Trust & Privacy

Encryption, isolation, role-based access and regulatory alignment — the three things a head teacher needs answered before signing. Status labels show the platform control baseline, with evidence tags for follow-up verification.

Encryption

Encryption in transit

All traffic enforced over TLS 1.2+ via Vercel and Firebase. HSTS enabled.

TLS 1.2+ / HSTS

ON

Encryption at rest

Firestore + Cloud Storage encrypt with Google-managed keys (AES-256) by default.

AES-256 GMK

ON

Customer-managed keys (CMEK)

Available on request for Cloud Storage; enable per organisation if your jurisdiction requires it.

On request

On request
Data isolation

Organisation data isolation

Reads and writes are scoped by organisation boundaries in deployed Firestore security rules and server-side org checks.

Deployed Firebase rules + API authorization

ON

Parent visibility

Per-relation `viewGrades` and `viewAttendance` permissions. School admins decide exactly what each parent sees.

parentStudentRelations.permissions

School-controlled
Access control

Role-based access control

Six roles enforced server-side: super_admin · admin · head_teacher · head_of_faculty · subject_leader · teacher · student.

types/phase2 · OrganizationRole

ON

Multi-factor authentication

Enabled by enrolling staff via Firebase Auth MFA. Configurable per organisation.

School-controlled
Regulation

FERPA-aligned practices

Student records access restricted to authorised school staff and verified parents/carers. Data Processing Agreement available on request.

FERPA (20 U.S.C. § 1232g)

ON

COPPA-aligned practices

Under-13 student accounts created only via verified school onboarding. No directed advertising. School acts as agent for parental consent.

COPPA · 15 U.S.C. § 6501

ON

Hong Kong PDPO

Personal Data (Privacy) Ordinance principles applied for HK schools — purpose, accuracy, retention, access, security.

PDPO Cap. 486

ON
Role-based access · who sees what

These checks are enforced server-side and in Firestore security rules — the UI cannot grant access the rules deny.

ResourceSuper adminAdminHead teacherTeacherStudentParent
Whole-school analytics (Attainment Hub)view, editview, editviewown classes
Classroom analyticsviewviewviewown classes
Student records & gradesviewviewviewown studentsselflinked child (permissioned)
Lesson + resource generationcreatecreatecreatecreate
Marking + feedbackediteditviewown classesview ownview linked child
Parent-teacher messagingauditauditauditsend + receivesend + receive
Organisation settings & billingediteditview
Operating practices
DPA
Data Processing Agreement available for every paid school deployment.
Sub-processors
Google Cloud / Firebase (infrastructure — Firestore, Cloud Storage, Auth, Cloud Run) · Vercel (application hosting) · Anthropic (AI generation) · OpenAI (AI generation, lesson assistant) · Google Gemini (AI generation) · Mistral (document OCR) · DeepSeek (AI generation) · Stripe (payments) · MailerSend (transactional email) · Mautic (marketing email) · Amplitude (product analytics) · Supabase (curriculum reference content) · Supadata (YouTube transcript retrieval). Full list with data scope on the privacy policy.
Audit
Admin actions on roles, members, and permissions are logged with actor and timestamp.
Deletion
On request, organisation data is removed from primary stores within 30 days and from backups within 90 days.

Need a copy of our DPA or sub-processor list? Email trust@teachai.io.