Back to StudentLife OSLegal Center
Terms of ServicePrivacy PolicyCookie PolicyData UsageAcceptable UseCommunity GuidelinesSecurityAccessibilityDMCACopyright and IP

Legal documents

  • Terms of Service
  • Privacy Policy
  • Cookie Policy
  • Data Usage
  • Acceptable Use
  • Community Guidelines
  • Security
  • Accessibility
  • DMCA
  • Copyright and IP

Legal

Security

Last updated: June 30, 2026

How we protect accounts, data, and the platform.

1. Our approach

Security is built into StudentLife OS in layers, not bolted on. Schools, departments, organizations, and students each operate in an isolated compartment, sensitive data is encrypted, every sensitive action is audited, and the Platform can be locked down in an incident. This page summarizes our practices and how to report a concern.

2. Account security

  • Multi-factor authentication, required for sensitive administrative roles and available to everyone.
  • New-device verification and a per-device session list so you can see and sign out other sessions.
  • A strong password policy and protection against credential reuse and brute-force attempts.
  • An emergency mode that can require multi-factor authentication on every sign-in during an incident.

3. Data protection

  • Encryption in transit (HTTPS everywhere) and at rest for sensitive data.
  • Credentials are hashed; secrets are encrypted and never logged in plaintext.
  • Access to data is controlled by role and scoped to the minimum needed.

4. Tenant isolation

Each portal is a separate compartment with its own session. One institution or account cannot access another's data, even by modifying a URL. Cross-account requests are rejected before any data is returned.

5. Monitoring and audit

Sensitive actions are recorded in a tamper-evident audit trail. We monitor for suspicious sign-ins and abuse, and a dedicated security team reviews reports and takes enforcement action through a single, audited process.

6. Incident response

We maintain controls to respond quickly to an incident, including the ability to require additional verification, to lock down access, and to suspend or remove accounts. Account suspension or removal immediately ends active sessions for that account.

7. Responsible disclosure

If you find a vulnerability, email support@studentlifeos.com with enough detail to reproduce it. Please do not exploit the issue, access or change other users' data, or disclose it publicly before we have had a reasonable chance to fix it. We will not pursue good-faith researchers who follow this process.

8. Infrastructure and subprocessors

The Platform runs on trusted, independently audited providers, each used for a specific function and contractually required to protect your data: Vercel (application hosting), Supabase (managed database), Amazon Web Services (encrypted file storage), Cloudflare (network edge, content delivery, bot protection, and approximate IP-based location), Upstash (rate limiting and abuse control), Stripe (payment processing), Pusher (real-time delivery), Resend (email delivery), and a contracted AI provider for the optional SLOS AI features that does not train on your data. We do not sell your data to any of them, and each handles only the data needed for its function.

9. Data residency

Data is processed in the United States. We operate the Platform from the United States, and our infrastructure providers process data on our behalf consistent with that and with our Privacy Policy.

10. Resilience and backups

We use managed, redundant infrastructure and maintain backups of critical data so we can recover from a failure. Sensitive data is encrypted at rest in those backups, and access to recovery tooling is restricted and audited. No system can guarantee uninterrupted availability, but we design for durability and for rapid recovery.

11. Your role

  • Use a strong, unique password and enable multi-factor authentication.
  • Keep your devices and email secure, since they can reset access.
  • Be alert to phishing. We will never ask for your password by email.
  • Report anything suspicious through the Report option or to support@studentlifeos.com.

12. Contact

To report a security concern, contact us:

StudentLife Technologies LLC

1 Sansome St, Suite 1400, San Francisco, CA 94104

Email: support@studentlifeos.com

Phone: (415) 508-8610