How we protect your academy's data.
Academy operators trust us with student and family data. We take that responsibility seriously.
All data is encrypted at rest (AES-256) and in transit (TLS 1.2+). Database connections, API calls, and file storage are all encrypted end-to-end.
Hosted on Amazon Web Services (AWS) in the United States. Private VPC networking, security groups, and NAT gateways isolate our infrastructure from the public internet.
Role-based access control (Admin, Editor, Viewer) at the workspace level. JWT authentication with RS256 signing and automatic token rotation.
Each workspace is logically isolated. Database query filters ensure no cross-tenant data leakage. Your data is never accessible to other academies.
Every AI agent action is logged with full reasoning. API exceptions are recorded with request context. You always know what happened and why.
We act as a data processor. Academy operators control their student data. We follow FERPA-aware practices and never sell or share student information.
Amazon Web Services (AWS), us-east-1 region. ECS Fargate for compute, RDS PostgreSQL for database, S3 for file storage, CloudFront for CDN delivery.
Private VPC with public and private subnets across multiple availability zones. Application Load Balancer with HTTPS enforcement. Backend services run in private subnets with no direct internet access.
JWT access tokens (RS256, 15-minute expiry) with opaque refresh tokens (30+ day rotation). Passwords hashed with BCrypt. Google OAuth available for passwordless login.
Database credentials and JWT signing keys stored in AWS Secrets Manager. Auto-generated with high entropy. Never stored in source code or environment variables.
Infrastructure managed with Terraform (infrastructure-as-code). Deployments via GitHub Actions with environment-scoped secrets. No manual changes to production infrastructure.
We're happy to answer any questions about how we protect your data.