Socratease, Inc. ("Socratease", "we," "us," or "our") respects the privacy of its Users ("User,"
explains how we collect, use, disclose, and safeguard your information when you use our product
Equip (the "Platform") through Socratease's
We are committed to protecting the privacy of our Users whose information is collected and stored
while using Equip.
The capitalized terms have the same meaning as ascribed in our
Terms of Service as applicable, unless otherwise noted
INFORMATION AND HOW WE WILL TREAT IT. BY ACCESSING OR USING OUR WEBSITE, AND PLATFORM, YOU
ACCESS AND USE OUR WEBSITE, AND PLATFORM.
WE DO NOT SELL YOUR PERSONAL INFORMATION, NOR DO WE INTEND TO DO SO. WE DO NOT GIVE
ACCESS TO YOUR PERSONAL INFORMATION TO THIRD PARTIES EXCEPT TO SUBPROCESSORS TO ASSIST US IN THE
PROVISION OF OUR SERVICES TO YOU.
WHAT INFORMATION DO WE COLLECT?
When you register to use our Website, or Platform, we collect personal information (also
referred to as personally identifiable information or "PII") which may include your name, online contact information such as your email address or username,
phone number, and other personal information like photograph, audio file, and video file. The
information so collected will be stored on our servers.
Geolocation and Equipment Information. We may
collect information that does not personally identify you such as (i) your geolocation, and (ii)
information about your internet connection, the equipment you use to access our Website, or
Platform, and usage details.
Financial Information. We currently do not
collect or store any credit cards or bank information, as we are using a third-party payment
information. We will also inform you via reasonable means if we start collecting such
information from you.
HOW DO WE COLLECT INFORMATION?
We collect personal information from you in the following ways:
- At registration on our Website, or Platform;
In email, text, and other electronic messages between you and our Website, or Platform;
From you placing an order, which includes details of transactions you carry out on our Website, or Platform;
- From your responses to a survey;
- From forms filled out by you;
- From our integrated SAAS tool to your website;
- From records or copies of correspondences (including email addresses) if you contact us;
- Captured live images through the web camera and screen-sharing;
- From search queries on our Platform; and
- When you post information to be published or displayed on our Website, or Platform.
We collect information from you automatically when you navigate through our Website, or
Platform in the following ways:
- Usage details;
- IP addresses;
- Information obtained through browser cookies; and
- Other tracking technologies.
HOW DO WE USE YOUR INFORMATION?
We use the information that you provide to:
- Personalize your experience in using our Platform;
- Provide you with information, products, or services requested from us;
- Present our Website, and Platform and their contents to you;
Provide you with notices about account and/or subscription, including expiration and renewal
Carry out obligations and enforce rights arising from contracts entered into between you and us,
including billing and collection;
- Notify you about changes to our Website, and Platform and any products or services;
- Allow you to participate in interactive features on our Website, and Platform;
- Improve the Website, and Platform;
- Improve our customer service;
- Administer surveys;
- Process transactions;
- Contact you for other purposes with your consent;
- Contact you about our products and services that may be of interest; and
Send you periodic emails, in accordance with the CAN-SPAM Act of 2003 as detailed in
Section 17, via the email address provided by you to
(i) send information, respond to inquiries, and/or other requests or questions; (ii) process orders
and send information and updates pertaining to such orders; (iii) send additional information
related to your product and/or service; and (iv) market to our mailing list or continue to send
email to you after the original transaction has occurred.
Cookies are small pieces of text used to store information on web browsers. Cookies are used to store
and receive identifiers and other information on computers, phones, and other devices. Other
technologies, including data we store on your web browser or device, identifiers associated with your
these technologies as "Cookies."
interactions in order to offer better site experiences and tools in the future, and (b) allow trusted
third-party services that track this information on our behalf. You can set your browser to refuse all
or some browser Cookies, but it may affect your user experience. We honor Do Not Track signals and, if
one is in place, we will not track, plant cookies, or use advertising.
We allow third party behavioral tracking and links to third-party web pages. Occasionally, at our
discretion, we may include or offer third-party products or services on our Website, or Platform.
