Trust Center

Security & Compliance

Operational safeguards for student data, payments, tutor workflows, and AI-assisted learning.

Access Control

Server-side session cookies, role checks, and Convex ownership checks protect dashboard and session data.

Payment Safety

Live payment flows fail closed when provider credentials are missing and verify transactions before subscription activation.

Rate Limiting

AI generation is protected by a fixed-window limiter with Cloudflare KV support for production.

Auditability

Payment references, session attempts, timestamps, and analytics updates are persisted for operational review.

Student Data

Privacy, retention, export, and deletion expectations are documented for students, parents, and schools.

Responsible Disclosure

Security issues can be reported to support for triage, containment, remediation, and post-incident review.