Our foundation.
Security. Privacy.
Your trust is our foundation.
We protect student and faculty data with encryption, role-based access, and practices we publish honestly — including what we haven't certified yet.
Built for security
Every layer of MasterAlp is designed to protect your data and respect your privacy.
Encryption in transit & at rest
TLS 1.2+ for every request; data at rest encrypted by the underlying managed database and object storage.
Role-based access
Students, professors, and admins each see only the data their role and enrollment grant — enforced server-side on every request.
Managed cloud infrastructure
Runs on Google Cloud Run + Supabase Postgres. No data stored on developer laptops or self-managed servers.
Audit & error monitoring
Auth events, admin actions, and runtime errors are logged and monitored via Sentry and structured logs.
Where we are on compliance
MasterAlp is an early-stage product running its first institutional pilots. We list the standards we're aligned with today and the audits we're working toward — we don't claim certifications we haven't earned.
FERPA-aligned
Built with FERPA principles for student educational records.
GDPR-aware
Account deletion available to every user; self-serve data export for students.
SOC 2
Not yet audited — designing controls toward Type I readiness.
ISO 27001
Not currently certified.
Your data. Your rights.
We never sell your data. You own your data, and you can export or delete it anytime.
Read our Privacy PolicyExport your data as JSON
Delete your data at any time
No AI training on your data
Questions about security?
Our team is happy to walk through our security practices and current compliance status.
Talk to our team