Sign InGet Started
Search
⌘K
Get Started Platform Dashboard Developer Guides API Reference UI Widgets SDKs Providers
Legal Flow Changelog Roadmap
For Developers

Security Requirements

the Edlink Team
By the Edlink Team
Unknown Date
Report an Issue

API Requests

  • All requests to the API must be sent via HTTPS.
  • Edlink will redirect all incoming requests on port 80 (HTTP) to port 443 (HTTPS).
  • All requests (except for API metadata) require the inclusion of an Edlink secret key so we can identify the application who is accessing it.
  • Extremely detailed data access logs are available to school administrators for auditing.
  • Data logs are stored for 7 days, after which they are completely destroyed.

Data Retention and Deletion

  • Standard database records deleted from our system are truly deleted, not simply "marked as deleted".
  • UI-initiated deletions of user-uploaded assets (such as profile pictures or documents) perform a "soft delete". This removes database and UI references so the asset is no longer accessible or linked within the platform, but the file itself remains in cloud storage at an unguessable, cryptographically secure UUID URL.
  • A formal data deletion request to our Support or Privacy team is required for a "hard deletion" to physically purge these asset files from our servers.

Data Encryption

  • Edlink data is stored in a managed Google Cloud Platform database.
  • Access is restricted to only our production servers.
  • All data is encrypted in transit, and at rest, via the LUKS encryption specification.
  • All data is backed up daily, with a 7 day retention policy, after which it is destroyed completely.
  • Edlink is fully FERPA and COPPA compliant.
  • Edlink is fully GDPR compliant.
  • We honor right-to-forget requests to the best of our ability.
    • Users can email privacy@ed.link to retrieve or destroy their personal data (including "hard deletions" of uploaded assets).
    • This may require school administrator consent.