Enterprise-grade security for student data

Education data is among the most sensitive information there is. We built Arcline from the ground up with security, privacy, and compliance at its core — so districts can trust us with what matters most.

FERPA Compliant

We operate as a school official with a legitimate educational interest, fully compliant with the Family Educational Rights and Privacy Act.

Ed-Fi Certified

Certified integration with the Ed-Fi data standard, ensuring interoperability with district Student Information Systems.

SOC 2 Type II

SOC 2 Type II audit currently in progress, validating our security, availability, and confidentiality controls.

Built on secure foundations

Our infrastructure is designed to meet the highest security standards required by K-12 school districts.

US-based cloud infrastructure

Hosted on AWS within United States regions for data residency compliance.

AES-256 encryption at rest

All stored data is encrypted using AES-256, the gold standard for data protection.

TLS 1.3 encryption in transit

Every connection to Arcline is secured with the latest transport layer security protocol.

Isolated tenant environments

District data is logically isolated, preventing cross-tenant access at every layer.

Regular penetration testing

Third-party security firms conduct regular penetration tests against our infrastructure.

99.9% uptime SLA

Enterprise-grade reliability backed by a service level agreement.

Access controls

Multiple layers of authentication and authorization protect every interaction with the platform.

Role-based access control

Granular RBAC ensures users access only the data relevant to their role.

SSO via SAML 2.0 & OIDC

Single sign-on support through SAML 2.0 and OpenID Connect for seamless authentication.

Multi-factor authentication

MFA adds an additional layer of verification to every account login.

Audit logging

Comprehensive logs of all data access events for accountability and compliance.

Automatic session timeout

Inactive sessions are automatically terminated to prevent unauthorized access.

Data handling

Clear policies and technical safeguards ensure your data is handled with the care it deserves.

Districts retain full ownership

Your data remains yours. Arcline never claims ownership of customer data.

US data residency

All data is stored and processed within the United States.

Data Processing Agreements

DPAs available to formalize data handling obligations and compliance commitments.

30-day deletion guarantee

All district data is fully deleted within 30 days of contract termination.

No AI training without consent

District data is never used to train AI models without explicit written consent.

Incident response

If something goes wrong, we act fast and communicate transparently.

24-hour notification

Affected districts are notified within 24 hours of a confirmed security incident.

Dedicated response team

Our security team is trained and prepared to respond to incidents immediately.

72-hour post-incident reports

Detailed incident reports are delivered to affected parties within 72 hours.

Have security questions?

Our team is happy to discuss our security practices, provide documentation, or walk through a security review.

Contact security@arcline.com