DruptoQuiz LogoDruptoQuiz
Biometric Data Policy

Last updated: 07-01-2026

1. Introduction

Drupto Consultants Pvt Ltd ("we," "us," or "our") is committed to protecting your biometric data with the highest standards of privacy and security. This Biometric Data Policy explains how we collect, process, and protect biometric information when you use the proctoring features of DruptoQuiz (the "Platform"). This policy is designed to comply with applicable data protection laws, including India's Digital Personal Data Protection Act, 2023 (DPDP Act).

By using the Platform's proctoring features, you acknowledge that you have read and understood this policy. If you do not agree with any part of this policy, you may opt-out of biometric processing as described in Section 7.

2. What Constitutes Biometric Data

For the purposes of this policy, "biometric data" refers to any personal data resulting from specific technical processing relating to the physical, physiological, or behavioral characteristics of a natural person, which allow or confirm the unique identification of that natural person.

In the context of our Platform's proctoring system, biometric data includes:

  • Facial landmarks – Mathematical coordinates representing key points on your face (e.g., positions of eyes, nose, mouth, jawline)
  • Gaze vectors – Directional data indicating where you are looking on the screen
  • Head pose estimation – Orientation and rotation of your head in three-dimensional space
  • Presence detection signals – Binary indicators confirming whether a human face is present in the camera feed

Important: Our system does not capture or store photographic images, video recordings, or any raw visual data of your face. We process only the mathematical representations (landmarks and vectors) derived from the camera feed.

3. How We Use Biometric Data

We use biometric data exclusively for the purpose of proctoring integrity and monitoring during quiz sessions. Specifically, biometric processing enables:

  • Attention monitoring – Detecting when a user looks away from the screen for extended periods
  • Presence assurance – Ensuring the test-taker remains present throughout the quiz duration
  • Fraud prevention – Identifying potential cheating behaviors such as multiple faces in frame or unauthorized assistance
  • Behavioral analysis – Monitoring for suspicious activities that may indicate academic dishonesty

Important clarification: Our system does not perform identity verification or store any facial data for future recognition. We do not compare biometric data against stored templates or verify that the registered user is the person taking the quiz. All processing is real‑time and focused solely on proctoring integrity.

Biometric processing helps maintain the fairness and credibility of assessments conducted on our Platform. This constitutes a legitimate use and a lawful purpose under the DPDP Act.

4. Local‑Only Processing & Security

We implement a privacy‑by‑design approach to biometric data processing:

  • No transmission to servers – All biometric processing occurs entirely within your web browser using client‑side technologies (MediaPipe by Google). No biometric data is ever transmitted to our servers or any third‑party servers.
  • No storage – Biometric data is processed in real‑time and immediately discarded after each processing cycle. We do not create persistent copies, databases, or backups of your biometric data.
  • Encrypted in‑memory processing – While being processed, biometric data remains in the browser's protected memory space and is never written to disk.
  • No cross‑session tracking – Biometric data from one quiz session is not linked to biometric data from any other session.

This local‑only architecture ensures that your biometric information never leaves your device, providing the highest possible level of privacy protection.

5. Consent Mechanism

We require explicit, informed consent before any biometric processing begins. Our consent mechanism includes:

  • Pre‑quiz disclosure – Before starting a proctored quiz, you will see a clear explanation of what biometric data will be processed and for what purpose.
  • Granular consent checkbox – You must actively check a box labeled "I consent to biometric processing for proctoring purposes" to proceed with the quiz.
  • Withdrawal at any time – You may withdraw consent during the quiz by exiting the proctored session, though this may result in quiz termination as per our Terms and Conditions.
  • Separate from general terms – Biometric consent is obtained separately from general terms acceptance, ensuring it is not bundled or hidden.

Consent is recorded in our system logs (without storing biometric data) to demonstrate compliance with legal requirements.

6. Data Retention & Deletion

We adhere to a strict zero‑retention policy for biometric data:

  • Immediate deletion after processing – Each batch of biometric data is deleted immediately after the corresponding proctoring check is completed (typically within milliseconds).
  • Automatic cleanup at quiz end – When a quiz session ends, all temporary in‑memory biometric data is permanently erased.
  • No archival – We do not archive, backup, or retain biometric data for any period beyond the immediate processing need.
  • Verifiable deletion – Our system architecture ensures that biometric data cannot persist beyond the current browser session.

The only records we retain are non‑biometric metadata such as timestamps of consent, quiz completion status, and proctoring flags (e.g., "attention lapsed at 12:05"). These metadata contain no biometric identifiers.

7. User Rights & Opt‑Out

You have the following rights regarding your biometric data:

  • Right to opt‑out – You may choose not to consent to biometric processing. However, please note that opting out of biometric proctoring may limit your access to certain quizzes that require proctoring for integrity purposes.
  • Right to information – You may request details about what biometric data would be processed and how it is protected.
  • Right to withdraw consent – You may withdraw previously given consent at any time, though this may affect your ability to complete ongoing proctored quizzes.
  • Right to grievance redressal – Under the DPDP Act, you have the right to contact our Grievance Officer regarding any concerns about biometric data processing.

To exercise any of these rights, or if you have questions about our biometric data practices, please contact us using the information in Section 9.

8. Third‑Party Technologies

Our biometric processing relies on MediaPipe, a Google‑developed library for on‑device machine learning. MediaPipe runs entirely within your browser and does not transmit data to Google or any other third party. We have configured MediaPipe to operate in privacy‑preserving mode where all processing is local and no telemetry is collected.

For more information about MediaPipe's privacy features, please refer to Google's Responsible AI Practices.

9. Contact Information

If you have questions, concerns, or wish to exercise your rights regarding biometric data, please contact:

Data Fiduciary:
Drupto Consultants Pvt Ltd
Email: support@druptoconsultants.com

Grievance Officer (DPDP Act):
Saurabh Chandra
Email: saurabh.chandra@druptoconsultants.com

10. Changes to This Policy

We may update this Biometric Data Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of any material changes by posting the updated policy on this page and updating the "Last updated" date.