. You represent and warrant that your use of the Services shall not infringe upon or otherwise misappropriate the intellectual property rights of any third party.

10. NO WARRANTY

THE SERVICES ARE PROVIDED “AS IS”, WITHOUT WARRANTY OF ANY KIND. ROSALYN EXPRESSLY DISCLAIMS ALL WARRANTIES AND CONDITIONS, EXPRESS OR IMPLIED, INCLUDING ANY IMPLIED WARRANTIES AND CONDITIONS OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, AND NONINFRINGEMENT, AND ANY WARRANTIES AND CONDITIONS ARISING OUT OF COURSE OF DEALING OR USAGE OF TRADE. NO ADVICE OR INFORMATION, WHETHER ORAL OR WRITTEN, OBTAINED FROM ROSALYN OR ELSEWHERE WILL CREATE ANY WARRANTY OR CONDITION NOT EXPRESSLY STATED IN THESE TERMS.

11. LIMITATION OF LIABILITY

ROSALYN’S TOTAL LIABILITY TO YOU FROM ALL CAUSES OF ACTION AND UNDER ALL THEORIES OF LIABILITY WILL BE LIMITED TO AND WILL NOT EXCEED $100. IN NO EVENT WILL ROSALYN BE LIABLE TO YOU FOR ANY SPECIAL, INCIDENTAL, EXEMPLARY, PUNITIVE OR CONSEQUENTIAL DAMAGES (INCLUDING LOSS OF USE, DATA, BUSINESS OR PROFITS) OR FOR THE COST OF PROCURING SUBSTITUTE PRODUCTS ARISING OUT OF OR IN CONNECTION WITH THESE TERMS OR THE USE OR PERFORMANCE OF THE SOFTWARE, WHETHER SUCH LIABILITY ARISES FROM ANY CLAIM BASED UPON CONTRACT, WARRANTY, TORT (INCLUDING NEGLIGENCE), STRICT LIABILITY OR OTHERWISE, AND WHETHER OR NOT ROSALYN HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH LOSS OR DAMAGE. THE FOREGOING LIMITATIONS WILL SURVIVE AND APPLY EVEN IF ANY LIMITED REMEDY SPECIFIED IN THESE TERMS IS FOUND TO HAVE FAILED OF ITS ESSENTIAL PURPOSE.

12. INDEMNIFICATION

You shall indemnify and hold harmless Rosalyn from and against any claim, damages, loss, and expenses, including attorney’s fees (“Claim”) arising from or related to your use of the Services, including but not limited to any Claim arising from or related to: a.) your violation of these Terms; b.) your violation of any applicable law or regulation; and c.) your violation of any terms between yourself and any Test Provider.

13. OTHER TERMS

These Terms constitute the complete understanding and agreement between the parties with respect to the subject matter contained herein, and supersedes all previous agreements, representations, warranties, statements, negotiations, understandings and undertakings, whether written or oral, pertaining to such subject matter. These Terms are governed by and construed in accordance with the laws of the State of California excluding the U.N. Convention on Contracts for the International Sale of Goods and that body of laws known as conflicts of law. If for any reason a court of competent jurisdiction finds any provision of these Terms invalid or unenforceable, that provision of the Terms will be enforced to the maximum extent permissible and the other provisions of these Terms will remain in full force and effect. Rosalyn may assign these Terms at its sole discretion.

Agreement to Arbitrate; Waiver of Class Action. If you are located in the United States, you agree to resolve disputes only on an individual basis, through arbitration pursuant to the provision of Exhibit A. The parties expressly waive any right to bring any action, lawsuit, or proceeding as a class or collective action, private attorney general action, or any other proceeding in which any party acts or opposes to act in a representative capacity.

14. PRIVACY AND OTHER POLICIES

Use of the Service is also subject to the Rosalyn.ai Application and Service Privacy Policy, located at this (LINK). The Privacy Policy, and when applicable, Rosalyn’s Consent Form, noted at (LINK), are incorporated into these Terms by this reference. Additionally, you understand and agree that Rosalyn may contact you via email or otherwise with information relevant to your use of the Services, regardless of whether you have opted out of receiving marketing communications or notices.

15. CHOICE OF LAW AND FORUM

These Terms shall be governed by and construed under the laws of the State of California, U.S.A., as applied to agreements entered into and to be performed in California by California residents. Except as provided in Exhibit A, the Parties consent to the exclusive jurisdiction and venue of the state courts located in and serving Santa Clara County, California and the federal courts in the Northern District of California.

