Security · Privacy · AI Safety
Trust, built in from the first message.
EduSight sits at the front door of your institution. Here's exactly how we protect your students, your data and your reputation, written plainly, with our posture shown honestly.
Compliance & Frameworks
Held to the standards institutions require
We list only what's true today, and show what's in progress honestly, so your procurement team never has to guess.
ISO 27001:2022
Security & availability
FERPA / PIPEDA
Aligned data handling
GDPR
EU data protection
WCAG 2.1 AA
Accessibility
TCPA
Messaging consent
How We Protect You
The pillars of everyday trust.
From the bytes on disk to the words in a chat, every layer of EduSight is designed to keep institutions and applicants safe.
Data protection
- Encrypted in transit (TLS 1.2+) and at rest (AES-256).
- Role-based access control with least-privilege defaults and full audit logs.
- Hosted on SOC 2 / ISO 27001 cloud infrastructure with selectable data residency.
- Automated backups, encryption key rotation and tested disaster recovery.
AI safety & accuracy
- Answers are grounded only in your approved content, not the open web.
- Persistent, honest "I'm an AI" disclosure to every student, every session.
- Configurable hand-off rules route low-confidence questions to a real person.
- Your data is never used to train external models.
Compliance & governance
- FERPA and PIPEDA aligned handling of student information.
- GDPR-compliant data subject rights: access, export and erasure on request.
- HECVAT Ready and Data Processing Agreements (DPA) available for every institution.
- ISO 27001:2022 certified since 2025, certificate available on request.
Accessibility & consent
- Chat experience conforms to WCAG 2.1 AA: keyboard, screen-reader and contrast tested.
- Explicit opt-in / opt-out handling for SMS and WhatsApp messaging.
- TCPA-aware consent capture, quiet hours and frequency controls.
- Localized consent language across 95+ supported languages.
Our Data-Handling Commitment
Student data belongs to the institution, not to us, and not to any model. EduSight encrypts it, restricts access to the people and services that strictly need it, and never sells it or uses it to train external AI.

Trust & security
FAQ
Yes. Data is encrypted in transit and at rest, access is role-based and logged, and it's handled in line with FERPA/PIPEDA. It is never sold and never used to train external models. Full details are in the documents above.
No. We use a zero-retention inference arrangement with our model provider, meaning conversations are not retained or used to train any external model. Your content stays yours and is used only to answer your applicants.
On SOC 2 / ISO 27001 certified cloud infrastructure, with US, EU and Canadian regions available. We can align hosting to your data-residency requirements during onboarding.
Answers are grounded only in the content you approve, not the open web. When a question falls outside that content or confidence is low, EduSight discloses it's an AI and hands off to your team rather than guessing.
Absolutely. We offer a Data Processing Agreement and routinely complete vendor security questionnaires (HECVAT and institution-specific forms). Reach out and we'll start the process.
Have a security or privacy question?
Our team answers procurement, IT and compliance questions directly, and can walk your reviewers through our posture on a short call.
