Data Protection

Security & Data Protection Practices

Last updated: 31 January 2026

This page outlines the technical and organizational measures used to protect student data across the platform.

Encryption & Transport Security

  • • HTTPS/TLS for all traffic.
  • • Secure sessions managed by Supabase Auth.

Access Control & Isolation

  • • Row-Level Security (RLS) ensures users see only their own data.
  • • RPCs enforce consent gates for peers and rankboards.
  • • Consent changes are logged immutably via database triggers.

Data Minimization

  • • Academic data is fetched on-demand and one-time only.
  • • Credentials are never stored on our servers.
  • • Data is stored only as required for user-requested features.
Privacy PolicyTerms of ServicePlatform Architecture