16. MODIFICATIONS

The Service and these Terms may be modified by Rosalyn at any time with conspicuous notice to you. The following types of notice shall be deemed conspicuous and anyone of the following shall be sufficient with respect to providing such notice of modification: e-mail notice, or an announcement presented upon signing onto the Services. Please check these Terms regularly. Your continued use of the Services after such notice shall constitute your acceptance of such modifications.

17. WAIVER AND SEVERABILITY

Failure by either Party to exercise any of its rights under, or to enforce any provision of, these Terms will not be deemed a waiver or forfeiture of such rights or ability to enforce such provision. If any provision of these Terms is held by a court of competent jurisdiction to be illegal, invalid or unenforceable, that provision will be amended to achieve as nearly as possible the same economic effect of the original provision and the remainder of these Terms will remain in full force and effect.

18. CONTACT US

You may contact us with any comments, questions, or suggestions you might haveregarding these Terms or the services at:

Rosalyn, Inc.
6605 Longshore Street #240
Dublin, OH 43017
contact@rosalyn.ai

EXHIBIT A

Binding Arbitration

This Exhibit A to the Terms describes further provisions which apply to the Binding Arbitration and Class Action Waiver.

1. Disputes. A dispute is any controversy between you and Rosalyn concerning the Services, any software related to the Services, privacy issues and/or claims related to the Services, your account, Rosalyn’s advertising, marketing, or communications, or any term related to these Terms or the relationship between you and Rosalyn, under any legal theory including contract, warranty, tort, statute, or regulation, except disputes relating to the enforcement or validity of Rosalyn’s intellectual property rights. As part of the best efforts process to resolve disputes, and prior to initiating arbitration proceedings, each party agrees to provide notice of the dispute to the other party, including a description of the dispute, what efforts have been made to resolve it, and what the disputing party is requesting as resolution, to contact@rosalyn.ai.
2. Small Claims Court Available. You may initiate an action in your local Small Claims Court if you meet the court’s requirements. However, if such a claim is transferred, removed or appealed to a different court, Rosalyn reserves the right to require arbitration.
3. Arbitration Procedure. Disputes not resolved pursuant to Small Claims Court shall be resolved through arbitration. The American Arbitration Association (“AAA”) will conduct any arbitration under its Commercial Arbitration Rules. For more information, see adr.org. Arbitration hearing swill take place in the federal judicial district of your primary location. A single arbitrator will be appointed. The arbitrator must: (a) follow all applicable substantive Law; (b) follow applicable statutes of limitations; (c) honor valid claims of privilege; (d) issue a written decision including the reasons for the award. The arbitrator may award damages, declaratory or injunctive relief, and costs (including reasonable attorneys’ fees). Any arbitration award may be enforced (such as through a judgment) in any court with jurisdiction. Under AAA Rules, the arbitrator rules on his or her own jurisdiction, including the arbitrability of any claim; however, a court has exclusive authority to enforce the prohibition on arbitration on a class-wide basis or in a representative capacity.
4. Arbitration Fees. If You are unable to afford the arbitration costs, Rosalyn will advance those costs to you, subject to the arbitrator’s determination if costs should be reimbursed to Rosalyn if Rosalyn prevails. For disputes involving more than $75,000, the AAA rules will govern payment of filing fees and the AAA’s and arbitrator’s fees and expenses.
5. Conflict with AAA Rules. These Terms govern if there is a conflict with the AAA’s Commercial Arbitration Rules.
   ‍
6. Requirement to File Within One Year. Notwithstanding any other statute of limitations, a claim or dispute under these Terms must be filed in Small Claims Court or noticed for arbitration within one year of when it could first be filed, or such claim will be permanently barred.
7. Severability. If the class action waiver is found to be illegal or unenforceable as to all or some parts of a dispute, then those parts will not be arbitrated but will be resolved in court, with the balance resolved through arbitration. If any provision of this Exhibit A is found to be illegal or unenforceable, then that provision will be severed; however, the remaining provisions shall still apply and shall be interpreted to as nearly as possible achieve the original intent of this Exhibit, inclusive of the severed provision.

