Trust Center

Current security posture

Ten controls, the way our SRE on-call would describe them at 2 AM.

Hosting regionus-tx primarySupabase us-tx region. Texas residency on district request.

Encryption at restEnabledSupabase AES-256 at rest. PII fields additionally encrypted application-side with rotation-safe MultiFernet.

Encryption in transitTLS 1.2+All public traffic over TLS. HSTS enabled. HTTP redirects to HTTPS.

Row-level securityEnforcedPostgres RLS on every tenant table. A compromised JWT cannot read another district.

Append-only audit logsTrigger-protectedplanning_shield_logs, tia_audit_logs, and credit_ledger are append-only by Postgres trigger. Not even engineers can rewrite them.

SSRF allowlistDomain-pinnedHTTP egress restricted to Canvas, Schoology, Clever, ClassLink, TEA, TSDS. No arbitrary outbound calls from agent code.

AI no-trainingContract-enforced at gatewayEvery model call routes through Portkey, which verifies the no-training clause before the request reaches the provider.

BackupsDaily, encryptedPoint-in-time recovery up to 7 days. Encrypted backups retained 30 days. Deletion propagates within the next rotation window.

Vulnerability managementActiveDependabot, GitHub Advanced Security, Sentry release tracking. Critical CVEs triaged within 24 hours.

Status pagePublicLive incident posture and 90-day uptime at /status.

Compliance roadmap

What is live today, what is in progress, and what is on the horizon. Dates are targets, not promises.

FERPA-aligned posture (operational)LiveLive

Texas Student Privacy Act DPA templateLiveLive

Append-only audit logs (Postgres-enforced)LiveLive

SOC 2 Type IH2 2026In progress

SOC 2 Type IIQ1 2027Planned

TX-RAMP Level 1 (if pursued)Q2 2027Evaluating

AI providers

Every generative-AI call routes through the Portkey gateway. District administrators choose which providers are enabled per tenant. The current roster: Anthropic Claude (reasoning), Google Gemini (vision and reasoning), OpenAI (embeddings), Ideogram (diagrams), xAI (image fallback). All five are bound by no-training contracts verified at the gateway, not promised in a footer.

Documents for procurement

Privacy Notice — what we collect and why
Terms of Service — for individual teacher accounts
Data Processing Agreement — DPA template and signing process
FERPA Notice — student records, parent and eligible-student rights
Sub-processors — every downstream service we use
Accessibility Statement — WCAG 2.1 AA conformance
Status page — live and 90-day rolling uptime

Contact

Security questions and disclosures: security@safeguided.com. Procurement, DPA, and compliance documentation: districts@safeguided.com. Privacy inquiries: privacy@safeguided.com.