RunMyCampus Trust Center - Security, compliance, and privacy

Trust & compliance

Security and compliance trust center.

Transparent security posture, compliance alignment, and audit-ready controls for schools and regulators.

Live preview · Trust

Illustrative campus data — updates with this workspace personality.

Controls mapped 47 live
Last audit 14d ago
Incidents (90d) 0 P1

Local first · global next

Your campus rules first. The network scales second.

One platform for admissions, academics, and operations.

Local operations

Timetables, fee schedules, report cards, and portals follow how your school actually runs—term structures, assessment scales, and family communication norms included.

Regional compliance

FERPA, GDPR, POPIA, and accessibility expectations are addressed with jurisdiction-aware defaults and exportable evidence for your auditors and procurement team.

Global scale

Multi-campus governance, offline capture, marketplace extensions, and integration-ready APIs—without forking the product per country.

  • 180+ currencies
  • 29 languages
  • Country compliance profiles
  • Offline where networks fail
Request security packet Procurement checklist →

Security

Tenant isolation, encryption, access controls, and audit logs as standard.

Compliance

Region-aware defaults and workflows aligned to local education and data regulations.

Transparency

Documented practices, runbooks, and support for audits and due diligence.

Deep dives

FERPA alignment, GDPR & UK GDPR, retention schedules, and incident response — see linked trust pages below.

Compliance deep dives

Trust evidence dashboard

Posture summaries from automated release checks and procurement packets—refreshed when we ship, not when marketing copy is edited.

Architecture review grade B+ evidence_ready_repo_scope

Release safety checks FAIL
Platform quality index 75/75 DOMINANT
Navigation integrity ROUTE SYSTEM CERTIFIED
Evidence integrity PROOF INTEGRITY READY - REPO SCO
Release readiness 9 closed / 2 partial
Security review queue Clear
Architecture B+

Evidence pack updated from latest release checks · 13 evidence artifacts

Security

Role-based access, tenant isolation, audited sensitive actions, HMAC-bound export timeline, controlled impersonation with reason capture, and operator-grade security command center.

Data handling

Tenant-scoped education records with export, access audit, and compliance evidence pipeline. Audited via verify_compliance_evidence and audit_tenant_isolation.

Tenant isolation

Tenant routes and configuration surfaces are mechanically separated from platform configuration. Verified by audit_tenant_isolation and audit_route_surface (broken_count=0).

Audit & exports

Sensitive actions require actor, timestamp, tenant/scope, reason, event, evidence path, and HMAC integrity token. Operator export timeline available in /super/security-command-center/.

Offline posture

Offline attendance, grading, payment receipt, and notes capture with conflict resolution UI (keep_mine / use_latest / review_manual) and audit-logged sync. Browser-tested via offline_sync_queue.

Implementation

preview, mapping, validation, approval, apply, monitor, rollback. See docs/operations/IMPLEMENTATION_PLAYBOOK.md.

Automated security checks (every release)

  • Campus data scoping Automated isolation checks
  • Sensitive data in logs No PII in application logs
  • Financial precision Ledger amounts use decimal math
  • API documentation Integration contracts documented
  • Security review queue No open product violations

Control framework

How each control works for your campuses—and which evidence we include in the security packet.

Control How it works Posture Evidence
Campus isolation Dedicated tenant boundary per school; host routing enforces scope Student and staff records stay within the school context scan_tenant_queryset_safety baseline 0
Access control Role-based permissions; MFA-ready sign-in patterns Teachers, families, and admins see only what their role allows exception register product_violations=0
Audit trails Logged exports and sensitive administrative actions Reviewable history for compliance and support escalations Audit posture documented in security packet
Encryption TLS in transit; encrypted storage for sensitive fields Documented key rotation in the security packet Field encryption and key rotation documented
Payments Processor-hosted checkout; card data not stored on platform PCI scope reduced—live rails depend on your processor contract Processor-hosted; live settlement via your PSP
Integrations & API Rate limits and scoped access for partner connections Read-oriented public API posture; write paths permissioned Integration API review · medium
Regional defaults Country compliance profiles and tenant configuration cascade Local calendars, currencies, and privacy defaults per campus Regional profiles and export tooling
Incident response Documented playbooks and customer security contact path Coordinated breach notification when contracts require it Incident playbooks published
Offline & sync Queued capture with explicit merge policies Operations continue when connectivity drops—common in regional deployments Offline queue and merge policies

Regulatory & accessibility readiness

Deep dives for counsel, DPO, and accessibility reviewers—linked from one grid.

