For Developers

Security Requirements

API Requests

  • All requests to the API must be sent via HTTPS.
  • Edlink will redirect all incoming requests on port 80 (HTTP) to port 443 (HTTPS).
  • All requests (except for API metadata) require the inclusion of an Edlink secret key so we can identify the application who is accessing it.
  • Extremely detailed data access logs are available to school administrators for auditing.
  • Data logs are stored for 7 days, after which they are completely destroyed.
  • When data is deleted from our system it is truly deleted, not simply "marked as deleted".

Data Encryption

  • Edlink data is stored in a managed Google Cloud Platform database.
  • Access is restricted to only our production servers.
  • All data is encrypted in transit, and at rest, via the LUKS encryption specification.
  • All data is backed up daily, with a 7 day retention policy, after which it is destroyed completely.
  • Edlink is fully FERPA and COPPA compliant.
  • Edlink is fully GDPR compliant.
  • We honor right-to-forget requests to the best of our ability.
    • Users can email privacy@ed.link to retrieve or destroy their personal data.
    • This may require school administrator consent.