Trust Center

1. Product Overview

Procta is an AI-proctored exam platform for educational institutions. The platform consists of:

• Student Browser — locked-down Electron app for exam-taking with camera, screen, and audio monitoring
• Teacher Dashboard — web-based dashboard for exam creation, live monitoring, grading, and reporting
• API Server — FastAPI backend handling authentication, exam logic, grading, and integrations
• Admin Console — organization management, billing, security settings, and operations monitoring

2. Security Controls

2.1 Data in Transit

• All traffic encrypted with TLS 1.3 via Caddy reverse proxy
• HSTS enforced on all production domains
• API endpoints behind rate-limited gateway (30–300 req/min per endpoint)

2.2 Data at Rest

• Database: AES-256 encryption via Supabase/PostgreSQL
• Secrets: Environment variables only, never stored in code or version control
• Password storage: bcrypt hashing
• One-time login codes (2FA): bcrypt-hashed before storage with bounded TTL

2.3 Authentication

• JWT-based authentication with short-lived tokens (configurable TTL)
• CSRF protection for all state-changing API requests
• Email-based two-factor authentication for teacher accounts
• Email verification required for new account creation
• Account lockout after 5 failed attempts (15-minute cooldown)
• Password complexity: minimum 10 characters, upper+lower+digit+symbol
• Top-1000 breached password check on signup

2.4 Application Security

• Rate limiting on all 172+ API endpoints (SlowAPI middleware)
• Input validation via Pydantic strict models on all endpoints
• XSS protection via Content-Security-Policy headers
• SQL injection protection via parameterized Supabase queries
• CSRF token validation on all JWT-authenticated mutations
• Automated dependency scanning (npm audit, pip-audit) in CI
• Secret scanning (Gitleaks), SAST (Semgrep), and container scanning (Trivy) in CI

2.5 Infrastructure Security

• Application hosted on DigitalOcean (Mumbai, India — BLR1 region)
• Database hosted on Supabase (AWS ap-south-1)
• Containerized deployment with non-root user
• Automatic HTTPS via Caddy + Let's Encrypt
• Docker Compose with resource limits (CPU, memory, swap disabled)
• Health checks on API, Redis, worker, disk, and storage

3. Privacy & Data Retention

Data Type	Retention Period	Deletion Mechanism
Exam screenshots	90 days	Automatic cleanup on startup + every 6 hours
Phone camera frames	24 hours	Redis TTL expiry
Violation logs	1 year	Account deletion anonymizes
Exam answers & scores	Duration of account	Account deletion anonymizes
Audit trails	1 year	Account deletion anonymizes
Student account data	Duration of account	Self-service export & deletion via Privacy Center
LTI learner data	LMS-managed	Governed by institution's LMS privacy policy

3.1 Data Processing

• Camera feeds processed on-device where possible; server-side analysis for violation detection
• AI grading prompts contain per-request question + answer data only — no training on customer data
• LLM provider (Groq / configurable) receives zero-shot prompts; no fine-tuning or persistent storage
• Consent recorded for all phone camera usage before stream initiation

3.2 Data Subject Rights

Students and teachers can exercise rights via the Privacy Center:

• Export — download all personal data as JSON
• Delete — anonymize all personal data and revoke account access
• Consent records — view audit trail of consent events
• Rectify — update profile information in dashboard settings

3.3 Compliance Frameworks

• DPDP Act 2023 (India) — consent management, data subject rights, data retention schedules, breach notification, DPA templates
• GDPR — data processing addendum, data export/deletion, sub-processor disclosure, data processing records
• FERPA (US) — student education records protected through access controls and audit trails

4. Subprocessors

Provider	Service	Data	Location
Supabase	PostgreSQL database, authentication, storage	All student & exam data	AWS ap-south-1 (Mumbai)
DigitalOcean	Application hosting	None (ephemeral compute)	BLR1 (Mumbai)
Redis	In-memory cache, session state, frame buffer	Session tokens, live frames (no persistent storage)	Co-located with application
Groq / LLM provider	AI grading suggestions	Question + answer text (zero-shot, no training)	Configurable (default: US)
Razorpay	Payment processing, subscriptions	Billing data only	India
Email provider	Transactional email (invites, notifications)	Email address, name	Configurable

5. Incident Response

1. Detection — Automated alerts via Sentry error tracking (error rate >5%, authentication anomalies). Infrastructure monitoring via health check endpoint (30s interval).
2. Classification — Severity levels: Critical (data breach, service outage), High (degraded performance, auth failures), Medium (non-critical bugs), Low (cosmetic issues).
3. Response — On-call engineer notified via Sentry/PagerDuty integration. Incident reviewed within 15 minutes for critical severity.
4. Containment — Rollback via docker compose up -d --no-deps api (previous image retained in GHCR). Database snapshots via Supabase point-in-time recovery.
5. Recovery — Full deploy pipeline: restore from last passing CI build, run migrations, health check, smoke test. Target: 30-minute RTO.
6. Post-mortem — Root cause analysis documented, preventive measures added to CI/test suite, deploy checklist updated.

6. Sample Scorecard

A sample exam scorecard (PDF) includes:

• Student identity verification status
• Exam metadata (title, duration, start/end time)
• Score breakdown by question type
• Violation summary with severity distribution
• Risk score with AI-generated triage summary
• Evidence screenshots with timestamps
• AI grading confidence per question (short-answer)
• Teacher override trail (audit log)