Skip to main content

Our foundation.

Security. Privacy.
Your trust is our foundation.

We protect student and faculty data with encryption, role-based access, and practices we publish honestly — including what we haven't certified yet.

Built for security

Every layer of MasterAlp is designed to protect your data and respect your privacy.

Encryption in transit & at rest

TLS 1.2+ for every request; data at rest encrypted by the underlying managed database and object storage.

Role-based access

Students, professors, and admins each see only the data their role and enrollment grant — enforced server-side on every request.

Managed cloud infrastructure

Runs on Google Cloud Run + Supabase Postgres. No data stored on developer laptops or self-managed servers.

Audit & error monitoring

Auth events, admin actions, and runtime errors are logged and monitored via Sentry and structured logs.

Where we are on compliance

MasterAlp is an early-stage product running its first institutional pilots. We list the standards we're aligned with today and the audits we're working toward — we don't claim certifications we haven't earned.

FERPA-aligned

Built with FERPA principles for student educational records.

GDPR-aware

Account deletion available to every user; self-serve data export for students.

SOC 2

Not yet audited — designing controls toward Type I readiness.

ISO 27001

Not currently certified.

Your data. Your rights.

We never sell your data. You own your data, and you can export or delete it anytime.

Read our Privacy Policy

Export your data as JSON

Delete your data at any time

No AI training on your data

Questions about security?

Our team is happy to walk through our security practices and current compliance status.

Talk to our team