Skip to main content

Security

TXPD is built with enterprise-grade security to meet the requirements of school districts handling sensitive practitioner and compliance data. Security is not an afterthought - it is foundational to every layer of the platform.

Encryption

  • AES-256 encryption for all data at rest
  • TLS 1.2+ for all data in transit
  • Stripe PCI DSS Level 1 for payment data
  • Azure Key Vault for secret management

Access Control

  • Row Level Security (RLS) on every database table
  • Microsoft SSO (Azure AD/Entra ID) for district single sign-on
  • Role-based access control (user, admin, district_admin)
  • Session tokens with automatic refresh and expiration
  • CSRF protection on all state-changing endpoints

Infrastructure

  • Microsoft Azure cloud hosting (SOC 2, ISO 27001)
  • Supabase PostgreSQL with automated daily backups
  • Point-in-time recovery (PITR) for database
  • Geo-redundant storage (GRS) for media files
  • Azure CDN for secure content delivery
  • Azure Web Application Firewall (WAF) for DDoS protection

Application Security

  • Content Security Policy (CSP) headers on all pages
  • HTTP Strict Transport Security (HSTS)
  • X-Frame-Options to prevent clickjacking
  • Zod input validation on every API endpoint
  • Rate limiting with tiered thresholds by user role
  • AI prompt injection defenses on all AI endpoints

Data Privacy

  • FERPA-compliant data handling practices
  • TDPSA (Texas Data Privacy and Security Act) compliance
  • No student PII collected or processed
  • AI tutor conversations auto-purged after 1 year
  • Audit logging for all sensitive operations
  • Data Processing Agreements (DPA) available for districts

Monitoring & Response

  • Structured logging with request ID correlation
  • Health check monitoring for all services
  • API usage tracking with daily spending caps
  • Incident response runbook for rapid resolution
  • Breach notification within 72 hours (60 days per TDPSA)

Security Questions?

If you are a district IT administrator or procurement officer evaluating TXPD, we are happy to discuss our security posture, provide SOC 2 documentation, or schedule a security review call.

Contact Security Team