Security & Trust
Your data deserves serious protection
Charter Vision handles sensitive governance documents, financial data, and board communications. We take that responsibility seriously. Here's how we protect your data.
SOC 2 InfrastructureEnd-to-End EncryptionFERPA CompliantNo Student PII
Infrastructure
- Hosted on SOC 2 Type II certified infrastructure
- Database on SOC 2 Type II certified cloud PostgreSQL
- All data encrypted in transit (TLS 1.3) and at rest (AES-256)
- Automatic backups with point-in-time recovery
- Global CDN with DDoS protection
Data Privacy
- School documents are isolated per organization — no cross-organization data sharing
- No personally identifiable student data stored
- User data is never sold or shared with third parties
- Full data export available on request
- Data deletion available within 30 days of account closure
Access Controls
- Role-based access control: Admin, Member, Stakeholder
- OAuth and magic link authentication — no passwords to breach
- Secure session management with encrypted tokens
- Organization-level user management and audit trails
- Invitation-based school registration with admin approval
AI & Document Processing
- Documents are processed for AI retrieval only within your school's context
- AI responses are grounded in regulatory sources with citations — not hallucinated
- No customer data is used to train AI models
- Document embeddings are isolated per organization
- All AI providers operate under data processing agreements
Reporting Vulnerabilities
If you discover a security vulnerability, please report it responsibly. Contact us at security@chartervision.org and we will respond within 48 hours. Please do not publicly disclose the issue until we've had an opportunity to address it.
Have more questions about our security practices? Contact us and we'll be happy to discuss.