‍

ROSALYN.AI APPLICATION AND SERVICES PRIVACY POLICY

Rosalyn, Inc. (referred to herein as “Rosalyn”, “we”, “our”, or “us”) values and respects the privacy rights of individuals and recognizes the importance of protecting personal information. This privacy policy (“Privacy Policy”) explains what personal data we collect from individuals and how we use it.

By using or otherwise accessing Rosalyn’s test proctoring services or its proctoring application (collectively, the “Services”), you accept and agree to the following privacy policy (the “Privacy Policy”), and you are consenting to our collection, use, disclosure, retention, and protection of personal information as described in this Privacy Policy as it arises from or relates to your access or use of the Services. If you do not provide the information we require, you will not be able to take your test using the Services. In this case, please review Section 4, “Your Choices”, below. If you do not agree to the terms of this Privacy Policy, you shall not access or use the Services.

This Privacy Policy is incorporated by reference into the Rosalyn Terms of Use (LINK) and is subject to the terms therein.

1. SCOPE

1.1 This Application and Services Privacy Policy applies to the collection, use, and disclosure of personal information by us through the Rosalyn test proctoring services and its application. This Privacy Policy does not apply to any information not collected through the Services, including but not limited to information collected through the Rosalyn website, which is covered under a separate privacy policy.

1.2 "Personal information" is information that can be associated with a specific person and could be used to identify that specific person whether from that data or from that data and other information that Rosalyn has or is likely to have access to. We do not consider personal information to include information that has been made anonymous or aggregated so that it can no longer be used to identify a specific person, whether in combination with other information or otherwise.

2.COLLECTION

2.1 How We Collect. We collect your personal information during your use of the Services, including but not limited to when you take an exam using the Services.

2.2 What We Collect. The personal information we collect includes, but is not limited to, the following:

• A webcam photo of you;
• A webcam photo of your photo ID;
• Video and audio collected from your webcam and microphone;
• Identifying information such as name, e-mail address, and other unique personal identifiers;
• Information transmitted to us during your use of the Services;
• Information you provide when contacting us for help; and
• Device IDs, IP Addresses, and/or other unique identifiers.

2.3 Children. Rosalyn is aware of the importance of protecting the privacy and safety of children who may use our Services. In that regard, we do not knowingly solicit data from or market to children under the age of 13. In the event a child’s parent and/or legal guardian becomes aware that their child has provided us with information without their consent, please contact us immediately at privacy@rosalyn.ai. Once notified, we will delete the information as soon as reasonably possible.

3. USE, RETENTION, AND CORRECTIONS

3.1 How We Use Personal Information. We will never sell personal information to third-parties for advertising or marketing purposes. Personal information provided and otherwise collected will be used to provide and improve the Services and to personalize the Services for you. This includes, but is not limited to, making the Services operable, providing customer service, corresponding with you, and to protect the integrity and operation of the Services.

The information we collect allows us to accurately identify you and make the Services operable, allowing Test Providers and Human Proctors to remotely proctor exams taken by you.

The “Test Provider” is the individual or organization that is administering your examination, and may be your school, university, professor, or another examiner. The Test Provider is ultimately in control of, and solely responsible for, any actions taken with respect to you and your exam, including but not limited to, the assessment of any penalty, the grading or evaluation of your exam, or any other management or control of your exams and grades.

The “Human Proctor” is the human designated by the Test Provider that shall oversee your exam and may take actions with respect to you and your behavior during the exam. Such actions may include, but are not limited to, sending messages to you during the exam, pausing and resuming the exam while you rectify an alert situation, ejecting you from the exam, or otherwise proctoring or monitoring your taking of an exam.

Other uses of personal information may be for validating a user account, fraud prevention, or other data safety precautions Rosalyn may elect to implement. Additionally, we may use personal information for our internal purposes such as data analysis, auditing, and research to improve the Services.

3.2 Duration of Retention. We will retain the personal information we collect about you(as listed above in Section 2.2, “What We Collect”; referred to herein as the “Exam Session Data”) for the Test Provider’s Exam Retention period, up to three (3) years. After the Test Provider’s Exam Retention period, said Exam Session Data will be deleted, or otherwise made anonymous or aggregated so that it no longer identifies a specific individual.At the start of each exam, you may be given the option to consent to Rosalyn’s use of that exam session’s Exam Session Data to train Rosalyn’s artificial intelligence algorithms by executing the following Rosalyn Consent Form (LINK). If you provide such consent, Rosalyn shall retain it for such training purposes indefinitely, or until you withdraw your consent.We will only keep personal information for as long as there is a reasonable basis to do so, whether to provide the Services, to improve them, to enforce any relevant law, the provisions of any agreement, to resolve any past, current, or future dispute, or any other business, tax, or legal purpose.When we dispose of personal information, we will do so in a secure manner.Notwithstanding anything to the contrary within this Section 3.2, Exam Session Data of Illinois residents shall not be retained for longer than three (3) years.

