This document is provided for informational purposes during our pre-launch period. A comprehensive, attorney-reviewed version will be published prior to the platform processing student data.

SECURITY TRUST CENTER

The SPEDScribe
Security Trust Center

Built for the most sensitive data in education.

DATA FLOW

Interactive Data Flow Diagram

Click any pipeline node to see exactly what happens at that stage.

COMPLIANCE

Compliance Controls

The legal foundations governing how we handle student education records. Click any card to expand.

FERPA
Processes student data only at district direction
At District Direction

We act under the direction of the contracting district. Formal FERPA framing is pending attorney review.

SOPIPA
Student Online Personal Information Protection Act
Aligned

No advertising, no sale, no commercial student profiles.

AB 1584
California Education Code 49073.1
Aligned

District owns student data. Deletion and subprocessor notice per our Data Processing Agreement.

POSTURE

Compliance Posture

At District Direction
FERPA
Formal FERPA framing pending attorney review

TECHNICAL CONTROLS

Technical Controls

Six layers of protection applied to every byte of student data.

AES-256
Encryption at Rest

All data stored on SPEDScribe infrastructure is encrypted using AES-256 with keys managed under a dedicated key management service.

TLS 1.3
Encryption in Transit

All data transmitted between users, our servers, and AI processing partners uses TLS 1.3, the current cryptographic standard.

Dual-Layer PII Redaction
Two Independent Passes

Every transcript passes through two independent PII scrubbing layers before reaching AI processing. See the Dual-Layer PII Pipeline section below for technical detail.

RBAC
Role-Based Access Control

Providers access only their own session data. Directors see only their district. Admins are separated from production student data.

SSO / SAML 2.0
Google Workspace today

Districts can enforce SSO authentication through Google Workspace today. Clever and ClassLink SSO integrations are planned for pilot rollout. No separate credentials for providers to manage.

Anthropic Commercial Terms
No Training, Brief Retention

Anthropic does not use customer inputs or outputs to train models under their commercial terms. Inputs and outputs are retained briefly for abuse detection and to meet legal obligations before deletion. SPEDScribe does not hold a Zero Data Retention enterprise agreement; standard commercial retention applies.

PII PIPELINE

Dual-Layer PII Scrubbing Pipeline

Two independent redaction passes are designed to strip student identifiers before transcripts reach the AI model. Redaction reduces exposure; it is not a guarantee that every identifier is removed. Every session records exactly how many identifiers each layer caught.

INPUT
Voice Recording (on device)
1
Layer 1: AssemblyAI PII Redaction
At transcription time (speech-to-text)

AssemblyAI's ML-based PII detection runs during transcription. Trained on millions of audio samples, it identifies and replaces person names, dates of birth, phone numbers, email addresses, SSNs, healthcare numbers, locations, and organizations directly in the speech-to-text output.

2
Layer 2: Server-Side Pattern Scrubber
Server-side, before AI processing (self-hosted, Node.js)

A second, independent pass runs server-side on SPEDScribe infrastructure, implemented natively in Node.js. Seven custom pattern detectors cover person names (via title-prefix, context, possessive, and speaker-label triggers), SSNs, phone numbers, email addresses, physical addresses, dates of birth (context-keyword windowed), and student ID numbers. A local proper-noun detector based on the wink-eng-lite-web-model (MIT-licensed, in-process, no external API) catches bare given-and-surname spans the pattern set would miss. A clinical allowlist of 80+ assessment tools and therapy methods (CELF, GFTA, WISC, Lindamood, Orton-Gillingham, etc.) is designed to preserve legitimate clinical terminology. The pass is fail-closed: any detector exception aborts the call and the transcript never reaches the AI provider.

[PERSON][SSN][PHONE][EMAIL][ADDRESS][DOB][STUDENT_ID]
OUTPUT
Redacted transcript reaches AI model
Auditable Metadata

Every session records the count of PII entities caught by each layer and which categories were detected. Districts can audit exactly what was scrubbed and when.

Fail-Closed Posture

If Layer 2 encounters an error, the request is refused and no transcript reaches the AI provider. The session is logged for review.

Clinical Accuracy

A curated allowlist of 80+ assessment tools, clinical terms, and therapy method names is designed to preserve legitimate clinical vocabulary; over-redaction risk against real California special-education proper nouns is not fully validated.

RESOURCES

Security Resources

Documentation and tools for district IT teams conducting vendor security reviews.

📄
Security Questionnaire

Pre-filled responses to the 10 most common district IT security questions. Download a print-ready PDF for your vendor review process.

🛡
Penetration Testing

Independent third-party penetration testing of all SPEDScribe infrastructure and application layers. Results available to districts under NDA.

Planned
📜
FERPA Attestation

Our FERPA framing, ten commitments, and AB 1584 alignment. Formal 'school official' classification pending attorney review.

View FERPA Statement →

AI TRANSPARENCY

AI Transparency

Our Clinical Intelligence Engine processes redacted transcripts. Student names, dates of birth, ID numbers, and other identifiers are designed to be stripped through a layered server-side PII scrubbing pipeline before any transcript reaches the AI model. Layer 1 (AssemblyAI) operates at transcription time with ML-based detection on the returned transcript. Layer 2 is a SPEDScribe server-side scrubber implemented natively in Node.js: seven custom pattern detectors plus a local proper-noun detector based on the wink-eng-lite-web-model (MIT-licensed, in-process, no external API), with a clinical allowlist that preserves assessment terminology. Both layers log metadata so districts can audit exactly what was caught. The redaction reduces exposure of student identifiers; it is not a guarantee that every identifier is removed. Anthropic, our AI provider, does not use customer inputs or outputs to train models under their commercial terms; SPEDScribe does not hold a Zero Data Retention enterprise agreement. Every AI-generated document requires human review and approval before filing.

INFRASTRUCTURE

Infrastructure

Encrypted Data Vault
AES-256

All stored data encrypted with dedicated key management

Automated Backup
Disaster Recovery

Continuous backup with point-in-time recovery capability

INCIDENT RESPONSE

Incident Response

Dedicated Security Team

A dedicated security contact is available at all times for incident triage and response.

FERPA Breach Notification

Breach notification provided without unreasonable delay as required by FERPA.

72-Hour District Notice

Written notification to affected districts within 72 hours of confirmed breach discovery.

Root Cause Analysis

Written root cause analysis and remediation report provided to affected districts within 30 days.

CONTACT

Security Contact

To report a security vulnerability, request a security assessment, or ask questions about our compliance posture:

security@spedscribe.ai