These third-party sites have separate and independent privacy policies. We, therefore, have no
responsibility or liability for the content and activities of these linked sites. Nonetheless, we seek
to protect the integrity of our Website, or Platform and welcome any feedback about these sites.
Please contact us at firstname.lastname@example.org.
HOW DO WE PROTECT INFORMATION WE COLLECT?
Our Website and receive regular security scans and penetration tests. Our Website also
receive regular malware scans. In addition, our Website use an SSL certificate as an added
security measure. We require username and passwords for our employees who can access your personal
information that we store and/or process on our Platform and servers. In addition, we actively prevent
third parties from getting access to your personal information that we store and/or process on our
Platform and servers. We accept payment by credit card through a third party credit card processor on
our behalf. We will implement reasonable security measures every time you (a) place an order, or (b)
enter, submit, or access your information, (c) register, or (d) access our Platform, on our Website and
DATA SECURITY MEASURES.
Security Measures. We have implemented measures
designed to secure your personal information from accidental loss and from unauthorized access, use,
alteration, and disclosure. All information you provide to us is stored on our secure servers behind
firewalls. The safety and security of your information also depends on you. Where we have given you
(or where you have chosen) a password for access to certain parts of our Website, or Platform,
you are responsible for keeping this password confidential. We ask you not to share your password
with anyone. Unfortunately, the transmission of information via the internet is not completely
secure. Although we do our best to protect your personal information, we cannot guarantee the
security of your personal information transmitted to our Website, or Platform. Any transmission
of personal information is at your own risk. We are not responsible for circumvention of any privacy
settings or security measures contained on our Website, or Platform.
Fair Information Practice Principles. In the event
of a personal data breach, we will notify you within seventy-two (72) hours via (i) email and/or
(ii) our Platform notification system on our Website and/or App. We agree to the individual redress
principle, which requires that individuals have a right to pursue legally enforceable rights against
data collectors and processors who fail to adhere to the law. This principle requires not only that
individuals have enforceable rights against data users, but also that individuals have recourse to
courts or a government agency to investigate and/or prosecute non-compliance by data processors.
DISCLOSURE OF PERSONAL INFORMATION
There are times when we may share Personal Information, which you have shared with us, with others to
enable us to provide you over Services, including contractors, service providers, and third parties
("Partners"). This section discusses only how Socratease
may share such information with Partners. We will ensure that our Partners protect your Personal
Information. The following describe how and with whom we may share your Personal Information:
Disclosure of Personal Information.
Other Disclosure of Personal Information.
We will disclose personal information (i) to comply with any court order, law, or legal
process, including to respond to any government or regulatory request, (ii) to enforce or
apply our Terms of Service and other
agreements, including for billing and collection purposes, (iii) if we believe it is
necessary or appropriate to protect the rights, property, or safety of Socratease, our
customers or others, and/or (iv) if it is necessary or appropriate to protect the rights,
property, or safety of Socratease, our customers, or others, and this includes exchanging
information with other companies and organizations for the purposes of fraud protection and
credit risk reduction.
We may disclose information of your exam session to your educational institution/test
administrator/organization upon request. This information includes, but is not restricted
to, video and audio recording, images taken via your camera, your device information, your
IP Address, etc. We do this so that your educational institution/certifying entity can
verify that you were the person taking the exam and that no exam protocols were violated.
Third Party Disclosure.
We do not sell, trade, rent, or otherwise transfer personal information to others, unless we
provide you with advance notice. This does not include our hosting partners and other
parties who assist us in operating our Website, or Platform, conducting our business,
or servicing you, so long as those parties agree to keep this information confidential.
We do not provide non-personally identifiable visitor information for marketing purposes.
Choices Users Have About How Socratease Uses and Discloses Information.
Tracking Technologies and Advertising. You
can set their browser to refuse some or all the browser cookies, but if you disable or
DATA RETENTION POLICIES
These policies are applicable to you and your tests after you have accepted the current version of the
Audio and Visual PII: Files like audio recordings and photos and screenshots of the
test-taker and the test-taker's environment. We retain such data for a maximum of 3 months on our
Test Session Metadata: Metadata about the Audio and Visual PII. These constitute the events
based on which the Trust Score is calculated. (For example, User 42 switched to a different tab at
12.24 PM on 12th April, 2021 while taking Test 23.). We retain such data for a maximum of 4 months
on our servers.
