Security & Compliance
LectureAid is built for higher education institutions that need to protect student data while delivering AI-powered accessibility. Below you will find our security practices, compliance documentation, and data protection policies.
FERPA Compliance
How LectureAid meets Family Educational Rights and Privacy Act requirements as a school official under the direct control exception.
Security Overview
Architecture security controls including JWT authentication (ES256), Row Level Security, encryption, rate limiting, and file scanning.
Data Processing Agreement
Template DPA for institutional contracts covering data handling, sub-processors, breach notification, and audit rights.
Data Classification
How we classify and handle different types of data — from public course metadata to restricted student records.
Data Retention
Retention schedules, automatic deletion policies, and how institutions can configure data lifecycle management.
Incident Response
Our incident response plan including detection, containment, notification timelines, and post-incident review process.
Vendor Management
Sub-processor list and security review process for third-party services (Anthropic, OpenAI, Supabase, Google Cloud, Vercel).
HECVAT Questionnaire
Completed Higher Education Community Vendor Assessment Toolkit responses for university procurement teams.
Accessibility (WCAG 2.1 AA)
Our commitment to Web Content Accessibility Guidelines conformance, testing methodology, and accessibility features.
Need more information?
If you are evaluating LectureAid for your institution and need additional documentation, a completed security questionnaire, or a call with our team, please reach out.
Contact Security Team