We've taken extensive measures to make sure the PII we hold and manage is safe and secure:
- School admins get detailed data controls to limit exposure.
- Third-party data access can be granted for the whole district, or restricted to individual schools or courses.
- Third-party platforms can be restricted to specific functionality.
- Personally-identifiable data is stored at rest with AES 256 encryption and is encrypted in transit with TLS 1.3.
- Edlink is fully FERPA, COPPA, SOPIPA, CCPA and GDPR compliant.
- Data is permanently deleted after the defined data retention period or when data sources are removed.
- Edlink stores records of all data that goes in and out of our system for later auditability by school admins.
- Our systems are all hosted by Google Cloud platform, primarily in the US-Central Zone (Iowa). We store all data inside the United States.
- Each of our 6 employees works in our Austin office, which in and of itself reduces the opportunity for security breaches.
- All employees do mandatory security awareness training and complete background checks.
- Our engineers are all up to date on industry standard security practices and proactively perform code reviews to find vulnerabilities.
- Any person on our client's team or ours who accesses PII via Edlink does so through an individual account and that access is centrally logged for 30 days.
Ways in which we put our money where our mouth is:
- We willingly sign DPAs for schools as sub-processors of their data.
- We have begun the SOC 2 Type II compliance process and hope to be fully audited during 1Q22. We’ll be producing a comprehensive, publicly available security report before then.