Compliance Summary

Version 1.0 · April 17, 2026

Need a signed PDF copy? Enter your name and email to download. We log the request to our CRM so we can follow up if you have questions.

This page is the single-screen version of our compliance posture — perfect for sharing with procurement, IT, and legal teams who need the gist before digging into the full policies.

Four Sector Pillars

Education — FERPA-aligned, COPPA parental consent paths, ISTE · NHES · SHAPE · NGSS · ASCD alignment, LTI 1.3 / SSO integrations (Clever, ClassLink).
Healthcare — HIPAA technical safeguards (AES-256, TLS), HL7 · FHIR R4 readiness, BAAs in place or being executed for every PHI vendor, audit logging and 30-minute inactivity timeout on PHI tools.
Blue Button & Public Data — CMS Blue Button 2.0 OAuth 2.0 supported, CMS / ONC / USCDI v3 alignment, CDC PLACES + County Health Rankings integration.
Chamber & Workforce — GrowthZone / ChamberMaster, WebLink, MemberClicks, Chamber Nation integrations. 501(c)(3) Foundation firewalled from for-profit.

Standards We Align To

Healthcare & Interop: HIPAA · HL7 / FHIR R4 · Blue Button 2.0 · CMS Interoperability & Patient Access · ONC USCDI v3
Education: FERPA · COPPA · ISTE · NHES · SHAPE America · NGSS · ASCD Whole Child
Data, Security & Access: SOC 2 posture (not certified) · GDPR · CCPA/CPRA · ADA Title III · WCAG 2.1 AA (audit in progress)
Chamber & Workforce: US Chamber alignment · 501(c)(3) separation · PPF fiscal sponsor · Workforce wellness

Our Posture

Data Protection: AES-256 at rest, TLS 1.2+ in transit, JWT sessions, Row-Level Security, PHI blocked from localStorage when authenticated, Supabase BAA in execution.
Consent & Identity: Granular consent_records table for HIPAA, FERPA, COPPA, GDPR. Parental consent flow for under-13. GDPR data subject request path. 30-min inactivity signout.
Audit & Accountability: Immutable audit_log entries on sensitive operations within HIPAA and FERPA tools. Internal quarterly reviews. Third-party pentest planned 2026. 24-hour incident notification SLA.
Accessibility: Keyboard-first, 4.5:1 contrast, ARIA labels, 44×44 touch targets, alt text & captions, prefers-reduced-motion respected. Full WCAG 2.1 AA audit in progress.

Last Audit

April 17, 2026 · Next scheduled July 17, 2026 · Quarterly internal cadence established.

More from our compliance library

Privacy PolicyWhat we collect, your rights Terms of ServiceFair, plain-language terms HIPAA PolicyPHI safeguards & BAAs FERPA & COPPAStudent data + under-13 AccessibilityADA / WCAG 2.1 AA