Trust & Compliance
EasyEval supports school and district procurement with clear documentation, privacy-first practices, and secure infrastructure. This page summarizes our current compliance materials and security posture.
Need the full compliance pack or a signed DPA? Email hello@easyeval.io.
Compliance pack
- FERPA-aligned vendor terms
- Data Processing Addendum (DPA) template
- Subprocessor list and data flow summary
We can provide a signed DPA and tailored vendor terms for district review.
Access controls
- Role-based access controls to restrict data by school and user role.
- Audit logging for critical actions such as report generation and billing changes.
- Admin-only access; the platform is not student facing.
Data retention policy
We retain data to provide the Service, support reporting, and meet legal obligations. Retention is described in detail in our formal policy, including how we handle deletion requests and backup lifecycles.
- Customer data remains under customer ownership and control.
- Export and deletion requests can be submitted at any time.
- OpenAI API data is retained for up to 30 days for abuse monitoring.
Security overview
We use secure infrastructure, role-based access controls, and audit logging to protect sensitive data. While we are not SOC 2 certified yet, we align with SOC 2 principles and continually improve our controls.
- Encryption in transit and at rest through managed cloud services.
- Row-level access controls to isolate data between schools.
- Monitoring and alerting for critical billing and AI workflows.
Incident response
We maintain incident response procedures and will notify impacted customers of confirmed security incidents in accordance with applicable law and contract terms.