3.3 Corrections.   You may request correction of any personal information that is incorrect by contacting us at privacy@rosalyn.ai. Such requests regarding such personal information may only be made by the subject thereof. We may require verification of your identity before proceeding with the request.

3.4 Non-Personal Information. Rosalyn collects information that in and of itself does not permit direct association with any specific person. In the case of non-personal information Rosalyn has the right to collect, transfer, use, and disclose this information for any purpose.

4. YOUR CHOICES

4.1 Decline to Provide Information. You may decline to submit personal information and/or disable your webcam and/or microphone, however, doing so will prevent you from taking your exam using the Services. You acknowledge and agree that your inability to take a exam due to your refusal to submit any required personal information and/or by disabling webcam and/or microphone access shall not be grounds for any claim of breach, damages, or other liability; nor shall it in any way relieve you of your obligations to Rosalyn.

4.2 Request Deletion of Personal Information. You may request that Rosalyn delete your personal information. You acknowledge and agree that any such deletion in accordance with the foregoing shall relieve and release Rosalyn from any liability, obligation, claim, or other damages related to or arising from said personal information. All deletion requests are subject to verification.

4.3 No Sensitive Information.   You acknowledge and agree that the information you are providing to Rosalyn is not sensitive in nature (i.e., is not personal information specifying medical or health conditions, racial or ethnic origin, political opinions, religious or philosophical beliefs, etc.).

5. STORAGE OF PERSONAL INFORMATION

5.1 How Secure It Is.   Rosalyn shall use commercially reasonable measures inline with industry standards to protect personal information, including but not limited to electronic and administrative safeguards designed to help make personal information secure. We will make reasonable attempts to provide you with notice in the event of a security breach.

When you take an exam proctored using the Services, your responses, video from your webcam, and audio from your microphone is available to the Test Provider and Human Proctor, and can be read, collected, or used by them. You are responsible for the personal information you choose to share or submit in these instances.

5.2 Where and How It Is Stored.   The information you provide Rosalyn may be processed in the United States or any other country in which Rosalyn, its subsidiaries, affiliates, and/or service providers maintain facilities.

As a result, Rosalyn, its subsidiaries, affiliates, and/or service providers may transfer information we collect about you, including personal information, across borders and from your country or jurisdiction to other countries or jurisdictions around the world. For example, you may reside in another country or region with differing data protection and privacy laws than the United States. Consequently, when you register to use the Service you acknowledge and consent to Rosalyn transmitting your information to the United States or to any country in which Rosalyn and/or its subsidiaries, affiliates, and/or service providers maintain facilities and the use and disclosure of information about you as described in this Privacy Policy.

In turn, Rosalyn uses commercially reasonable standards, measures and/or protocol to keep the information collected secure. Rosalyn cannot ensure the security of any information submitted or transmitted by you to Rosalyn nor can we guarantee that said information may not be disclosed, destroyed, and/or altered.

6. DISCLOSURE

6.1 When Will We Disclose Personal Information.   We may share personal information with third-parties when necessary to provide the Services (such as to the Test Provider),when we have a good faith belief it is necessary by law or to respond to legal process, to protect the safety and lives of people, to protect the rights or property of Rosalyn, in response to lawful requests by public authorities, including to meet national security or law enforcement requirements, and with the subject’s consent. We shall not disclose personal information to third-parties for their advertising and marketing purposes.

6.2 Disclosure to Test Providers and Human Proctors.  You consent to our disclosure of your exam responses and personal information to the Test Provider and Human Proctor, including but not limited to, your webcam video; audio from your microphone; your keystroke information; and any analyses of your behavior during the exam.

6.3 Disclosure to Sub-Contractors and Agents.  Rosalyn may use the services of other companies in order to provide the Services. Such companies shall be given only the personal information needed to perform those services, and we do not authorize them to use or disclose personal information for their own marketing or other purposes. We have contracts in place holding such companies to the same standards of confidentiality by which Rosalyn is governed. Rosalyn shall make commercially reasonable efforts to enforce such terms on such companies. However, Rosalyn shall not be liable to you for such companies’ failure to adhere to such confidentiality terms.

