Trust & Privacy

Built with security and privacy at the core. We understand the sensitivity of educational data and have designed reply.school to meet the highest standards.

End-to-end encryption
Human oversight
Complete audit trail
Role-based access
Data Handling
We minimize data exposure and maintain a complete audit trail for all operations.
  • Data processed securely with encryption in transit and at rest
  • Minimal data retention—only what's needed for service operation
  • Complete audit logs for all system actions
  • No training on your district's data without explicit consent
  • Data segregation between districts
PII-Safe Workflows
Built-in protections for handling personally identifiable information and sensitive documents.
  • Secure upload links for sensitive document collection
  • PII detection and flagging in incoming messages
  • Encrypted storage for all uploaded documents
  • Automatic redaction options for sensitive data in logs
  • Role-based access controls for document viewing
Human-in-the-Loop Controls
Humans stay in control for sensitive cases, policy triggers, and low-confidence classifications.
  • Configurable confidence thresholds for auto-responses
  • Required human approval for sensitive categories
  • Override capabilities for all automated actions
  • Notification system for escalations requiring review
  • Full visibility into automated decisions
Auditability
Every action is logged with timestamps, source references, and decision rationale.
  • Timestamped logs for all system actions
  • Source message references for traceability
  • Decision rationale logging for automated responses
  • Exportable audit reports for compliance
  • Retention policies aligned with district requirements
Integration Security
Secure connections with your existing systems using industry-standard protocols.
  • OAuth 2.0 and API key authentication options
  • TLS 1.3 encryption for all connections
  • IP allowlisting available for API access
  • Webhook signature verification
  • Regular security assessments

Frequently Asked Questions

Common questions about security and privacy

Where is my data stored?

Data is stored in secure, SOC 2 compliant data centers in the United States. We use industry-leading cloud providers with comprehensive security certifications.

How long is data retained?

Retention periods are configurable based on your district's requirements and policies. By default, we retain operational data for the minimum period needed for service functionality, with options for extended retention for compliance purposes.

Who has access to our data?

Access is strictly limited based on the principle of least privilege. Only authorized personnel with specific operational needs can access district data, and all access is logged and auditable.

How do I report a security concern?

Security concerns can be reported directly to our security team at security@reply.school. We take all reports seriously and respond within 24 hours.

Do you have compliance certifications?

We implement controls aligned with industry standards and education-specific requirements. Contact us for detailed information about our security posture and compliance documentation.

Can we conduct a security review?

Yes, we welcome security reviews and can provide documentation including our security questionnaire responses, architecture overview, and penetration test summaries upon request.

Have security questions?

Our team is happy to discuss security requirements, provide documentation, or schedule a security review call.

Contact Security Teamsecurity@reply.school