Platform. Google uses first-party Cookies, such as Google Analytics Cookies, to compile data regarding
User interactions with ad impressions and other ad service functions as they relate to our Platform. We
currently use Google Analytics to collect and process certain Website usage data. To learn more
about Google Analytics and how to opt-out, please visit
FOR OUR EUROPEAN CUSTOMERS AND VISITORS
We are headquartered in the United States of America. Most of our operations are located in the United
States and India. Your Personal Information, which you give to us during registration or use of our
Website or Platform, may be accessed by, transferred to, stored by, or processed by us in India
and/or the US. Our servers or our third-party hosting services partners are located in the United
States/India. By using our site, you consent to any transfer of your Personal Information out of Europe,
UK, or Switzerland for processing in the US or other countries.
We will comply with the EU Standard Contractual Clauses with respect to the transfer of Personal
Data from the EU to the India and/or US for processing. If there is any conflict between the terms
terms and conditions in the EU Standard Contractual Clauses will govern. For the purposes of this
mean the standard contractual clauses for the transfer of personal data to processors established in
the US. (Commission Decision 2010/87/EC).
Obligations of the data importer (processors)
The data importer agrees and warrants:
to process the personal data only on behalf of the data exporter and in compliance with
its instructions and the Clauses; if it cannot provide such compliance for whatever
reasons, it agrees to inform promptly the data exporter of its inability to comply, in
which case the data exporter is entitled to suspend the transfer of data and/or
terminate the contract;
that it has no reason to believe that the legislation applicable to it prevents it from
fulfilling the instructions received from the data exporter and its obligations under
the contract and that in the event of a change in this legislation which is likely to
have a substantial adverse effect on the warranties and obligations provided by the
Clauses, it will promptly notify the change to the data exporter as soon as it is aware,
in which case the data exporter is entitled to suspend the transfer of data and/or
terminate the contract;
that it has implemented the technical and organizational security measures before
processing the personal data transferred;
that it will promptly notify the data exporter about:
any legally binding request for disclosure of the personal data by a law
enforcement authority unless otherwise prohibited, such as a prohibition under
criminal law to preserve the confidentiality of a law enforcement investigation,
- any accidental or unauthorized access, and
any request received directly from the data subjects without responding to that
request, unless it has been otherwise authorized to do so;
to deal promptly and properly with all inquiries from the data exporter relating
to its processing of the personal data subject to the transfer and to abide by
the advice of the supervisory authority with regard to the processing of the
at the request of the data exporter to submit its data processing facilities for
audit of the processing activities covered by the Clauses which shall be carried
out by the data exporter or an inspection body composed of independent members
and in possession of the required professional qualifications bound by a duty of
confidentiality, selected by the data exporter, where applicable, in agreement
with the supervisory authority;
to make available to the data subject upon request a copy of the Clauses, or any
existing contract for sub-processing, unless the Clauses or contract contain
commercial information, in which case it may remove such commercial information,
with the exception of Appendix 2 which shall be replaced by a summary
description of the security measures in those cases where the data subject is
unable to obtain a copy from the data exporter;
that, in the event of sub-processing, it has previously informed the data
exporter and obtained its prior written consent;
that the processing services by the sub-processor will be carried out in
accordance with Clause 11;
to send promptly a copy of any sub-processor agreement it concludes under the
Clauses to the data exporter.
