Encryption

• In transit: All data transmitted between your browser and VisioLang is encrypted using HTTPS (TLS 1.2+). This ensures that student submissions, teacher data, and authentication credentials are protected during transmission.
• At rest: Data stored in our database is encrypted at rest using provider-managed encryption keys. Our infrastructure partners handle key management following industry best practices.

Authentication

• Teacher and administrator accounts are managed through Supabase Auth, an industry-standard authentication platform.
• Sessions are secured using JSON Web Tokens (JWT), which are cryptographically signed and time-limited.
• Password policies enforce minimum complexity requirements and secure storage via bcrypt hashing.

Role-Based Access Control

VisioLang enforces strict role-based access controls to ensure that users only see the data they are authorized to access:

• Students access their own class via a class code and seat code. No account creation is required.
• Teachers can view and manage only the classes and students assigned to them.
• District Administrators have oversight of teachers and classes within their organization.
• Platform Owners manage provisioning and billing at the platform level.

No Student Accounts Required

Students do not create accounts and are not required to provide email addresses, passwords, or any other personal identifiers. Access is managed through teacher-issued class codes and seat codes, minimizing the collection of student data.

Security Reviews

We conduct regular reviews of our application security, infrastructure configuration, and access controls. Our development practices include code review, dependency scanning, and prompt patching of known vulnerabilities.