Built for institutional review.
Every question your IT office will ask, answered plainly — FERPA posture, tenant isolation, encryption, integrations, subprocessors, and retention. No legal boilerplate to dig through.
FERPA posture
We act as a school official / service provider under the institution’s direction. Institutions own and control their students’ educational records; we process them only to provide the service.
Is student data ever sold?
No. No advertising, no data brokers, no training third-party models on your students’ work. Student data is used to run defenses, score them, and report to instructors — nothing else.
Encryption
TLS for every connection in transit; AES-256 encryption at rest via our database and storage provider (Supabase on AWS, us-east-1). Payment card data never touches our servers — it goes straight to Stripe.
Deletion requests
Students and institutions can request deletion of their data at any time via their institution or our support address. Records are removed from active systems promptly on verified request.
Where data lives
A dedicated multi-tenant PostgreSQL database hosted in the United States (AWS us-east-1). Every record is scoped to an institution; tenants are isolated by row-level security and server-side access checks.
Who can see what
Role-based access end to end: students see their own work, instructors see their courses, institution admins see their tenant, and nothing crosses tenant boundaries. Admin actions are written to an audit log.
The practices behind the checkboxes.
Tenant isolation & access control
- Every course, assignment, submission, and recording is scoped to an institution ID at the database level.
- Row-level security policies plus server-side role checks (student / instructor / institution admin / platform admin) gate every read and write.
- Cross-tenant binding is blocked: an email can only bind to identities within its own institution on LMS launches.
Audit logging & accountability
- Administrative and billing actions (invites, role changes, seat changes, pilot changes) are written to a tenant-scoped audit log.
- Institution admins can review and export their own audit trail as CSV.
- Deletions are soft-deletes first, preserving an accountability trail while removing records from active use.
LMS integration done the standard way
- LTI 1.3 with signed launches: every LMS launch is a JWT verified against the platform’s published JWKS keys — no shared-secret launches.
- Canvas, Blackboard, Moodle, and D2L supported, including Assignment & Grade Services passback.
- SSO via Google and Microsoft today; SAML-based SSO available for institutional deployments.
Retention you control
- Defense recordings are retained per plan (30–365 days depending on tier; institutional licenses configure the window in contract).
- Course data, rubrics, transcripts, and grades persist for the life of the account so academic records stay intact.
- Account closure or a verified deletion request removes personal data from active systems.
Who touches the data, and why.
The complete list of third parties that process data on our behalf. Each is bound to use it only to provide their service to us.
| Provider | Purpose | Location |
|---|---|---|
| Supabase (AWS) | Database, authentication, file storage | United States |
| OpenAI | AI question generation, transcription, and evaluation | United States |
| Stripe | Payment processing (card data never touches our servers) | United States |
| Netlify | Application hosting and content delivery | United States |
| Resend | Transactional email (invites, notifications) | United States |
| Sentry | Error monitoring (PII scrubbed before capture) | United States |
| Inngest | Scheduled background jobs (reminders, expirations) | United States |
What we don't claim (yet)
We'd rather be precise than impressive. Rocketproof does not currently hold a SOC 2 or ISO 27001 certification — formal third-party attestation is on our roadmap as institutional deployments grow. What we offer today: the architecture and practices above, direct answers to any security questionnaire your institution uses, and a founder-level point of contact who will get your IT office what it needs within one business day.
Running a vendor review?
Send us your security questionnaire, HECVAT, or data-protection addendum and we'll turn it around fast. Found a vulnerability? Report it to the same address — we take responsible disclosure seriously and will respond promptly.