Obligations of the data exporter
The data exporter agrees and warrants:
that the processing, including the transfer itself, of the personal data has been and
will continue to be carried out in accordance with the relevant provisions of the
applicable data protection law (and, where applicable, has been notified to the relevant
authorities of the Member State where the data exporter is established) and does not
violate the relevant provisions of that State;
that it has instructed and throughout the duration of the personal data processing
services will instruct the data importer to process the personal data transferred only
on the data exporter's behalf and in accordance with the applicable data protection law
and the Clauses;
that the data importer will provide sufficient guarantees in respect of the technical
and organizational security measures;
that after assessment of the requirements of the applicable data protection law, the
security measures are appropriate to protect personal data against accidental or
unlawful destruction or accidental loss, alteration, unauthorized disclosure or access,
in particular where the processing involves the transmission of data over a network, and
against all other unlawful forms of processing, and that these measures ensure a level
of security appropriate to the risks presented by the processing and the nature of the
data to be protected having regard to the state of the art and the cost of their
- that it will ensure compliance with the security measures;
that, if the transfer involves special categories of data, the data subject has been
informed or will be informed before, or as soon as possible after, the transfer that its
data could be transmitted to a third country not providing adequate protection within
the meaning of Directive 95/46/EC;
to make available to the data subjects upon request a copy of the Clauses, with a
summary description of the security measures, as well as a copy of any contract for
sub-processing services which has to be made in accordance with the Clauses, unless the
Clauses or the contract contain commercial information, in which case it may remove such
commercial information; and
that, in the event of sub-processing, the processing activity is carried out in at least
the same level of protection for the personal data and the rights of the data subject as
the data importer under the Clauses.
The parties agree that any data subject, who has suffered damage as a result of any
breach of the obligations referred above by any party or sub-processor is entitled to
receive compensation from the data exporter for the damage suffered.
If a data subject is not able to bring a claim for compensation in accordance with
paragraph a against the data exporter, arising out of a breach by the data importer or
his sub-processor of any of their obligations referred to above, because the data
exporter has factually disappeared or ceased to exist in law or has become insolvent,
the data importer agrees that the data subject may issue a claim against the data
importer as if it were the data exporter, unless any successor entity has assumed the
entire legal obligations of the data exporter by contract of by operation of law, in
which case the data subject can enforce its rights against such entity.
If you are a resident of or a visitor to Europe, you have certain rights with respect to
the processing of your Personal Data, (referred here as Personal Information), as
defined in the GDPR.
Please note that in some circumstances, we may not be able to fully comply with your
request, or we may ask you to provide us with additional information in connection with
your request, which may be Personal Information, for example, if we need to verify your
identity or the nature of your request. It may also be because the request may interfere
with the purpose of Equip. For instance, if you request that we delete all
information related to your exam session, we will need to contact your Testing
Institution to verify that there were no violations or other issues during your testing
processOnce they verify and confirm, we shall process your request to delete
In such situations, however, we will still respond to let you know of our decision. As
used herein, "Personal Information"
means any information that identifies you as an individual, such as name, address, email
address, IP address, phone number, business address, business title, business email
address, company, etc.
To make any of the following requests, please contact us (i) via email at
email@example.com, or (ii) by writing
to us at Socratease, Inc., 21536 Saratoga Heights Dr., Saratoga, California 95070,
Access: You can request more information about the Personal
Information we hold about you. You can also request a copy of the Personal
Rectification: If you believe that any Personal Information we are holding about you is
incorrect or incomplete, you can request that we correct or supplement such
data. Please contact us as soon as possible upon noticing any such inaccuracy or
Objection: You can contact us to let us know that you object to the collection or
use of your Personal
Information for certain purposes.
Erasure: You can request that we erase some or all of your Personal
Information from our systems.
Restriction of Processing: You can ask us to restrict further processing of your Personal Information.
Portability: You have the right to ask for a copy of your Personal Information in a
machine-readable format. You can also request that we transmit the data to
another entity where technically feasible.
Withdrawal of Consent: If we are processing your Personal Information based on your consent (as
indicated at the time of collection of such data), you have the right to
withdraw your consent at any time. Please note, however, that if you exercise
this right, it may limit your ability to use some/ all of our Services or
Platform and you may have to then provide express consent on a case-by-case
basis for the use or disclosure of certain of your Personal Information, if such
use or disclosure is necessary to enable you to utilize some or all of our
Services and Platform.
