Compliance
Governance built to scale
Our compliance program is built to expand as regulatory expectations, customer requirements, and certifications evolve.
Certifications & Frameworks
Standards we align with
We publish current status openly, including programs that are in progress. Audit reports are available under NDA when finalized.
Security
SOC 2 Type II
Audit of security, availability, and confidentiality controls aligned to AICPA Trust Services Criteria.
Security
ISO/IEC 27001
Internationally recognized standard for information security management systems.
Privacy
GDPR
European Union General Data Protection Regulation — lawful processing, data subject rights, and transfer safeguards.
Privacy
CCPA / CPRA
California Consumer Privacy Act — disclosure, opt-out, and consumer rights for California residents.
Industry
FERPA
Family Educational Rights and Privacy Act — handling of student record data for higher-education partners.
Privacy
PIPEDA
Canadian Personal Information Protection and Electronic Documents Act — applied to Canadian users.
Governance
Policies, ownership, and oversight
- Documented information security policies
- Named owners for security and privacy domains
- Risk management process with periodic review
- Change management for production systems
- Internal training on security and privacy
- Executive oversight of trust program
Standards
Security standards alignment
- Controls mapped to SOC 2 Trust Services Criteria
- Information security management aligned to ISO/IEC 27001
- OWASP secure development practices
- NIST Cybersecurity Framework as a reference baseline
- Audit-ready evidence collection
- Continuous improvement of control maturity
Regulatory Readiness
Designed for evolving requirements
- GDPR-aligned processing for EU data subjects
- CCPA/CPRA disclosures for California residents
- FERPA-aware handling for higher-education partners
- Data processing agreements with vendors
- Mechanisms for data subject requests
- Incident notification commitments
Reports & questionnaires
Audit reports, DPAs, and questionnaires
Our SOC 2 report will be available under NDA once our current audit period concludes. Standard DPAs, security questionnaires, and related documentation are available through our resource center.