Security

Tenant data is isolated using PostgreSQL row-level security (RLS). Organization members can only access data belonging to their tenant. Cross-tenant reads are denied at the database layer.

• In transit: TLS (HTTPS) for all browser and API communication.
• At rest: Database and auth data are stored on Supabase managed infrastructure with provider-level disk encryption. Praxis does not claim application-level field encryption for participant responses.

• Educators must accept current Terms and Privacy before platform access
• Role-based permissions: tenant admin, facilitator, scenario author, observer
• Participant join uses session auth via join code — no staff account required
• Institutional email required for staff invites; consumer domains blocked

• Alias-first participant identity for facilitated exercises
• Automated purge of participant sessions after retention window or SWOT generation
• LLM prompts use generic participant labels only (never display names or aliases)
• No sale of student data; no targeted advertising

Schools and districts may request documentation to support privacy audits, security reviews, or vendor assessments. Typical artifacts include:

• Privacy Policy and Terms of Service (published versions with effective dates)
• School Data Processing Addendum (DPA) template and executed agreements
• Sub-processor list with purpose, data categories, and hosting region
• Terms acceptance audit log (user, agreement version, timestamp, IP, user-agent)
• Participant purge event log (exercise, trigger, timestamp, sessions deleted)
• Data deletion request log (org wipe and user self-wipe with IP and result counts)
• Access review attestations (period, membership snapshot, reviewer)
• Data retention and automated purge schedule (participant sessions, SWOT trigger)
• Row-level security (RLS) and tenant isolation model
• Role-based access control matrix (tenant admin, facilitator, author, observer)
• Participant identity policy (alias-first, LLM anonymization)
• AI/SWOT data flow diagram (what leaves the boundary, anonymization applied)
• Incident response and breach notification procedure
• Vulnerability disclosure / security reporting process
• Vendor security documentation (Supabase, Vercel, AI provider SOC reports where available)
• Penetration test or vulnerability assessment reports (if performed)
• Change management / deployment records for production releases
• Backup, recovery, and business continuity summary
• Access review records for platform and tenant administrators
• Data deletion and school off-boarding procedure

Related policies: Privacy Policy, Terms of Service, Sub-processors, School DPA.