Data Privacy and Minimal Retention

All components of our system are designed to operate in private, secured environments.

We store only student names, ensuring no sensitive Personally Identifiable Information (PII) is retained.

All information passed to our Large Language Models (LLMs) is anonymized using the Spiralogic client ID, ensuring no student information is exposed to AI.

Minimizing retained data reduces risk exposure, and obfuscating information ensures compliance with privacy regulations and ethical standards for AI usage. Student data should remain secret and should not be used to train LLMs.

Encryption Across All Layers

All stored data is encrypted using industry-standard AES-256, ensuring it remains secure, even during a data breach.

• Connections to the database are secured with encryption, ensuring no data is exposed during transmission.
• Communication between clients and our load balancers is encrypted with SSL, safeguarding data in transit.
• All data exchanged between our frontend and backend systems is encrypted, maintaining confidentiality throughout the interaction.

Comprehensive encryption ensures data is always protected, whether stored or transmitted.

Authentication and Authorization

The backend generates JSON Web Tokens (JWTs) for secure communication with the frontend. This ensures that only authenticated requests can access resources, with each token tied to a Spiralogic ID

All service and database permissions are restricted to the minimum level required for operation, significantly reducing attack vectors.

JWT-based authentication provides secure, scalable access control, while the least privilege principle ensures potential breaches have minimal impact.

Industry Best Practices and Compliance

Our cloud architecture follows leading frameworks like CIS Benchmarks, SOC 2, and NIST 800-53 standards.

Regular audits, penetration tests, and security reviews ensure our system remains secure against evolving threats.

Meeting and exceeding industry best practices builds trust and ensures we stay ahead of potential vulnerabilities.

How Spiralogic Exceeds Standards

Obfuscating sensitive data passed to LLMs is a forward-thinking approach that combines AI innovation with stringent security.

Covering data at rest and in transit across every layer ensures comprehensive protection.

Retaining only essential student names minimizes data exposure risk.

Spiralogic takes a security-first approach to every aspect of our cloud infrastructure, ensuring customer trust and compliance with the highest standards. Our commitment to encryption, privacy, and least privilege access showcases our dedication to protecting user data and enabling secure innovation.