Skip to main content

Trust Center

Security. Privacy. Compliance.

PraxisPass is built for school districts, teacher candidates, and institutions that cannot afford to compromise on data protection. This page documents every security control, privacy commitment, and compliance standard we uphold.

FERPA
Compliant
HTTPS/TLS
Enforced
SOC 2
In Progress
WCAG 2.2 AA
Compliant

FERPA Compliance

Family Educational Rights and Privacy Act

  • Individual exam scores and ERS data are never visible to other users — enforced at the database query layer, not the UI layer.
  • Department dashboards display aggregate metrics only. No individual teacher score is ever exposed to peers or administrators.
  • No student education records are transmitted, stored, or processed by PraxisPass without appropriate authorization.
  • Data subject access requests are fulfilled within 30 days. Contact: privacy@praxispass.app.

Infrastructure Security

Hosting, database, and authentication architecture

Hosting
Vercel — enterprise CDN — automatic HTTPS with TLS 1.3 — global edge network
Database
Neon PostgreSQL 17 — encrypted at rest (AES-256) — encrypted in transit (TLS) — row-level security enforced
Authentication
Clerk v7 — OAuth 2.0 only — no passwords stored — Google SSO — MFA available
Cache
Upstash Redis — no PII stored in cache layer — session tokens only
AI Processing
Anthropic API — server-side only — API key never exposed to client — exam responses processed in transit, not stored
Analytics
PostHog — anonymized usage analytics — no PII in event data

Data Collection & Use

What we collect, what we do not, and why

  • We collect: name, email (via Google OAuth), exam codes selected, practice question responses, ERS/PPS scores, session timestamps.
  • We do not collect: Social Security numbers, financial information, biometric data, physical address, or any data not required for exam preparation.
  • We do not sell data. We do not share data with advertisers. We do not use exam response data to train AI models.
  • Data is retained for the duration of your account plus 90 days after deletion request. Deletion requests are honored within 30 days.

For Districts and Institutions

Procurement, agreements, and IT requirements

  • PraxisPass requires network access to praxispass.app and *.clerk.accounts.dev for authentication.
  • A Data Processing Agreement (DPA) is available on request for district procurement processes. Contact: legal@praxispass.app.
  • The platform does not require installation on school-owned devices — it is a web application accessible from any modern browser.
  • SOC 2 Type I audit is planned for Q4 2026. Documentation of current controls is available to district IT teams on request.

Security Questions?

For IT teams, district procurement officers, and compliance reviews — contact us directly.

Security: security@praxispass.app

Privacy / FERPA: privacy@praxispass.app

Procurement / DPA: legal@praxispass.app