Trust & Security

How we protect student data

Structured IEP Workspace is designed for the realities of working with student data: shared teams, sensitive documents, and compliance-aware workflows. Here is what we commit to.

Encryption in transit

All traffic between your browser and Structured IEP is encrypted with TLS. Uploaded documents are stored in private buckets and served only through short-lived signed URLs.

Workspace-scoped access

Every student, document, draft, and export is bound to a workspace. Row-level security ensures only members of that workspace can read or modify data, even via direct API access.

Audit logs

Sensitive actions (document upload, redaction, export, validation, role changes) are written to an immutable audit log that workspace owners can review.

FERPA-aware design

We treat uploaded documents and student records as education records. The product is positioned as draft support, not a system of record, and does not replace your district's compliance reporting.

Human review required

AI is used to draft, summarize, and check internal consistency. It is never positioned as autonomous IEP generation. Every export carries a reviewer disclaimer.

Sub-processors and storage. We use Lovable Cloud (managed Supabase) for database, authentication, file storage, and AI gateway. Data is stored in the provider's secured infrastructure. A full sub-processor list will be published prior to general availability.

AI disclosure Data export & deletion Privacy