30 days. Encrypted.
Yours to define.
Webcam, screen, and audio captured to the level you choose. Stored on Codility infrastructure for a defined window. Customer-defined retention is in development on the near-term roadmap.
Used by regulated and security-led organizations worldwide
The answers
The questions we get most often in security questionnaires, with the short answers first. Detail and rationale follow below.
| Question | Answer |
|---|---|
| What is captured at Level 2? | Periodic webcam snapshots and periodic screen snapshots taken throughout the assessment. |
| What is captured at Level 3, the Advanced tier? | A continuous recording of the candidate’s webcam, a continuous recording of the candidate’s screen, and a continuous recording of the candidate’s audio for the full session. |
| Where is it stored? | On Codility-managed infrastructure. Encrypted at rest. Access is controlled to authorized reviewers in the customer’s account. |
| Default retention? | 30 days for all proctoring artifacts at every level. After 30 days the data is deleted. |
| Can the retention period be customized today? | A shorter retention window can be configured through Codility support. Self-serve, customer-defined retention is in development on the near-term roadmap. |
| Does Codility use a sub-processor for proctoring storage? | For storage, no. Recordings are stored on Codility-managed infrastructure. For session recording and media processing, Codility uses Twilio as a sub-processor; recordings are transferred to Codility’s environment for retention. |
What each level captures
Two operating modes. Pick the one that matches the stakes of the role and the scrutiny it will receive.
| Level 2 | Level 3, Advanced | |
|---|---|---|
| Webcam | Periodic snapshots | Full continuous video |
| Screen | Periodic snapshots | Full continuous video |
| Audio | Not captured | Full continuous audio |
| Storage location | Codility infrastructure, encrypted at rest | Codility infrastructure, encrypted at rest |
| Default retention | 30 days | 30 days |
| Typical use case | Standard integrity signal across high-volume assessments | High-stakes hiring, regulated industries, executive and security-cleared roles |
Why 30 days
Three reasons it is built this way, each one written for a reviewer who has to defend the choice internally.
Defensibility window
Long enough for review, dispute, and sign-off on the typical hiring decision cycle. Short enough that it is not your auditor’s first question.
Data minimization by default
Codility does not retain proctoring artifacts longer than the review need. The default is a deletion event, not an opt-out.
Predictable obligations
One documented retention period across all proctoring levels simplifies your DPIA, your DPA disclosures, and your right-to-erasure response.
Compared to common alternatives
Some platforms retain proctoring evidence indefinitely. Others push storage to the customer and offer no native review tools. Codility’s 30-day default sits deliberately between the two: reviewable when you need it, gone when you do not.
Customer-defined retention windows, configurable from your admin console without a support request, are in development on the near-term roadmap. Until then, shorter retention is available through Codility support.
High-stakes hiring such as executive, security-cleared, and regulated industry roles. Audited hiring decisions. Jurisdictions with strict data-minimization expectations.
codility.com