Security at re:sync

We handle sensitive student data with the highest level of care. Security and privacy are built into every layer of our platform.

All data is encrypted in transit using TLS 1.2+ and at rest using Azure-managed encryption keys. Your data is protected at every stage.

Each school's data is logically isolated using Row-Level Security in our database. Schools cannot access other schools' data under any circumstances.

Our platform runs entirely on Microsoft Azure, leveraging enterprise-grade security, compliance certifications, and global reliability.

Our Security Practices

TLS 1.2+ Encryption: All data transmitted between your systems and ours uses modern encryption protocols
AES-256 at Rest: All stored data is encrypted using Azure Storage Service Encryption
Secrets Management: All credentials and API keys are stored in Azure Key Vault, never in code or configuration files

Row-Level Security: Database-level enforcement ensures tenant data isolation—not just application-level checks
Principle of Least Privilege: Staff access is limited to only what's necessary to perform their job functions
Authentication Required: All API endpoints require authentication—no anonymous access to customer data

Comprehensive Audit Logs: All data access and processing activities are logged with timestamps and user context
Error Sanitization: Error responses never expose stack traces, internal paths, or sensitive system information
DSAR Support: Built-in support for Data Subject Access Requests to help schools meet their compliance obligations

No AI Training: Documents processed through Azure Document Intelligence are NOT used to train Microsoft's AI models
Temporary Processing: Documents are temporarily stored only for processing and automatically deleted within 24 hours
Regional Processing: All AI processing occurs in the same Azure region as your data—data never leaves the region

Parameterized Queries: All database queries use parameterized statements to prevent SQL injection attacks
Input Validation: All user inputs are validated and sanitized before processing
Modern Stack: Built on TypeScript with strict type checking, reducing entire classes of runtime errors

We design our platform to help schools meet their regulatory obligations.

We operate as a "school official" and maintain strict controls to protect student education records.

We only process data necessary for migration and delete it within 90 days of project completion.

Our Azure infrastructure is SOC 2, ISO 27001, and HIPAA compliant.

If you have security questions or need to report a vulnerability, please contact us.