Such third-party service providers may include, but are not limited to:

• Cloud storage providers;
• Data analytics providers;
• Email delivery services;
• Research partners; and
• Consultants, accountants, lawyers, and other professional service providers.

6.4 Business Affiliates and Transfers.  Rosalyn may share information from or about you with its subsidiaries, joint ventures, or companies under common control, in which case we will require them to adhere to this Privacy Policy. In the event Rosalyn is acquired in total or by a substantial amount of its assets, we will make best efforts to ensure that the purchaser will assume the rights and obligations of this Privacy Policy. However, Rosalyn does not make any guarantees or promises with respect to a purchaser adopting the current rights and obligations of this Privacy Policy.

6.5 Investigations.  Rosalyn reserves the right to provide and/or disclose necessary information for investigatory matters. Examples include but are not limited to: 1) Test Provider’s academic integrity investigation process; 2) compliance with law enforcement or the necessary legal process; 3) behavior and/or use violative of the Terms of Service, and 4) instances whereby it is necessary to protect our rights and obligations.

6.6 Per User Request.   Rosalyn may share your information if requested or consented to by you.

7. TERMS FOR EEA AND CALIFORNIA USERS

7.1 Additional Rights.  Under the California Consumer Privacy Act (“CCPA”), and the EU General Data Protection Regulation ("GDPR"), California, EEA, Switzerland, and UK residents may have certain rights regarding their data, including:

• To know the categories of personal information collected and disclosed and the sources from which such information was collected (see Section 2.2);
• To know the business purpose for using or sharing personal information (see Section 3.1);
• To request corrections of incorrect personal information (see Section 3.3);
• The categories of third parties with whom personal information has been and will be disclosed (see Section 6);
• The ability to know and delete certain pieces of personal information (see below).

With respect to the processing of personal data of residents of the EEA, Switzerland, and UK:

• with respect to the exam proctoring services, the Test Provider is the controller, Rosalyn is a processor, and you are the data subject; and
• with respect to the training of Rosalyn’s artificial intelligence algorithms, Rosalyn is the controller, and you are the data subject.

Automated decision making is not used with respect to your personal information.

7.2 Right to Know and Delete.  If you are a California, EEA, Switzerland, or UK resident, you may have the right to know the specific pieces of personal information that Rosalyn has about you and to request that they be deleted, subject to restrictions and exceptions. Please send requests to know and to delete in accordance with the above to us via email: privacy@rosalyn.ai; or via the following toll-free telephone number: (888) 672-5964. The foregoing means may also be used to revoke consent to use your personal information. All requests are subject to verification.

7.3 Basis for Processing.  If you are a resident of the EEA, Switzerland, or the United Kingdom:

• Rosalyn takes reasonable steps to ensure that the personal information we collect is reliable for its intended use, accurate, complete, and up to date. Our legal bases for collecting and using the personal information are to enter into or perform a contract with you, with your consent, to comply with our legal obligations, and to pursue our legitimate interests, including but not limited to: a.) to provide proctoring services to Test Providers; and b.) to improve the performance of our proctoring services.
• You have the right to lodge a complaint with the data protection authority about our collection and use of your personal information in relation to the General Data Protection Regulation (GDPR) and other applicable law. For more information or to submit a complaint, please contact your local data protection authority. Contact details for data protection authorities in the EEA are available at the following link: https://edpb.europa.eu/about-edpb/about-edpb/members_en.  Contact details for the FDPIC in Switzerland are available at the following link: https://www.edoeb.admin.ch/edoeb/en/home/the-fdpic/contact.html. Contact details for the Information Commissioner’s Office in the United Kingdom are available at the following link: https://ico.org.uk/make-a-complaint/.

8. OTHER

8.1 Correcting Personal Information.  You agree to notify Rosalyn of personal information that you are aware has errors.

8.2 Changes.   We reserve the right to make changes to this Privacy Policy at any time. Your continued use of our Services will signify your acceptance of any changes to our Privacy Policy.

8.3 Third-Parties.   This Privacy Policy applies to Rosalyn’s use of personal information but does not apply to the activities of any third-party. If you disclose personal information to others, such third-party’s privacy policies and practices will apply. Rosalyn shall not be liable or in any way otherwise responsible for any use of personal information by such third-parties.

