Privacy Policy

Privacy Policy

IRIS invigilation values the privacy of its users and is committed to handling their data responsibly and securely.

We will never sell any collected data to external parties. All recordings and personal information are solely used for invigilation purposes.

All staff and contractors working under IRIS invigilation must comply with Australia’s Privacy Act and this policy.
This policy explains how IRIS Invigilation gathers, manages, stores and discards all of the recordings and personal information through our browser extension and website.

Information We Collect

User information request prior to start of invigilation: When the extension is triggered upon accessing the online exam, the student will be required to enter details such as full name and student ID. This is for the assessor to be able to identify if the correct student is sitting for the examination only. Microphone and webcam permissions are requested by the extension at this initial state for the invigilation to be fully performed, which is processed on our servers to catch any suspicious activities and can be reviewed by the assessors.

A photo of the student’s ID is also taken at the next step. The photo is used to match against the person who is shown on the webcam to make sure no other person is sitting the exam in place of the student.

As the invigilation commences, the extension will request to share the student’s screen, which it will start capturing. Throughout the online exam, the audio, webcam and screen will be recorded in accordance to the client institution’s examination regulations and uploaded to IRIS Invigilation’s AWS servers for processing and review.

Log Data is also captured while the extension is running. Information such as IP address, which web browser and which version, timestamp and which errors have been encountered during the interaction. These details are only used for troubleshooting and maintenance purposes.

Other hosting regions for data are available for a client upon request, but by default all data is stored and processed in Sydney, Australia.

Data Retention

All the student recordings are kept on the IRIS Invigilation storage servers for 1 year. Following this period, the client institution can decide to keep copies of the data for safe keeping. IRIS Invigilation will not be held responsible for any mishandling of the data once the recordings are collected by the institute.


Enterprise grade security measures are in place to make sure the IRIS Invigilation servers are protected against data theft or accidental loss. All outgoing and incoming data is made via encrypted (HTTPS) protocol. Firewall and IPS protection have been implemented to prevent attacks, and root access to the servers are only permitted via AWS security groups.

Monitoring applications keeps logs on any suspicious activities and administrators are notified immediately once detected.

Daily snapshots of the servers are facilitated for disaster recoveries or any accidental deletion of data.