COPPA

Under-13 accounts provisioned by the school with jurisdiction-appropriate consent.

COPPA deep dive →

FERPA

Schools remain controller; access controls and auditability for education records.

FERPA deep dive →

GDPR / privacy

Processor posture, DSAR workflows, and regional compliance profiles.

GDPR pack →

Privacy policy · GDPR pack · Incident response

External dependencies & attestations

We never imply SOC 2, PCI, or live payment settlement until externally verified and published for your deployment.

SOC 2 Type II

Not published

Control design documented; external attestation not published

ISO 27001

Not published

Control design documented; external attestation not published

PCI DSS attestation

Not published

Control design documented; external attestation not published

Live PSP settlement

Not published

Control design documented; external attestation not published

What still needs an external partner or regulator

Dependency Impact Platform readiness Your action
SOC2 / PCI attestations where marketed blocks_full_market Complete — Control Set Documented In Docs/Compliance/, Evidence Ledger Generator Engage SOC 2 auditor (Vanta / Drata / SecureFrame); 3–6 months for Type 1, +6 months observation for Type 2
Bank / SEPA / sponsor bank rails blocks_full_market Complete — Card/Bank Rails Flagged External Required Without Psp; Abstracted By Legal + banking onboarding outside repo (sponsor bank agreement, creditor identifier for SEPA, scheme membership)
Stripe Connect — school connected accounts (Express) blocks_full_market Complete — Tenant /Siteconfig/Billing-Stripe/ Onboarding, School.Settings Stripe Complete Phase 1 platform charge first; pilot one school through Connect at /siteconfig/billing-stripe/; record phase2_c
Stripe — global card payments blocks_full_market Complete — Integration Hooks, Webhook Scaffolding, Metadata Health Command, Non- Complete Stripe onboarding (all three products); configure live keys and webhook; one supervised charge + refund; file p
Flutterwave marketplace split (counsel-blocked) blocks_feature Complete — Collect + Webhook Path Sfdp 1429; Split Not Implemented Counsel signoff before split parameters in production
Manual offline receipt + reconciliation owner blocks_feature Complete — Tenantpaymentpolicy.Allow Manual Offline Proof Flag, Receipt-Capture Define operational procedure per tenant (who approves)

Security review register: 243 tracked items · 0 open product items · 10 high-priority (resolved or explicitly accepted).

Compliance reference

Infrastructure map

RunMyCampus separates public marketing, manager control plane, and tenant school subdomains. Each school receives an isolated tenant context with dedicated portal, backend, and configuration surfaces.

  • Public gateway: runmycampus.com for procurement, trust, and campus discovery.
  • Manager host: operator workflows, Studio OS, and platform administration.
  • Tenant hosts: school subdomains (and verified custom domains when configured).

FERPA privacy pledge

Schools remain the data controller for education records. RunMyCampus provides access controls, auditability, and disclosure safeguards aligned to common FERPA operational practices.

FERPA deep dive →

COPPA verification

Accounts for learners under 13 should be provisioned by the school with parental consent workflows appropriate to the institution's jurisdiction and policies.

COPPA deep dive →

GDPR / privacy

Data processing supports school-owned records, regional compliance profiles, and data-subject request workflows documented in our privacy materials.

Privacy policy → · GDPR pack →

WCAG accessibility statement

We target WCAG 2.2 AA across public and tenant surfaces, with AAA contrast goals for high-stakes administrative data such as grades and financial ledgers.

Theme tokens, focus-visible rings, skip links, and reduced-motion fallbacks are enforced in the marketing and dashboard shells.

Accessibility deep dive →

Procurement & subprocessors

SOC 2 control mapping and certification language are presented honestly—we document readiness and control design unless an external attestation is published.

Procurement checklist Request security packet Live status

We document posture honestly — certifications and live PSP rails only when externally verified.

Request security packet Implementation assurance Contact sales →