How Respondus Encrypts and Stores Your Mac Recording (2026 Architecture Review)
The encryption stack, end-to-end
| Stage | Encryption | Source of truth |
|---|---|---|
| Capture (camera/mic → Mac RAM) | None - raw frames in memory | AVFoundation framework |
| Local buffer (Mac → upload queue) | Not publicly documented | Group Container files |
| Upload (Mac → Respondus servers) | TLS 1.3 in transit | HTTPS to *.respondus.com |
| Server storage (S3 buckets) | AES-256 at rest, AWS-managed keys | Respondus privacy policy |
| Instructor playback | TLS 1.3 in transit | Dashboard playback URL |
Where the on-disk buffer lives
During an exam, Monitor writes pre-upload chunks to ~/Library/Group Containers/group.com.respondus.lockdownbrowser/. After successful upload (typically within 24 hours), the buffer is supposed to clear - but the leftover-files page documents cases where it persists for weeks.
What's in the buffer:
- Encoded MP4 chunks of your webcam feed.
- Microphone audio in the same MP4.
- Periodic JPEG screenshots of your Mac screen.
- The pre-exam ID photo.
Whether these files are encrypted on-disk is not publicly stated by Respondus. Forensic inspection of buffer files in 2025-2026 community testing has shown them to be readable as standard MP4/JPEG without decryption - meaning any process or user with read access to your home directory can view the content of an in-progress or stuck-buffer recording.
Server-side architecture
Respondus's privacy policy and Monitor resources documents confirm:
- Storage is AWS S3 buckets in
us-east-1(US students) oreu-west-1(EU students if institution opted into EU data-residency). - AES-256 server-side encryption with AWS-managed keys (SSE-S3).
- Bucket access requires institution-scoped IAM credentials - instructors at one university cannot access recordings from another.
- Default retention: 5 years from exam date, or until the institution requests deletion.
The encryption gaps to know
- On-disk buffer in plain MP4. If your Mac is shared, family-borrowed, or its disk is later accessed, recordings are readable until the buffer clears.
- Pre-TLS RAM frames. Any process with permission to read app memory can intercept frames before encryption. Mostly a concern for managed Macs with EDR.
- Instructor download = decrypted. Once an instructor downloads the recording for review, it lives on their local disk in plain MP4 - outside Respondus's encryption controls.
- Time Machine backups: the Group Container directory IS included by default. Long-term local storage of buffered chunks is possible.
What you can control on Mac
- Clear the buffer after every exam:
rm -rf ~/Library/Group\ Containers/group.com.respondus.lockdownbrowser/ - Exclude the directory from Time Machine: System Settings → Time Machine → Options → Exclude.
- Use the post-exam cleanup procedure to reduce dwell time.
- Server-side: see the GDPR or CCPA deletion request guides.
Frequently asked questions
Is my exam recording encrypted while it sits on my Mac?
Not in any documented way. Forensic testing of the on-disk buffer files shows them to be standard MP4 + JPEG, readable without decryption. Server-side storage is AES-256 encrypted, but the local buffer is the privacy gap - clear it after every exam.
Can my university IT see my recording before it reaches Respondus?
In transit, no - TLS 1.3 prevents man-in-the-middle inspection. But on a managed Mac with EDR (CrowdStrike, SentinelOne), agents may inspect process memory. Personal Macs are not subject to this.
How do I confirm my recording uploaded successfully?
Check the size of <code>~/Library/Group Containers/group.com.respondus.lockdownbrowser/</code> 24 hours after the exam. If it's under 10 MB, upload succeeded. If it's still hundreds of MB or several GB, upload likely failed - email your instructor.