Security & Compliance
Student data is sacred. OralExam.AI is built from the ground up with the security, privacy, and compliance requirements that universities demand.
Certifications
We meet the regulatory and accessibility standards that educational institutions require, and we're transparent about where we are in each certification process.
Designated as a School Official with legitimate educational interest. We sign data processing agreements with every institution.
Certification in progress. We are actively pursuing SOC 2 Type II attestation and can share our current security posture upon request.
Safeguards for users under 13. We implement appropriate protections for younger learners in K-12 environments.
Accessible design for all users. Our platform is built to meet web accessibility standards so every student can participate.
Data protection
We apply defense-in-depth principles to ensure student and institutional data is protected from ingestion to deletion.
All data is encrypted with AES-256 at rest and TLS 1.2+ in transit. No exceptions.
All student data is stored in US-based infrastructure. Data never leaves the country.
Granular permissions ensure users only access the data they need. Administrators control who sees what.
Every data access event is logged and auditable. Institutions can review who accessed what and when.
Infrastructure
Our infrastructure is designed for the reliability and security that institutions expect from critical educational technology.
Hosted on leading cloud providers with SOC 2 and ISO 27001 certified data centers.
Third-party security assessments conducted regularly to identify and address vulnerabilities.
Continuous scanning of our codebase and dependencies to catch security issues before they reach production.
Documented response plans with defined escalation paths and notification timelines for affected institutions.
Enterprise-grade availability with redundant systems and automated failover to keep assessments running.
Student data
We believe student data belongs to students and their institutions, not to us. Our data handling practices reflect that principle.
We only collect the data necessary to conduct assessments. Nothing more.
Data is deleted after the term ends, with configurable retention periods to match institutional policies.
Institutions can request full data removal at any time. We honor deletion requests promptly and completely.
We will never sell, share, or monetize student data. Ever. This is non-negotiable.
Student submissions and conversations are never used to train AI models. Your data stays yours.
Any aggregated analytics are fully anonymized. Individual students can never be identified from analytics data.
Institutional controls
We give institutions the tools to manage OralExam.AI on their terms, with the administrative controls IT departments expect.
Support for SAML 2.0 and institutional single sign-on providers for seamless, secure authentication.
Granular role definitions for administrators, instructors, and students with configurable permissions.
Export all institutional data in standard formats at any time. No vendor lock-in.
A comprehensive dashboard with full audit trails of all administrative actions and data access events.
Configure data retention periods to match your institution's policies and regulatory requirements.
Get in touch
Our team is ready to discuss your institution's security requirements, provide documentation, or schedule a technical review.