Spectrum Hub
Spectrum Hub
Supporting Potential. Celebrating Progress.

Security

Spectrum Hub holds sensitive student information. Protecting it is the foundation of the product.

Data protection

  • Encryption in transit: all traffic uses TLS 1.2+.
  • Encryption at rest: the database and file storage are encrypted at rest by our cloud provider.
  • Row-level security: every database table enforces row-level security so users can only read and write records they are authorized to access.
  • Role-based access control: teachers, paras, and parents see only what their role permits. Roles are stored in a dedicated, server-validated table — never on the client.
  • Audit logging: security-relevant events are logged for investigation.

Application security

  • Authentication uses industry-standard email + password with hashed credentials. Email confirmation is required for new accounts.
  • Server functions validate every input and enforce authorization on every request — the UI is never the source of authority.
  • Privileged operations require explicit role checks before executing.
  • Secrets and service keys are stored server-side only and never shipped to the browser.

Operational security

  • Backups are taken daily and retained for 30 days.
  • We monitor errors and security findings continuously.
  • Vulnerabilities are triaged on a defined severity timeline (critical: 24 hours; high: 7 days; medium: 30 days).

Incident response

If we discover a security incident affecting student data, we will:

  • Contain and investigate immediately.
  • Notify affected school districts within 72 hours of confirmation, with the information they need to comply with state breach-notification laws.
  • Notify affected parents and account holders without unreasonable delay.
  • Conduct a post-incident review and publish remediation steps.

Subprocessors

We use a small set of vetted subprocessors to run the platform:

  • Cloud hosting and edge runtime
  • Managed Postgres database, authentication, and file storage
  • Transactional email delivery
  • Error monitoring

A current list with company names is available to school districts on request and is provided as Exhibit E of our Data Processing Agreement.

Compliance posture

  • FERPA: we operate as a "school official" under the direct control of the district when a Data Processing Agreement is signed.
  • State student-privacy laws: we sign the NDPA (National Data Privacy Agreement) v2.2 with school districts.
  • COPPA: Spectrum Hub is adults-only — students do not log in.
  • Student Privacy Pledge: we follow its principles (no sale of data, no behavioral advertising, no use of student data to train AI).

Reporting a vulnerability

Please report security issues to security@spectrumhubspace.org. We will acknowledge within 2 business days. Please do not disclose publicly until we have had a reasonable chance to remediate.

← Back to home