Trust & Security

Evaluation Workspace handles sensitive student records. Here is how we protect them.

Workspace isolation

Every evaluation, document, score, and export is scoped to a workspace. Database row-level security blocks any cross-workspace access, even by accident.

Private storage

Original uploads, redacted copies, and exports live in private buckets. There are no public document URLs. Downloads are issued via short-lived signed URLs.

Human review required

AI-generated sections are explicitly marked. Reports cannot be exported until each AI-drafted section has been reviewed by an evaluator.

Audit trail

Every meaningful action (uploads, AI drafts, section locks, exports) is recorded with actor, timestamp, and target. Audit history is viewable by workspace owners.

FERPA-aware

We follow FERPA-aware practices: minimal data exposure, role-based access, and an explicit data retention policy per workspace. We do not claim full FERPA compliance because compliance is a shared responsibility between the institution, the evaluator, and the platform.

Search engine visibility

Authenticated areas of the application are marked noindex. Document URLs are never indexed.