Security at SmileCharts

We protect student data with defense-in-depth security architecture, fully compliant with FERPA and GDPR standards.

Data Isolation

We use Row-Level Security (RLS) on every database table. This ensures that a teacher can never access data belonging to another classroom, enforced at the database engine level.

Encryption

All data is encrypted at rest using AES-256 and in transit using TLS 1.3. We do not store sensitive PII like Social Security Numbers or dates of birth.

Audit Logging

Every critical action—creating charts, modifying students, or viewing logs—is recorded in an immutable audit log accessible to school administrators.

FERPA & GDPR

Our platform supports the 'Right to be Forgotten' with permanent deletion tools. We sign Data Processing Agreements (DPAs) with schools to guarantee compliance.

Trusted Infrastructure

We partner with industry-leading providers to ensure high availability and security.

Vercel (Hosting)

Supabase (Database)

Stripe (Billing)

OpenAI (AI Translation)

Resend (Email)

Sentry (Monitoring)

Upstash (Rate Limiting)

Need Compliance Documentation?

Visit our Compliance Center for security assessments, incident response plans, and our pre-signed NDPA for school districts.

Compliance Center Get DPA Contact Security Team