Right to File Complaint: You have the right to lodge a complaint about our practices with respect to
your Personal Information with the supervisory authority of your country or EU
Member State. Please go to
to locate your Data Protection Authority.
will respond to your inquiry within thirty (30) days of the receipt.
FOR OUR CANADIAN USERS
visitors, users, and others to our Website, or Platform, who reside in Canada ("consumers" or "you"). We comply with the Personal Information
Protection and Electronics Document Act of 2000 ("PIPEDA") and any terms defined in the PIPEDA have the same meaning when used in this Section.
Definition of Personal Information. Any information
about an identifiable individual. Whatever may be the physical form or characteristics of a
particular regime for "business contact information" (name, position, title, address, professional
phone number, etc.)
Right to Access Personal Information. You can
request to access your personal information we hold about you. We will first confirm whether you
have requested such information, explain how we have used your information, provide a list of names
with whom your information has been shared and provide a copy of your information in an accessible
format and make alternative formats available if requested.
Right to be Forgotten. Your information will be kept
with us for as long as it is required for the fulfillment of the purposes of our Equip
Platform. Unless we otherwise give you notice, we will retain your Information on our Equip
Platform on your behalf until such times as you or we terminate your User Account.
Data Breach Notification. We will send a
notification to you as soon as feasible regarding the information of any breach that creates a "real
risk of significant harm" to you. We keep a record of every data breach and, on request, provide the
Office of the Privacy Commissioner with access to the record.
Canadian Privacy Officer. We have appointed a
Canadian Privacy and Data Protection Officer, Jayanth Neelakanta at
firstname.lastname@example.org, to make sure the privacy rights
of our Canadian users are protected in compliance with PIPEDA.
Two Factor Authentication. You may enable two-factor
authentication on your account to help ensure that only you can access your account. If you do, in
addition to entering your password to log in to your account to access the Equip Platform, we
will send a code to your mobile number, which you will need to enter. This added security prevents
anyone else from accessing your Equip account unless they have access to your login
Contact Information. You may contact us (i) at
email@example.com, or (ii) by writing to us at
Jayanth Neelakanta, at 21536 Saratoga Heights Dr., Saratoga, California 95070, United States to (i)
make a Personal Information Request, (ii) correct your personal information, (iii) discuss our
days of receiving such a request or query. Additionally, in order for us to respond to your request
or query, we will need to collect information from the requesting party to verify their identity.
YOUR CALIFORNIA PRIVACY RIGHTS
Equip does not sell, trade, or otherwise transfer to outside third parties your "Personal Information" as the term is defined under the California Civil Code Section § 1798.82(h). Additionally,
California Civil Code Section § 1798.83 permits Users of our Website, or Platform that are
California residents to request certain information regarding our disclosure of their Personal
Information to third parties for their direct marketing purposes. To make a request for such disclosure,
please send an email to firstname.lastname@example.org or write us
at Socratease, Inc., 21536 Saratoga Heights Dr., Saratoga, California 95070, United States.
If you would like to discuss our Personal Information storage and processing process with us, please
send us an email at
email@example.com write us at Socratease, Inc., 21536 Saratoga Heights Dr., Saratoga, California 95070, United States.
STUDENT ONLINE PERSONAL INFORMATION PROTECTION ACT (UNDER 18 USERS ONLY)
The Student Online Personal Information Protection Act ("SOPIPA") is a California legislation that protects the privacy of K-12 candidates under the age of eighteen
(18). Under SOPIPA, we do not use any of the personally identifiable information (PII) of candidates under
18 collected while using our Platform to send them any marketing or targeted advertising.
In compliance with SOPIPA, all of the collected PII is used only to improve, develop, maintain, and
support the Website, and Platform.
FAMILY EDUCATIONAL RIGHTS AND PRIVACY ACT
Family Educational Rights and Privacy Act ("FERPA") is a
federal legislation that protects the privacy of candidates education records. FERPA applies to a variety
of information that directly relates to the candidate and is maintained by the educational institution or
an outside agency such as Socratease. We handle all candidate data in compliance with FERPA regulations.
