Security principles
- Least-privilege access
- Role-based permissions
- School and district data separation
- Audit logging
- Secure authentication
- Encrypted transmission
Access controls
Every user is scoped to their school, district, and role. The platform enforces these scopes at the database layer, not just in the UI.
- Teacher access — limited to classrooms they are explicitly assigned to. Teachers cannot see students, notes, behavior data, or support plans from other classrooms.
- School administrator access — limited to their school. School admins can manage classrooms, teachers, and students inside their school only.
- District administrator access — district-wide visibility and configuration, including retention policies, user invitations, and parent-amendment review.
Audit logging
The platform records security-relevant activities, including:
- Administrative actions (invitations, role changes, deletions)
- Student record exports and parent-amendment events
- Report access and AI insight generation
- Authentication events
Data protection
- Encryption in transit — all client and service-to-service traffic uses TLS 1.2+.
- Secure storage — data is encrypted at rest by the managed database provider.
- Backups — automated point-in-time backups are retained by our infrastructure provider.
- Access restrictions — production access is limited to a small set of named operators with multi-factor authentication and audit logging.
Multi-factor authentication for admins
District and school administrators are required to enroll a second factor before accessing administrative functions.
What we do not publish
We do not publish sensitive implementation details (specific infrastructure topology, secret rotation schedules, vendor-specific controls) on this page. Districts requiring this level of detail should request our security review through the Data Processing Agreement process.
