Security & Compliance
Enterprise-grade protection for student data. Built with security at every layer so schools can focus on what matters.
FERPA Ready
Designed to support US school compliance with the Family Educational Rights and Privacy Act. School Official designation available via DPA.
GDPR Aligned
Consent management, privacy controls, and Data Processing Agreements available for EU/UK schools. Compliance program in progress.
ST4S Aligned
Aligned with the Safer Technology 4 Schools framework for child safety and wellbeing.
Security Architecture
Multiple layers of protection for your school's data.
Encryption
AES-256 encryption at rest. TLS 1.3 for all data in transit. Database-level encryption via Supabase.
Multi-Tenant Isolation
Each school operates in an isolated data environment. Row-level security policies ensure no cross-tenant data access.
Authentication & Access Control
Secure authentication via Supabase Auth with support for SSO (Google, Microsoft/Azure AD). 14-role RBAC system controls feature and data access.
Audit Logging
Comprehensive audit trails for data access and modifications. Timeline-based activity tracking for compliance reporting.
Infrastructure
Hosted on Vercel (edge network, Sydney region) with Supabase (AWS-backed PostgreSQL, Sydney region). SOC 2 Type II compliant infrastructure providers.
Vulnerability Management
Regular dependency updates, automated security scanning, and responsible disclosure program. Sentry error monitoring for real-time issue detection.
Data Protection
Your data is protected at every stage of its lifecycle.
Only collect what is necessary for educational purposes
Schools can export their data in standard formats (coming soon for individual users)
Soft-delete with 30-day grace period. Full data removal upon contract termination
Automated daily backups with point-in-time recovery capability
Granular role-based permissions with 14 distinct roles
Data stored in regions appropriate to your school's jurisdiction
Infrastructure providers maintain SOC 2 and ISO 27001 certifications
Documented incident response plan with 24-hour notification to affected schools
Compliance Frameworks
Detailed alignment with major education-sector compliance frameworks.
FERPA Readiness
- TEX operates as a "School Official" with a legitimate educational interest under FERPA §99.31(a)(1), formalised through our Data Processing Agreement.
- Student education records are never re-disclosed to third parties except as authorised by the school or permitted under FERPA.
- Schools retain direct control over all student data within their tenant via administrative controls and the DPA.
- Platform supports schools in fulfilling parental and eligible student rights, including access, amendment, and consent to disclosures.
- Annual notification support materials provided to help schools include TEX in their FERPA disclosure requirements.
- Data return and certified deletion available upon contract termination to meet FERPA data handling obligations.
Operational Security
Secure Development Lifecycle
Code reviews, automated testing, and dependency scanning integrated into every release.
Employee Security
Background checks, security training, and least-privilege access for all team members.
Vendor Management
Third-party vendors are assessed for security posture. DPAs available from all providers and being executed.
Business Continuity
Disaster recovery plan with defined RTOs/RPOs and multi-region backup strategies.
Penetration Testing
Regular third-party penetration testing to identify and remediate vulnerabilities.