While not all collected information is to be treated with the same scrutiny, an educational record, such
as a course name, assessment grades or audio and video sessions of a proctored exam, are highly
our practices, or make a request to inspect, review or amend an education record, please send an email
PROTECTION OF PUPIL'S RIGHTS ACT
The Protection of Pupil's Rights Act("PPRA") is a
federal legislation that gives parents and candidates who are enrolled in any program funded by the U.S.
Department of Education, the right to protect their informational privacy in certain categories such as
religion, sexual attitudes, family income, and so on.
In compliance with PPRA, Socratease does not administer or conduct any surveys or evaluations on
Equip that elicit information on any of the eight protected categories of the PPRA.
CAN-SPAM ACT OF 2003
The CAN-SPAM Act establishes requirements for commercial messages, gives recipients the right to have
businesses stop emailing them, and spells out penalties for violations. Per the CAN-SPAM Act, we will:
- not use false or misleading subjects or email addresses;
- identify the email message as an advertisement in some reasonable way;
include the physical address of Socratease, Inc., which is 21536 Saratoga Heights Dr., Saratoga,
California 95070, United States;
- monitor third-party email marketing services for compliance, if one is used;
- honor opt-out/unsubscribe requests quickly; and
- give an "opt-out" or "unsubscribe" option.
If you wish to opt out of email marketing, follow the instructions at the bottom of each email or
contact us at firstname.lastname@example.org and we will promptly
remove you from all future marketing correspondences.
Website, or Platform shall constitute your consent to such changes.
LIST OF THIRD-PARTY SERVICE PROVIDERS
Equip uses the following third-party service providers for the provision of services as detailed
under the Terms of Service, as applicable
|Name of Third-Party Service Provider
|Amazon Web Services Inc.
Address: 410 Terry Avenue North, Seattle, Washington 98109-5210, United States
Address: 510 Townsend St, San Francisco, California 94103, United States
Google HQ, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA
Posthog, Inc, CA, USA
DigitalOcean Inc, 101, 6th Ave, New York, NY, USA
Additionally, if you have any questions or concerns about our third-party service providers, please
email us at email@example.com.
COPYRIGHT INFRINGEMENT/DMCA NOTICE
If you believe that any content on our Website, or Platform violates your copyright, and you wish
to have the allegedly infringing material removed, the following information in the form of a written
notification (pursuant to the Digital Millennium Copyright Act of 1998 ("DMCA Takedown Notice")) must be provided to our designated Copyright Agent.
- Your physical or electronic signature;
- Identification of the copyrighted work(s) that you claim to have been infringed;
Identification of the material on our Website, or Platform that you claim is infringing and
that you request us to remove;
- Sufficient information to permit us to locate such material;
- Your address, telephone number, and email address;
A statement that you have a good faith belief that use of the objectionable material is not
authorized by the copyright owner, its agent, or under the law; and
A statement that the information in the notification is accurate, and under penalty of perjury, that
you are either the owner of the copyright that has allegedly been infringed or that you are
authorized to act on behalf of the copyright owner.
Socratease's Copyright Agent to receive DMCA Takedown Notices is Jayanth Neelakanta, at
firstname.lastname@example.org and at Socratease, Inc., Attn: DMCA
Notice, 21536 Saratoga Heights Dr., Saratoga, California 95070, United States. You acknowledge that for
us to be authorized to take down any content, your DMCA Takedown Notice must comply with all the
requirements of this Section. Please note that, pursuant to 17 U.S.C. § 512(f), any
misrepresentation of material fact (falsities) in a written notification automatically subjects the
complaining party to liability for any damages, costs and attorney's fees incurred by Socratease in
connection with the written notification and allegation of copyright infringement.
Privacy Officer Jayanth Neelakanta at
or 21536 Saratoga Heights Dr., Saratoga, California 95070, United States.
PLEASE NOTE: IF YOU USE OUR WEBSITE, OR PLATFORM, YOU HAVE AGREED TO AND ACCEPTED THE PRACTICES
TERMS OF SERVICE, AS APPLICABLE. IF YOU DO NOT AGREE WITH
PLEASE DO NOT USE OUR WEBSITE, OR PLATFORM.