Skip to main contentSkip to main content
Trust CenterTrust centerBuyer review

Security Practices

Operational controls, account protections, incident response, and procurement review support.

This page summarizes how Classroom Pulse approaches product security, operational controls, and buyer-facing security review. It is intended to help schools and districts move through questionnaire review faster.

Request security reviewDownload security summary PDF
Jump to a section

Related resources

Procurement Packet

Buyer-facing trust packet with printable procurement support materials.

Data Processing Agreement

Processor and procurement terms for institutional reviews.

State Addenda Support

State and district addendum workflow support.

Vulnerability Disclosure Policy

How to report vulnerabilities responsibly.

1. Security model

Classroom Pulse uses layered administrative and technical safeguards to protect customer, account, and student-related data.

Security priorities include

  • Confidentiality through controlled access and provider safeguards
  • Integrity through logging, review, and controlled workflows
  • Availability through resilient infrastructure, backup practices, and operational monitoring

2. Buyer review matrix

This matrix is intended for procurement and questionnaire review and should be read together with the DPA and Subprocessors pages.

Review areaCurrent practiceBuyer note
Hosting and data locationProduction services are operated through U.S.-based infrastructure providers used for hosting, authentication, storage, and transactional operations.Customer data is primarily processed in the United States unless a customer-specific agreement states otherwise.
EncryptionProduct traffic is encrypted in transit, and platform providers supply encryption at rest and managed storage protections where supported.Refer to the Security Practices page and DPA for the contractual summary rather than treating this line as a certification statement.
Authentication and accessAuthenticated accounts, role-based permissions, and need-based administrative access are used to limit access to customer workspaces and support tools.Google and email-based sign-in paths are supported in the current product stack.
Monitoring and loggingOperational logging and monitoring support service health review, abuse detection, troubleshooting, and incident investigation.Logs are used for operational security and support workflows, not targeted advertising.
Backup and recoveryBackup, resilience, and restoration depend on infrastructure-managed capabilities plus internal operating procedures for service recovery.Schools with stricter continuity requirements should request contract language or questionnaire support through procurement intake.
Incident noticeConfirmed incidents affecting customer personal data are investigated, contained, and notified without undue delay when required by law or contract.Customer-specific agreements may impose narrower timeframes or additional notice obligations.
Vendor managementApproved subprocessors are published publicly and are expected to operate under confidentiality and data protection obligations.The public subprocessor list is intended for vendor due diligence and contract routing.

3. Access, monitoring, and vendor controls

Security depends on both platform controls and operational practices that limit how access is granted and how events are investigated.

  • Administrative and support access is restricted based on need and role.
  • Operational logging supports service health review, abuse detection, troubleshooting, and incident investigation.
  • Subprocessors used to operate the service are reviewed and published publicly for vendor due diligence.
  • Systems and dependencies are updated as part of ongoing maintenance and risk management work.

4. Incident response and external reporting

If Classroom Pulse identifies a security event affecting customer personal data, the team works to investigate, contain, and remediate the issue.

When required by law or contract

  • Affected customers are notified without undue delay
  • Available details are shared to support response planning
  • Follow-up remediation steps are tracked internally

Security researchers can report issues through the Vulnerability Disclosure Policy, and customers can route questionnaires or security review requests through the structured intake flow.

5. Procurement support and shared responsibility

School and district reviewers often pair this page with our procurement packet, DPA, and subprocessor list.

Customers remain responsible for

  • Determining whether their internal or state requirements need additional contract language
  • Reviewing exported reports, AI-assisted outputs, and downstream sharing decisions
  • Sending required district templates or questionnaires when requesting legal or security review

If your team needs a questionnaire response, security summary PDF, or a contract-linked review, use the procurement or security intake workflow instead of a generic inbox.

Questions or documentation requests

Use the structured intake for security questionnaires, architecture review, incident-related questions, or responsible disclosure follow-up.

Security intake

Open security review intake

Security email

security@classroompulse.io

Disclosure policy

View the vulnerability disclosure policy