Security Overview
High-level security commitments for platform operators and tenant administrators.
Last updated: March 4, 2026
Access controls
Control-plane access is authenticated and role-gated. Privileged actions are evaluated server-side.
Operators should use strong passwords and complete two-factor enrollment where required.
Data isolation
School data boundaries are enforced by deployment/database context and authorization checks.
Cross-tenant data access is prohibited by policy and monitored through audit processes.
Incident handling
Suspected incidents should be reported immediately through your organization’s security channel.
Security updates and mitigations may be applied without prior notice when risk levels require rapid response.