Security Policy

How we protect your data and ensure your security

Effective Date: May 3, 2025

1. Our Security Commitment

At CoursePilot, we take the security of your data seriously. This Security Policy outlines our security practices and commitment to protecting your information.

2. Infrastructure Security

Our application is hosted on secure, industry-leading cloud infrastructure with the following protections:

24/7/365 Monitoring

Continuous monitoring of all systems and components

Multi-layered Firewalls

Advanced intrusion detection systems

Regular Security Updates

Timely patches and security upgrades

Redundant Systems

High availability architecture

3. Data Protection

We implement multiple layers of data protection:

End-to-End Encryption

  • AES-256 encryption for data at rest
  • TLS 1.3 protection for data in transit
  • Regular encrypted backups
  • Strict role-based access controls

4. Access Controls

We maintain strict access controls to protect your data:

Strong Password Requirements

Complex password policies that enforce security best practices for all users.

Multi-factor Authentication

MFA required for all administrative access to ensure only authorized personnel can access sensitive systems.

Principle of Least Privilege

Users only have access to the specific data and systems required for their job functions.

Regular Access Reviews

Periodic reviews ensure access rights are appropriate and unnecessary access is promptly removed.

5. Incident Response

In the event of a security incident, we have comprehensive procedures in place:

24/7 Monitoring

Constant vigilance for security alerts

Response Team

Dedicated incident response experts

Response Procedures

Documented response protocols

Customer Notification

Timely alerts to affected users

6. Compliance and Certifications

CoursePilot maintains compliance with industry security standards including:

SOC 2 Type II

FERPA

GDPR

Third-party Audits

7. Penetration Testing

We conduct regular penetration testing to identify and address potential security vulnerabilities:

  • Annual third-party penetration testing
  • Continuous vulnerability assessments
  • Immediate remediation of critical findings

8. Employee Security Training

All employees receive comprehensive security training including phishing awareness, data handling best practices, and incident reporting procedures.

9. Data Backup and Recovery

We maintain robust backup and disaster recovery procedures to ensure business continuity and data protection.

Automated daily backups with 99.9% recovery time objective (RTO) and minimal data loss tolerance.

10. Network Security

Our network infrastructure employs multiple layers of security including firewalls, intrusion detection systems, and network segmentation to protect against unauthorized access.

11. Application Security

Our applications undergo rigorous security testing and follow secure coding practices including input validation, output encoding, and protection against common vulnerabilities.

We implement OWASP Top 10 security controls and conduct regular code security reviews.

12. Third-Party Security

We carefully vet all third-party vendors and service providers to ensure they meet our security standards and maintain appropriate data protection measures.

13. Data Privacy

We implement privacy-by-design principles and maintain strict data handling procedures in compliance with applicable privacy regulations including GDPR and FERPA.

We collect only necessary data, retain it only as long as needed, and provide users with control over their personal information.

14. Reporting Security Concerns

If you discover a security vulnerability or have security concerns, please contact our security team immediately at:

We may update this Security Policy as our security practices evolve. We will notify customers of significant changes to this policy.