Encryption everywhere
Data is encrypted in transit (TLS) and at rest using industry-standard algorithms.
Privacy & FERPA
Built around US privacy laws such as the CCPA/CPRA and FERPA for student data, with data-processing terms for institutions.
Access control & SSO
Role-based access, least-privilege defaults and single sign-on for organizations.
US data residency
Hosting with reputable US cloud providers, with data kept within the United States.
Audit logging
Key actions are logged so institutions can review and report on access.
Responsible AI
Clear boundaries on how learner data informs AI features, with human oversight retained.
How we protect your data
- Regular backups and resilience measures to keep your data safe and available.
- Vulnerability management and ongoing monitoring of our systems.
- Data-minimization: we collect only what’s needed to deliver the service.
- Clear processes for data subject requests and deletion.
We’re continually maturing our security program, including working towards recognized frameworks such as SOC 2 and ISO 27001.
This page summarises our approach and is not a contractual commitment. Institutions can request our security documentation and data-processing agreement during procurement.
Report a vulnerability
Found a security issue? Please disclose it responsibly. We read every report.