Security & Privacy
Built for classrooms. Secured for districts.
Elevate handles sensitive education data every day. Security isn't a feature we added—it's the foundation we built on. From FERPA-compliant student name scrubbing to enterprise-grade encryption, every design decision prioritizes the protection of your district's data.
Our security commitments
FERPA compliance is architectural
Elevate is a teacher evaluation tool—student data is incidental to classroom observation and is actively removed.
AI-powered name scrubbing
Student names are automatically identified and replaced with consistent anonymous identifiers across all text—transcript segments, evaluator notes, and post-observation notes.
Over-scrub policy
When the AI is uncertain whether something is a student name, it scrubs it. We prefer false positives over false negatives.
Teacher names preserved
The observed teacher’s name is preserved and never scrubbed, since the observation is about them.
Automatic enforcement
Scrubbing runs automatically on every transcript as part of the processing pipeline. It’s mandatory—not a feature that can be disabled.
How your data flows—and where it doesn't go
Audio is never stored by Elevate. The browser streams audio directly to a speech-to-text service over an encrypted connection. Elevate's servers never receive, buffer, or store the audio stream.
Data Lifecycle
Classroom Audio
Captured by browser microphone
Encrypted Stream
Sent directly to speech-to-text service
Transcript
Generated and stored in encrypted database
FERPA Scrubbing
Student names automatically removed
AI Report Draft
Generated from scrubbed data
Administrator Review
Human approval required
Final Report
Approved and on record
If the connection drops, audio is not recorded locally—an intentional design choice to prevent unsafe local storage.
Your data is never used to train AI
Elevate uses an enterprise AI platform with terms that explicitly prohibit using customer data to train foundation models. This is fundamentally different from consumer AI tools—our platform uses data processing agreements designed for regulated industries.
- District data is processed solely to provide the service and is not retained by AI providers beyond the immediate request
- All AI-generated content is clearly labeled as suggestions requiring human review
- AI never makes final decisions—administrators approve all report content
Infrastructure & encryption
Encryption in transit
- All connections use HTTPS/TLS
- Audio streams use encrypted WebSocket connections
- Secure, server-managed session handling
Encryption at rest
- All stored data encrypted with AES-256
- Encryption keys managed by cloud provider
- Automatic key rotation
US-based hosting
- All processing and storage on US-based Google Cloud
- No data transferred outside the United States
Platform certifications
- SOC 1/2/3 certified infrastructure
- ISO 27001, 27017, 27018 compliance
- FedRAMP authorized infrastructure
Access controls & authentication
Granular roles with principle-of-least-privilege, enforced at the database level.
| Role | Access Level |
|---|---|
| Tech Admin | System configuration, full data access |
| HR Director | All observations district-wide, user management |
| Cabinet | Analytics dashboards only, no individual observations |
| Principal | All observations at their assigned school |
| Assistant Principal | Own observations only |
| Evaluator | Own observations only |
School-level data isolation enforced at the database level
Multi-tenant district isolation prevents cross-district access
Immutable audit trail on all observations
Secure, server-managed authentication sessions
Vendors & subprocessors
Full transparency into the services that process your data.
Google Cloud Platform
US-basedCloud infrastructure, database, and serverless compute
Google Cloud Speech-to-Text
US-basedSpeech-to-text processing — audio streamed directly, not stored
Google Vertex AI
US-basedAI processing — enterprise terms, no model training on customer data
No third-party analytics, advertising, or data broker services have access to district data.
Data ownership
- Districts own all data generated on the platform
- Export options: PDF, plain text, and print-friendly views
- Soft delete with recovery before permanent removal
- Complete data deletion available on request
- Full data export and deletion upon contract termination
Incident response
- Dedicated process for identifying, containing, and remediating incidents
- District notification within 72 hours of confirmed incidents
- Post-incident review and remediation documentation shared with affected districts
Questions about security?
We're happy to provide additional documentation, complete your district's security questionnaire, or walk through our architecture in detail.