Enterprise-Grade Security
Your data stays yours. We build AI solutions with security and privacy at the coreβdesigned for education institutions that trust us with their most sensitive information.
Compliance & Certifications
Built with education-specific privacy regulations in mind from day one
FERPA
Family Educational Rights and Privacy Act
Student data privacy protections for educational records
COPPA
Children's Online Privacy Protection Act
Protection for children under 13 years of age
GDPR
General Data Protection Regulation
EU data protection and privacy standards
SOC 2 Type II
Service Organization Control 2
Security practices aligned with SOC 2 standards
WCAG 2.1 AA
Web Content Accessibility Guidelines
Digital accessibility compliance standards
CCPA
California Consumer Privacy Act
California privacy rights compliance
Data Security Practices
Industry-leading security practices protecting your educational data
Encryption at Rest & In Transit
All data is encrypted using AES-256 encryption at rest and TLS 1.3 for data in transit.
Access Control
Role-based access control (RBAC) with principle of least privilege. Multi-factor authentication required.
Data Isolation
Multi-tenant architecture with strict data isolation. Your data never mixes with other clients.
Audit Logging
Comprehensive audit trails for all data access and system changes. Logs retained for compliance.
Regular Penetration Testing
Third-party security assessments and penetration testing conducted annually.
Secure Development
Secure SDLC practices including code reviews, static analysis, and dependency scanning.
Infrastructure Security
Enterprise-grade infrastructure built for reliability and security
Cloud Infrastructure
- Hosted on AWS with SOC 2 certified data centers
- US-based data residency by default
- EU data residency available for GDPR compliance
- Geographic redundancy across multiple availability zones
Monitoring & Response
- 24/7 automated security monitoring
- Real-time threat detection and alerting
- Incident response team with defined SLAs
- Regular disaster recovery testing
Backup & Recovery
- Automated daily backups with 30-day retention
- Point-in-time recovery capability
- Cross-region backup replication
- Documented recovery procedures
Privacy Commitments
Clear promises about how we handle your data
Your Data Stays Yours
You retain full ownership of all data you provide to us. We process your data only to provide our services.
No AI Training on Your Data
We never use your content or student data to train AI models. Your data is used solely to deliver your requested services.
Data Minimization
We only collect data necessary to provide our services. No excessive data collection or retention.
Right to Deletion
Request deletion of your data at any time. We process deletion requests within 30 days.
Transparent Processing
Clear documentation of how we use your data. No hidden purposes or surprise data sharing.
Student Privacy First
Educator-designed with student privacy as a foundational principle. Extra protections for minors.
Vendor & AI Provider Security
We carefully vet our technology partners to ensure they meet our security standards
Anthropic (Claude)
No training on API data. Prompts not stored beyond request processing.
OpenAI
API data not used for training. Zero data retention available.
AWS
Customer data ownership. Regional data residency options.
Questions About Security?
Our team is happy to discuss your specific security requirements, provide additional documentation, or walk through our security practices in detail.