8.4 Contact Us.   If you have any questions, concerns, or complaints related to or regarding the above please contact us at:
ATTN: Privacy Officer
Rosalyn, Inc.
6605 Longshore Street #240
Dublin, OH 43017
privacy@rosalyn.ai

‍

INFORMED CONSENT TO USE EXAM SESSION DATA FOR THE TRAINING AND DEVELOPMENT OF ARTIFICIAL INTELLIGENCE ALGORITHMS

By executing this consent in the manner provided below, you hereby provide Rosalyn, Inc. (“Rosalyn”) with express informed written consent to use your Exam Session Data (defined below) for the purposes described herein. Exam Session Data shall be collected and maintained in accordance with the terms herein and in the Rosalyn.ai Application and Service Privacy Policy (LINK).

1. “Exam Session Data” means the information we collect about you while you make use of the Rosalyn remote exam proctoring service (the “Service”, as further described in the Rosalyn.ai End User Terms of Use), including but not limited to:

• A webcam photo of your photo ID;
• Video and/or pictures collected from your webcam, including face images and resulting biometric information;
• Audio collected from your microphone;
• List of processes running on your device;
• Identifying information such as name, e-mail address, and other unique personal identifiers;
• Information transmitted to us during your use of the Services;
• Information you provide when contacting us for help;
• Device IDs, IP Addresses, and/or other unique identifiers; and
• Keystrokes and mouse/trackpad inputs.

2. When It Is Collected.   Exam Session Data in the moments leading up to, and during, your taking of your exam.

3. How It Is Stored. Rosalyn shall use commercially reasonable measures, in line with industry standards, to protect Exam Session Data from loss, misuse, unauthorized access, disclosure, alteration, and destruction. Access to the Exam Session Data shall be restricted to those with a bona fide need to know the information. We will notify you in the event of a known breach of your Exam Session Data.

4. How Long It Is Stored. Rosalyn shall retain the Exam Session Data indefinitely, until the earlier of: a.)your withdrawal of your consent; b.) Rosalyn no longer having a reasonable basis to keep the Exam Session Data; and c.) any time limits set by applicable law.
‍
Exam Session Data of Illinois residents shall not, in any case, be maintained for longer than three (3)years.

When we dispose of the Exam Session Data, we will do so in a secure manner.

5. How It Is Used. Exam Session Data may be used for the training, development, troubleshooting, and quality assurance of artificial intelligence algorithms for, relating to, or otherwise arising from Rosalyn’s exam proctoring services (the “Algorithms”).

The Algorithms, their underlying technologies, any embodiments and derivatives thereof, and all intellectual property rights therein, are wholly owned by Rosalyn; and Rosalyn shall have full discretion to disclose, use, distribute, or otherwise exploit the Algorithms as it sees fit.

6. When It Is Disclosed.   Exam Session Data shall be disclosed to third-parties only in connection with, or otherwise as necessary for, the training of the Algorithms, the provision and improvement of the Services, and as otherwise described in the Rosalyn.ai Application and Services Privacy Policy (LINK). Rosalyn does not otherwise share your Exam Session Data with any third-parties. Rosalyn will notify you if your Exam Session Data is inadvertently disclosed or is the subject of a data breach.

7. Other Terms. These terms are in addition to, and not in lieu of, other terms you have agreed to in connection with your use of the Rosalyn remote exam proctoring service, including but not limited to the terms of the Rosalyn.ai End User Terms of Use (LINK) and the Rosalyn.ai Application and Services Privacy Policy (LINK). Rosalyn shall have sole discretion with respect to whether to accept or otherwise use your Exam Session Data for the purposes described herein.

8. Illinois Residents, Taxpayers, Students, and Others. You may not consent to submit biometric data that is subject to the Illinois Biometric Information Privacy Act (“BIPA”). You SHALL NOT check the box below or click “I Agree” if one or more of the following are true:

• you are a resident of Illinois;
• you pay taxes in Illinois;
• you attend a university or educational institution in Illinois;
• your device has an IP address originating in Illinois; or
• the Illinois Biometric Information Privacy Act applies to your biometric data.

By checking the box below and clicking “I Agree”, I hereby consent to the use, storage, and disclosure of my Exam Session Data as described herein.

