Security & Compliance
Built for Institutional Trust
CourseOps was designed from day one for the compliance, security, and governance requirements of higher education.
Security Model
Five pillars that protect your institution, instructors, and students.
Instructor Approval Workflow
Every automated action follows a Draft → Review → Approve pipeline. No message, reminder, or alert reaches a student without explicit instructor consent. This is the foundational principle of CourseOps.
Comprehensive Audit Trail
Every AI decision, generated draft, approved action, and system event is logged with full context. Audit logs include timestamps, actor identity, action type, evidence, and approval chain.
Role-Based Access Control
Granular RBAC with four levels: Instructor, TA, Department Chair, and Admin. Data isolated by institution → department → instructor. Permissions enforced at the API layer.
Encrypted Integrations
LMS credentials encrypted at rest and in transit. Token-based API access with automatic rotation. Secure webhook delivery with signature verification via Svix.
Enterprise SSO
SAML and OIDC single sign-on support for seamless institutional authentication. Powered by Clerk Organizations with multi-tenant isolation.
Data Handling
PII Redaction
Student personally identifiable information is redacted before persistence. CourseOps stores summaries and operational metadata, not raw student content.
Data Isolation
Multi-tenant architecture with strict data isolation. Every query filtered by institution, department, and instructor. No cross-tenant data access is possible.
FERPA Compliance
Built for FERPA compliance from day one. Student education records are protected with role-based access controls and audit logging at every layer.
Compliance Readiness
Built to meet the regulatory and accreditation requirements of higher education.
All AI actions logged with evidence for compliance audits
Idempotent message and action delivery prevents duplicate communications
Cross-semester historical data retained for pattern detection
Evidence & Accreditation Engine generates automated compliance reports
Cascading policy system ensures institutional standards are enforced
Department chairs and admins have visibility dashboards for oversight
Questions about security?
Our team is happy to walk through our security model, compliance posture, and data handling practices.
Contact Security Team