Access model
- Least-privilege accounts (admin only when required)
- MFA required where supported
- Client-owned accounts preferred (no shared passwords)
- Access is revoked at closeout
Procurement-ready
Security / Privacy / Data Handling
We work inside your LMS. That means we treat access and data like it matters — least privilege, minimal retention, and clear boundaries.
Data handling
- We avoid pulling student PII whenever possible
- We store only what's required to deliver (mostly metadata)
- Artifacts are redacted for samples
- Retention window defined in the SOW
Auditability
- Change manifests + QA evidence packs
- Exception logs (owner + next step)
- Wave-by-wave sign-off
Third parties
We keep the stack minimal. If you need a no-embed policy, we can provide an email-only scheduling fallback.
- Scheduling: Cal.com (embed) — optional; can be replaced with a simple contact form/email
- Fonts: Google Fonts — can be self-hosted if required
Paperwork (available on request)
- NDA
- DPA / processor terms (when applicable)
- Security questionnaire responses