‍

We take security and privacy matters seriously and have taken measures to protect our customers' data at all times. Our commitment to  data protection and care for privacy is reflected in how we design our products, how we implement operational security practices and the technology choices we make.

Security of cloud datacenters

For cloud infrastructure controls implementation and verification we leverage a host of AWS security services. AWS SOC Compliance information can be found here . In addition to SOC, AWS ISO and CSA STAR certifications can be reference here:

Security for computing

Rosalyn's security model is based on the NIST Cybersecurity Framework (CSF) and SOC 2 Criteria of Security and Confidentiality, with additional controls for compliance with international privacy laws and regulations (EU GDPR, California CCPA, Illinois BIPA, etc.). For the higher education market, Rosalyn specifically targets the HECVAT standard. Rosalyn intends to implement an SOC2 Type 2 audit in 2023

For cloud infrastructure controls implementation and verification we leverage a host of AWS security services.

The target security standards used to track progress are

• Center for Internet Security (CIS) AWS Foundations Benchmark standard
• AWS Foundational Security Best Practices

For penetration testing of components deployed into production, Rosalyn works with penetration testing specialist vendors.

Risk Assessments are carried out inside Rosalyn and implementation of mitigations are planned as part of sprints.

Data Security

All data in production systems inside Rosalyn are also encrypted in flight and at rest using industry standard algorithms such as AES-256 or protocols such as HTTPS, TLS and SSH. All access to production data is logged. For all cloud resources Rosalyn leverages identity and access management for defining user access and policies for fine-grained user and systems access control across all of our hosting systems. All hosting systems are separated by account level access barriers for further layers of security.  Rosalyn also provides additional controls and governance capabilities, to further protect our customers' users and data.

Special consideration is given to Personally Identifiable Information (PII). All PII data flows are mapped out throughout development of our systems and clearly documented and understood throughout the organization. Lifecycles for all data, including PII is defined and maintained through established processes in order to comply with applicable regulations including GDPR.

Endpoint Security

Corporate desktops and laptops are managed by enterprise device management and endpoint protection software.

Business Continuity and Disaster Recovery

All of Rosalyn's software services are available 24 / 7.

All data stores inside Rosalyn are backed up on a continuous basis. Our main database offers global deployment over multiple regions and disaster recovery from region-wide outages. It uses storage-based replication with typical latency of less than 1 second, using dedicated infrastructure that leaves our database fully available to serve application workloads. In the event of a regional degradation or outage, one of the secondary regions can be promoted to read and write capabilities in less than 1 minute.

We currently target a Recovery Time Objective and Recovery Point Objective of under two hours with the goal of reducing this further in Q3 2022.

In accordance with Rosalyn's Business Continuity Policy, the Business Continuity Plan, testing, and procedures are updated and performed annually.

Security Software Development Lifecycle Standard

Through our platform's planning, development, and release processes, security practices are incorporated into the Rosalyn’s Software Development Lifecycle.

Vulnerability Prevention

Our Security Development Lifecycle follows OWASP guidelines.We contract with industry-leading penetration testing providers to examine our production architecture annually.

SSO

In order to provide SSO by any number of Identity Providers (IdPs), Rosalyn supports federated access via SAML 2.0.

Personnel Security

Rosalyn's security begins with its employees. Rosalyn implements security controls for its employees and contractors before, during, and after their tenure. Controls include security and privacy training and automated deprovisioning of logical and physical access to Rosalyn resources. Select Rosalyn staff also continuously receive advanced Cybersecurity Awareness Training in collaboration with select training partners.

Data Privacy

Our customers' privacy is important to us, and we take it very seriously. We do not sell, share, or export your data to third parties we gather from the use of our platform. As stated in your customer agreement, we only provide data to our sub-processors for use in processing your data. We do not process biometric information, and are compliant with GDPR, and BIPA regulations

Data Recovery

We regularly back up your data and target a RTO and RPO of 2 hours.

Data Deletion

Users, videos, and other data can be deleted directly from our Compliance Request service. Within X days of terminating a relationship with Rosalyn, all customer data will be removed from our systems.

Data Retention

Rosalyn video and audio recordings are retained according to company policies, with flexible configurations based on how long recordings should be kept before being deleted.

EU Datacenter

Rosalyn supports customers with organizational requirements around data residency, requiring EU citizen data to reside in the EU.

‍