We take extensive measures to make sure the PII we hold and manage continues to be safe and secure.
Here are some of the actions we take:
- School admins get detailed data controls to limit exposure.
- Edtech platforms connecting to learning institutions through Edlink can be granted data access for the whole district, or restricted to individual schools, courses, or even individual people.
- Edtech apps that use Edlink to integrate into learning institutions, can be restricted to specific functionality.
- PII is stored at rest with AES 256 encryption and is encrypted in transit with TLS 1.3.
- Edlink is fully FERPA, COPPA, SOPIPA, CCPA, and GDPR compliant.
- Data is permanently deleted after the defined data retention period or when data sources are removed.
- Edlink stores records of all data that goes in and out of our system for later audibility by school admins.
- Our systems are all hosted by Google Cloud platform, primarily in the US-Central Zone (Iowa). We store all data that originates in the United States inside the United States.
- Each Edlink team member works in our office in Austin. By limiting our span, we’ve reduced the opportunity for security breaches.
- All team members do mandatory security awareness training and complete background checks.
- Our engineers enact industry-standard security practices and proactively perform code reviews to find vulnerabilities.
- Any person on our client's team or ours who accesses PII via Edlink does so through an individual account. Access is centrally logged for 30 days.
Ways in which we put our money where our mouth is:
- We willingly sign DPAs for schools as sub-processors of the school’s data.
- We have begun the SOC 2 Type II compliance process and hope to be fully audited soon. We’ll be producing a comprehensive, publicly available security report before then.
- We've made it possible for our clients (edtech companies) to receive the minimum amount of data about a user. For example, in the Edlink Dashboard, an edtech app can configure its Edlink settings so they only receive first names and last initials of a student.
Read more about Edlink's Security and Privacy Practices
If you’re interested to learn more about Edlink’s Unified API, here’re other articles we’ve written.
- Edlink’s Security Center - Our Collection of Security Articles
- Edlink’s Privacy Center - Our Collection of Privacy Articles
- How does Edlink Handle Data Privacy and Security?
- How Edlink Handles School Data
- Does Edlink store PII?
Ready to Start Integrating?
Create a developer account to set up a test sandbox.
Or if you think Edlink can help you on your integration journey, email us at support@ed.link to set up a call.