Enterprise Security and Education Compliance

Your students' data is precious. We protect it with enterprise-grade security, FERPA compliance, and transparent data practices you can trust.

Download Security Whitepaper

FERPA Compliant

Full compliance with the Family Educational Rights and Privacy Act for protecting student education records.

End-to-End Encryption

All data encrypted in transit (TLS 1.3) and at rest (AES-256). Your data is protected at every step.

SOC 2 Type II

Certified for security, availability, and confidentiality. Independently audited and verified.

FERPA Compliance

CourseBot is designed from the ground up to comply with the Family Educational Rights and Privacy Act (FERPA), protecting student education records and personally identifiable information.

Data Protection

  • • Student data encrypted at rest and in transit
  • • No unauthorized data access or sharing
  • • Secure data deletion upon request
  • • Access controls and audit logs

Your Rights

  • • You own your data—always
  • • Export your data anytime
  • • Delete your data on demand
  • • Full transparency on data usage

Data Encryption & Privacy

Encryption Standards

All data is encrypted using industry-standard protocols:

  • In Transit: TLS 1.3 encryption for all data transmission
  • At Rest: AES-256 encryption for stored data
  • Backups: Encrypted and geographically redundant

Privacy Commitment

Your trust is our priority:

  • No Data Selling: We never sell your data to third parties
  • No AI Training: Student data is never used to train our AI models
  • Transparent Usage: Clear documentation of how data is used
  • Your Data, Your Control: Export or delete anytime

SOC 2 Type II Certified

Independently audited and certified for security, availability, processing integrity, confidentiality, and privacy.

What This Means

  • • Annual third-party security audits
  • • Verified security controls and practices
  • • Continuous monitoring and improvement
  • • Industry-recognized compliance standard

Security Practices

  • • Regular penetration testing
  • • 24/7 security monitoring
  • • Incident response procedures
  • • Employee security training

Data Retention Policies

Active Data

Course materials and student interaction data are retained for as long as your account is active to provide optimal service and continuous AI learning.

Data Deletion

Upon account closure or deletion request, all data is permanently deleted within 30 days. We provide export tools so you can take your data with you.

Backup Retention

Encrypted backups are retained for 90 days for disaster recovery purposes, then permanently deleted.

Security Best Practices

Access Controls

  • • Role-based access control (RBAC)
  • • Multi-factor authentication (MFA)
  • • SSO/SAML support (Enterprise)
  • • Activity audit logs

Infrastructure

  • • Cloud infrastructure (AWS/GCP)
  • • Geographic redundancy
  • • DDoS protection
  • • 99.9% uptime SLA

Monitoring

  • • 24/7 security monitoring
  • • Automated threat detection
  • • Regular security updates
  • • Incident response team

Questions About Security?

Our security team is here to help. Contact us for detailed security documentation, compliance certificates, or to discuss your specific security requirements.

Contact Security TeamDownload Compliance Docs