NEW

See exactly what EduSight would capture from your current website traffic, book a 20-minute teardown. Learn more

EduSight

Security · Privacy · AI Safety

Trust, built in from the first message.

EduSight sits at the front door of your institution. Here's exactly how we protect your students, your data and your reputation, written plainly, with our posture shown honestly.

Compliance & Frameworks

Held to the standards institutions require

We list only what's true today, and show what's in progress honestly, so your procurement team never has to guess.

ISO 27001:2022

Security & availability

Certified

FERPA / PIPEDA

Aligned data handling

Aligned

GDPR

EU data protection

Compliant

WCAG 2.1 AA

Accessibility

Conformant

TCPA

Messaging consent

Aware

How We Protect You

The pillars of everyday trust.

From the bytes on disk to the words in a chat, every layer of EduSight is designed to keep institutions and applicants safe.

Data protection

  • Encrypted in transit (TLS 1.2+) and at rest (AES-256).
  • Role-based access control with least-privilege defaults and full audit logs.
  • Hosted on SOC 2 / ISO 27001 cloud infrastructure with selectable data residency.
  • Automated backups, encryption key rotation and tested disaster recovery.

AI safety & accuracy

  • Answers are grounded only in your approved content, not the open web.
  • Persistent, honest "I'm an AI" disclosure to every student, every session.
  • Configurable hand-off rules route low-confidence questions to a real person.
  • Your data is never used to train external models.

Compliance & governance

  • FERPA and PIPEDA aligned handling of student information.
  • GDPR-compliant data subject rights: access, export and erasure on request.
  • HECVAT Ready and Data Processing Agreements (DPA) available for every institution.
  • ISO 27001:2022 certified since 2025, certificate available on request.

Accessibility & consent

  • Chat experience conforms to WCAG 2.1 AA: keyboard, screen-reader and contrast tested.
  • Explicit opt-in / opt-out handling for SMS and WhatsApp messaging.
  • TCPA-aware consent capture, quiet hours and frequency controls.
  • Localized consent language across 95+ supported languages.

Our Data-Handling Commitment

Student data belongs to the institution, not to us, and not to any model. EduSight encrypts it, restricts access to the people and services that strictly need it, and never sells it or uses it to train external AI.

Trust & security
FAQ

  • Yes. Data is encrypted in transit and at rest, access is role-based and logged, and it's handled in line with FERPA/PIPEDA. It is never sold and never used to train external models. Full details are in the documents above.

  • No. We use a zero-retention inference arrangement with our model provider, meaning conversations are not retained or used to train any external model. Your content stays yours and is used only to answer your applicants.

  • On SOC 2 / ISO 27001 certified cloud infrastructure, with US, EU and Canadian regions available. We can align hosting to your data-residency requirements during onboarding.

  • Answers are grounded only in the content you approve, not the open web. When a question falls outside that content or confidence is low, EduSight discloses it's an AI and hands off to your team rather than guessing.

  • Absolutely. We offer a Data Processing Agreement and routinely complete vendor security questionnaires (HECVAT and institution-specific forms). Reach out and we'll start the process.

Have a security or privacy question?

Our team answers procurement, IT and compliance questions directly, and can walk your reviewers through our posture on a short call.